TechSpot

No Internet, not even in safe mode and task bar was changed

Solved
By Socie
Oct 1, 2012
  1. So I am hoping someone can help,again :). Everything was fine yesterday (or so I thought), after starting my computer tonight I immediately realized there was a problem. The task bar at the bottom of the desktop start menu looked completely different than at shut down last night. When I tried loggin in to the Internet I couldn't. There is nothing wrong with the router or service as I am connected with both my phone and tablet. Tried running in safe mode to connect and still nothing. Tried restoring to a previous restore point and that is blocked. I have eset smart security 5 and malwarebytes downloaded and seem to be able to run them in safe mode. Any ideas?
     
  2. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ================================

    Please download Farbar Service Scanner Download Link and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center/Action Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
     
  3. Socie

    Socie TS Rookie Topic Starter Posts: 46

    Farbar Service Scanner Version: 19-09-2012
    Ran by Mark (administrator) on 01-10-2012 at 22:44:45
    Running from "C:\Users\Mark\Desktop"
    Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Network
    ****************************************************************
    Internet Services:
    ============
    Dnscache Service is not running. Checking service configuration:
    The start type of Dnscache service is set to Disabled. The default start type is Auto.
    The ImagePath of Dnscache service is OK.
    The ServiceDll of Dnscache service is OK.
    Dhcp Service is not running. Checking service configuration:
    The start type of Dhcp service is set to Disabled. The default start type is Auto.
    The ImagePath of Dhcp service is OK.
    The ServiceDll of Dhcp service is OK.
    Nsi Service is not running. Checking service configuration:
    The start type of Nsi service is set to Disabled. The default start type is Auto.
    The ImagePath of Nsi service is OK.
    The ServiceDll of Nsi service is OK.

    Connection Status:
    ==============
    Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
    LAN connected.
    Attempt to access Google IP returned error: Other errors
    Attempt to access Google.com returned error: Other errors
    Attempt to access Yahoo IP returned error: Other errors
    Attempt to access Yahoo.com returned error: Other errors

    Windows Firewall:
    =============
    mpsdrv Service is not running. Checking service configuration:
    The start type of mpsdrv service is OK.
    The ImagePath of mpsdrv service is OK.
    MpsSvc Service is not running. Checking service configuration:
    The start type of MpsSvc service is set to Disabled. The default start type is Auto.
    The ImagePath of MpsSvc service is OK.
    The ServiceDll of MpsSvc service is OK.
    bfe Service is not running. Checking service configuration:
    The start type of bfe service is set to Disabled. The default start type is Auto.
    The ImagePath of bfe service is OK.
    The ServiceDll of bfe service is OK.

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0

    System Restore:
    ============
    SDRSVC Service is not running. Checking service configuration:
    The start type of SDRSVC service is set to Disabled. The default start type is 3.
    The ImagePath of SDRSVC service is OK.
    The ServiceDll of SDRSVC service is OK.
    VSS Service is not running. Checking service configuration:
    The start type of VSS service is set to Disabled. The default start type is 3.
    The ImagePath of VSS service is OK.

    System Restore Disabled Policy:
    ========================

    Action Center:
    ============
    wscsvc Service is not running. Checking service configuration:
    The start type of wscsvc service is set to Disabled. The default start type is Auto.
    The ImagePath of wscsvc service is OK.
    The ServiceDll of wscsvc service is OK.
    winmgmt Service is not running. Checking service configuration:
    The start type of winmgmt service is set to Disabled. The default start type is Auto.
    The ImagePath of winmgmt: "%systemroot%\system32\svchost.exe -k netsvcs".
    The ServiceDll of winmgmt service is OK.

    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is set to Disabled. The default start type is Auto.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv service is OK.
    BITS Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
    The ImagePath of BITS service is OK.
    The ServiceDll of BITS service is OK.
    EventSystem Service is not running. Checking service configuration:
    The start type of EventSystem service is set to Disabled. The default start type is Auto.
    The ImagePath of EventSystem service is OK.
    The ServiceDll of EventSystem service is OK.
    cryptsvc Service is not running. Checking service configuration:
    The start type of cryptsvc service is set to Demand. The default start type is Auto.
    The ImagePath of cryptsvc service is OK.
    The ServiceDll of cryptsvc service is OK.

    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Disabled. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.

    Other Services:
    ==============

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit

    **** End of log ****
     
  4. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    For whatever reason you have several services set to disabled.
    We'll check later why but for now let's see if we can fix them manually.

    Go Start and in "Start search" type:
    services.msc
    Press Enter.

    Services window will open.

    Find following services:

    DNS Client
    DHCP Client
    Network Store Interface Service

    In each case right click on the service, click "Properties" and under "Startup type" select "Automatic" from drop-down menu.

    Restart computer, check your internet connection and post new FSS log.
     
  5. Socie

    Socie TS Rookie Topic Starter Posts: 46

    Farbar Service Scanner Version: 19-09-2012
    Ran by Mark (administrator) on 01-10-2012 at 23:10:23
    Running from "C:\Users\Mark\Desktop"
    Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Dnscache Service is not running. Checking service configuration:
    The start type of Dnscache service is OK.
    The ImagePath of Dnscache service is OK.
    The ServiceDll of Dnscache service is OK.
    Dhcp Service is not running. Checking service configuration:
    The start type of Dhcp service is OK.
    The ImagePath of Dhcp service is OK.
    The ServiceDll of Dhcp service is OK.
    Nsi Service is not running. Checking service configuration:
    The start type of Nsi service is set to Disabled. The default start type is Auto.
    The ImagePath of Nsi service is OK.
    The ServiceDll of Nsi service is OK.

    Connection Status:
    ==============
    Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
    LAN connected.
    Attempt to access Google IP returned error: Other errors
    Attempt to access Google.com returned error: Other errors
    Attempt to access Yahoo IP returned error: Other errors
    Attempt to access Yahoo.com returned error: Other errors

    Windows Firewall:
    =============
    mpsdrv Service is not running. Checking service configuration:
    The start type of mpsdrv service is OK.
    The ImagePath of mpsdrv service is OK.
    MpsSvc Service is not running. Checking service configuration:
    The start type of MpsSvc service is set to Disabled. The default start type is Auto.
    The ImagePath of MpsSvc service is OK.
    The ServiceDll of MpsSvc service is OK.
    bfe Service is not running. Checking service configuration:
    The start type of bfe service is set to Disabled. The default start type is Auto.
    The ImagePath of bfe service is OK.
    The ServiceDll of bfe service is OK.

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0

    System Restore:
    ============
    SDRSVC Service is not running. Checking service configuration:
    The start type of SDRSVC service is set to Disabled. The default start type is 3.
    The ImagePath of SDRSVC service is OK.
    The ServiceDll of SDRSVC service is OK.
    VSS Service is not running. Checking service configuration:
    The start type of VSS service is set to Disabled. The default start type is 3.
    The ImagePath of VSS service is OK.

    System Restore Disabled Policy:
    ========================

    Action Center:
    ============
    wscsvc Service is not running. Checking service configuration:
    The start type of wscsvc service is set to Disabled. The default start type is Auto.
    The ImagePath of wscsvc service is OK.
    The ServiceDll of wscsvc service is OK.
    winmgmt Service is not running. Checking service configuration:
    The start type of winmgmt service is set to Disabled. The default start type is Auto.
    The ImagePath of winmgmt: "%systemroot%\system32\svchost.exe -k netsvcs".
    The ServiceDll of winmgmt service is OK.

    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is set to Disabled. The default start type is Auto.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv service is OK.
    BITS Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
    The ImagePath of BITS service is OK.
    The ServiceDll of BITS service is OK.
    EventSystem Service is not running. Checking service configuration:
    The start type of EventSystem service is set to Disabled. The default start type is Auto.
    The ImagePath of EventSystem service is OK.
    The ServiceDll of EventSystem service is OK.
    cryptsvc Service is not running. Checking service configuration:
    The start type of cryptsvc service is set to Demand. The default start type is Auto.
    The ImagePath of cryptsvc service is OK.
    The ServiceDll of cryptsvc service is OK.

    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Disabled. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.

    Other Services:
    ==============

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit

    **** End of log ****
     
  6. Socie

    Socie TS Rookie Topic Starter Posts: 46

    Wait I missed two things, sorry, hold on.
     
  7. Socie

    Socie TS Rookie Topic Starter Posts: 46

    Still no internet connection but here is the updated log.

    Farbar Service Scanner Version: 19-09-2012
    Ran by Mark (administrator) on 01-10-2012 at 23:21:13
    Running from "C:\Users\Mark\Desktop"
    Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Attempt to access Google.com returned error: Other errors
    Yahoo IP is accessible.
    Attempt to access Yahoo.com returned error: Other errors

    Windows Firewall:
    =============
    mpsdrv Service is not running. Checking service configuration:
    The start type of mpsdrv service is OK.
    The ImagePath of mpsdrv service is OK.
    MpsSvc Service is not running. Checking service configuration:
    The start type of MpsSvc service is set to Disabled. The default start type is Auto.
    The ImagePath of MpsSvc service is OK.
    The ServiceDll of MpsSvc service is OK.
    bfe Service is not running. Checking service configuration:
    The start type of bfe service is set to Disabled. The default start type is Auto.
    The ImagePath of bfe service is OK.
    The ServiceDll of bfe service is OK.

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0

    System Restore:
    ============
    SDRSVC Service is not running. Checking service configuration:
    The start type of SDRSVC service is set to Disabled. The default start type is 3.
    The ImagePath of SDRSVC service is OK.
    The ServiceDll of SDRSVC service is OK.
    VSS Service is not running. Checking service configuration:
    The start type of VSS service is set to Disabled. The default start type is 3.
    The ImagePath of VSS service is OK.

    System Restore Disabled Policy:
    ========================

    Action Center:
    ============
    wscsvc Service is not running. Checking service configuration:
    The start type of wscsvc service is set to Disabled. The default start type is Auto.
    The ImagePath of wscsvc service is OK.
    The ServiceDll of wscsvc service is OK.
    winmgmt Service is not running. Checking service configuration:
    The start type of winmgmt service is set to Disabled. The default start type is Auto.
    The ImagePath of winmgmt: "%systemroot%\system32\svchost.exe -k netsvcs".
    The ServiceDll of winmgmt service is OK.

    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is set to Disabled. The default start type is Auto.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv service is OK.
    BITS Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
    The ImagePath of BITS service is OK.
    The ServiceDll of BITS service is OK.
    EventSystem Service is not running. Checking service configuration:
    The start type of EventSystem service is set to Disabled. The default start type is Auto.
    The ImagePath of EventSystem service is OK.
    The ServiceDll of EventSystem service is OK.

    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Disabled. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.

    Other Services:
    ==============

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\ipnathlp.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit

    **** End of log ****
     
  8. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Make sure, your settings are correct.
    1. Go Start>Settings>Control Panel (Vista/7 users: Start>Control Panel)
    2. Double click Network Connections (Vista/7 users: Network and Sharing Center)
    3. Vista/7 users - From the list of tasks on the left, click Manage network connections.
    4. For a wired network connection, right-click Local Area Connection, and then select Properties.
    For a wireless network connection, right-click Wireless Network Connection, and then select Properties.
    5. From the General tab (Vista/7 users: Networking tab), click Internet Protocol version 4 (TCP/IPv4), make sure it is checked, and then click Properties
    6. Make sure Obtain an IP Address Automatically and Obtain DNS server address Automatically are checked.
    7. Click on "Advanced" button and make sure "IP Settings" tab looks like this:
    [​IMG]
    Make sure "DNS" tab looks like this:
    [​IMG]
    Make sure "WINS" tab looks like this:
    [​IMG]
    8. Still in Control Panel double click on "Internet options" then "Connections" tab then "LAN Settings" button. Make sure "Automatically detect settings" is checked.
    If you made any changes OK your way out.
    Restart computer.


    If that doesn't work...
    Turn off computer. Disconnect router, and modem from power source for 1 minute. At the same time disconnect ethernet cable as well.
    Reconnect everything.
    Restart computer.

    If that doesn't work, bypass router, and connect computer straight to the modem.

    If that doesn't work...
    Go Start>Run (Start search in Vista), type in:
    cmd
    Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

    In Command Prompt window, type in following commands, and hit Enter after each one:
    ipconfig /flushdns
    ipconfig /registerdns
    ipconfig /release
    ipconfig /renew
    net stop "dns client"
    net start "dns client"


    Restart computer.

    If that doesn't work...
    Go Start>Run (Start search in Vista and 7), type in:
    cmd
    Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

    At Command Prompt, type in:
    netsh int ip reset reset.log
    Hit Enter.
    Type in:
    netsh winsock reset catalog
    Hit Enter.

    Restart computer.
     
  9. Socie

    Socie TS Rookie Topic Starter Posts: 46

    After Network and Sharing Center, there is no manage network connections. If I search for wireless network connection, I find manage wireless networks. I can not right click it, when I click with the left it says that wireless is not currently enabled.
     
  10. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Go ahead with other steps.
    Also check if you can connect using Ethernet cable.
     
  11. Socie

    Socie TS Rookie Topic Starter Posts: 46

    When I connect right to the modem I can get online.

    I am guessing I did this to myself, while trying to speed up my computer?
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    What exactly did you do?
     
  13. Socie

    Socie TS Rookie Topic Starter Posts: 46

    I am not even sure, I cant remember. I think I stopped processes. But I have done that in the past and this didnt happen. I usually stay away from anything bad.

    So I did all the commands and still nothing, except for when I connect via ethernet straight to modem
     
  14. Socie

    Socie TS Rookie Topic Starter Posts: 46

    So in just browsing and not changing anything, I went to internet properties, setup, and it tels me that windows did not detect and networking hardware. I don't know of that helps or not but it cant be good.
     
  15. Socie

    Socie TS Rookie Topic Starter Posts: 46

    I figured it out, I did sometihng is msconfig that shut everything down, I changed it from selective startup to normal and I am back online.. It does however take forever for my computer to startup, which is what I think I was trying to change when I screwed sometihng up.
     
  16. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Yeah, playing with services is never a good idea.
    At least you have your connection back.

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.
     
  17. Socie

    Socie TS Rookie Topic Starter Posts: 46

    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org
    Database version: v2012.10.02.11
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Mark :: SOCIE [administrator]
    10/2/2012 8:36:04 PM
    mbam-log-2012-10-02 (20-36-04).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 234399
    Time elapsed: 9 minute(s), 53 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
     
  18. Socie

    Socie TS Rookie Topic Starter Posts: 46

    No gmer log


    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Mark at 20:56:31 on 2012-10-02
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8174.5830 [GMT -4:00]
    .
    AV: Trend Micro Titanium *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
    AV: ESET Smart Security 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET Smart Security 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Trend Micro Titanium *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Sony\VAIO Care\VCSpt.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
    C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
    C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\SysWOW64\DllHost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Program Files\Sony\VAIO Power Management\SPMService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
    C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
    C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Sony\VAIO Care\VCPerfService.exe
    C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
    C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
    C:\Program Files\Sony\VAIO Care\listener.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\Sony\VAIO Care\VCsystray.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/?fr=fptb-yie9/
    mStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: {dbc80044-a445-435b-bc74-9c25c1c588a9} - Java(tm) Plug-In 2 SSV Helper
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    TB: Coupons.com CouponBar: {8660e5b3-6c41-44de-8503-98d99bbecd41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    mRun: [Wi-Fi Sync] "C:\Program Files (x86)\Wi-Fi Sync\wifisync.exe"
    mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    uPolicies-explorer: NoInstrumentation = 1
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    Trusted Zone: cinemanow.com
    Trusted Zone: roxio.com
    Trusted Zone: roxionow.com
    Trusted Zone: sonic.com
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxps://lowes.2020.net/planner/Core/Player/2020PlayerAX_Win32.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
    DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - C:\Users\Mark\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab#-1,-1,-1,-1
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{D726B9D6-BF17-49F0-A998-6B63D7E304A5} : DhcpNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{D726B9D6-BF17-49F0-A998-6B63D7E304A5}\25F69716C60235F6C616279637026427F6E647 : DhcpNameServer = 200.79.231.6
    TCP: Interfaces\{D726B9D6-BF17-49F0-A998-6B63D7E304A5}\263636D2075726C69636 : DhcpNameServer = 208.67.222.222
    TCP: Interfaces\{D726B9D6-BF17-49F0-A998-6B63D7E304A5}\34C61627B637 : DhcpNameServer = 192.168.254.254 192.168.254.254
    TCP: Interfaces\{D726B9D6-BF17-49F0-A998-6B63D7E304A5}\634405A444 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{D726B9D6-BF17-49F0-A998-6B63D7E304A5}\C696E6B6379737 : DhcpNameServer = 209.18.47.61 209.18.47.62
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    BHO-X64: 0x1 - No File
    BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO-X64: HP Print Enhancer - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO-X64: {DBC80044-A445-435b-BC74-9C25C1C588A9} - Java(tm) Plug-In 2 SSV Helper
    BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    BHO-X64: HP Smart BHO Class - No File
    TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    TB-X64: Coupons.com CouponBar: {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [Wi-Fi Sync] "C:\Program Files (x86)\Wi-Fi Sync\wifisync.exe"
    mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R1 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
    R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys --> C:\Windows\system32\DRIVERS\EpfwLWF.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
    R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2012-3-7 913144]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-3-25 13336]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-14 399432]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-14 676936]
    R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2011-8-13 49152]
    R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
    R2 regi;regi;\??\C:\Windows\system32\drivers\regi.sys --> C:\Windows\system32\drivers\regi.sys [?]
    R2 rimspci;rimspci;C:\Windows\system32\drivers\rimssne64.sys --> C:\Windows\system32\drivers\rimssne64.sys [?]
    R2 risdsnpe;risdsnpe;C:\Windows\system32\drivers\risdsne64.sys --> C:\Windows\system32\drivers\risdsne64.sys [?]
    R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-5-23 257936]
    R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2012-8-21 1019328]
    R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-2-19 529776]
    R2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-2-19 386416]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\drivers\SFEP.sys --> C:\Windows\system32\drivers\SFEP.sys [?]
    R3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2010-5-3 574320]
    R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2012-1-13 1256040]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 136176]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-9-8 250568]
    S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
    S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
    S3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 136176]
    S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
    S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?]
    S3 mbamchameleon;mbamchameleon;\??\C:\Windows\system32\drivers\mbamchameleon.sys --> C:\Windows\system32\drivers\mbamchameleon.sys [?]
    S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-9-10 108400]
    S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-10-12 423280]
    S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-9-10 67952]
    S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-9-27 303872]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-9-27 864000]
    S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-2-19 115568]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-31 47128]
    S4 SQLAgent$DDNI;SQL Server Agent (DDNI);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 366936]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-09-23 23:22:14 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AABD56AA-2868-4654-8E48-15ECD4770B1E}\mpengine.dll
    2012-09-18 02:48:07 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
    2012-09-18 02:47:22 -------- d-----w- C:\Program Files\iPod
    2012-09-18 02:47:21 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-09-18 02:47:21 -------- d-----w- C:\Program Files\iTunes
    2012-09-09 21:55:12 -------- d-----w- C:\Users\Mark\AppData\Local\{29CEC43E-EBE3-4103-8592-436148FC9ECD}
    2012-09-08 21:18:21 -------- d-----w- C:\Program Files\ESET
    2012-09-08 14:26:46 916456 ----a-w- C:\Windows\System32\deployJava1.dll
    2012-09-08 14:26:46 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll
    2012-09-08 14:26:23 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
    2012-09-08 14:24:35 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-08 14:24:35 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-09-07 01:24:40 -------- d-----w- C:\Users\Mark\AppData\Roaming\Registry Mechanic
    2012-09-06 22:20:21 -------- d-----w- C:\Program Files\CCleaner
    2012-09-03 15:26:29 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
    2012-09-03 15:26:28 -------- d-----w- C:\Program Files (x86)\PC Tools
    2012-09-03 15:21:54 -------- d-----w- C:\Users\Mark\AppData\Roaming\Product_RM
    2012-09-03 15:21:54 -------- d-----w- C:\ProgramData\PC Tools
    .
    ==================== Find3M ====================
    .
    2012-09-07 21:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-08-21 17:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
    2012-08-21 17:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
    2012-08-16 23:42:04 9232584 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2012-07-09 17:42:56 4547984 ----a-w- C:\Windows\System32\usbaaplrc.dll
    2012-07-09 17:42:54 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
    2012-07-06 03:48:30 29808 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    .
    ============= FINISH: 21:00:37.79 ===============
     
  19. Socie

    Socie TS Rookie Topic Starter Posts: 46

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 8/15/2010 10:27:52 PM
    System Uptime: 10/2/2012 8:18:56 PM (1 hours ago)
    .
    Motherboard: Sony Corporation | | VAIO
    Processor: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz | N/A | 2266/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 456 GiB total, 23.28 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Photosmart D110 series
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Photosmart D110 series
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    .
    Update for Microsoft Office 2007 (KB2508958)
    7-Zip 4.65
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.4)
    Any DVD Converter Professional 4.2.7
    Apollo DVD to iPhone 6.1.2
    Apollo iPhone Video Converter 3.1.1
    Apollo iPod Video Converter 4.1.1
    Apple Application Support
    Apple Software Update
    Application Manager for VAIO
    ArcSoft WebCam Companion 3
    Avery Template
    Avery Template - U_0088_01_P
    BIG-IP Edge Client Components (All Users)
    BufferChm
    Corel WinDVD
    D110
    D3DX10
    Destinations
    DeviceDiscovery
    Flixster Collections
    Google Update Helper
    GPBaseService2
    HP Photo Creations
    HP Update
    HPAppStudio
    HPDiagnosticAlert
    HPPhotoGadget
    HPProductAssistant
    HPSSupply
    Intel(R) Control Center
    Intel(R) Rapid Storage Technology
    Intel(R) Turbo Boost Technology Driver
    JDownloader
    Junk Mail filter update
    Malwarebytes Anti-Malware version 1.65.0.1400
    MarketResearch
    MCLA First Class Client v.9.124_1
    Media Gallery
    Mesh Runtime
    Messenger Companion
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2008
    Microsoft SQL Server 2008 Browser
    Microsoft SQL Server 2008 Common Files
    Microsoft SQL Server 2008 Database Engine Services
    Microsoft SQL Server 2008 Database Engine Shared
    Microsoft SQL Server 2008 RsFx Driver
    Microsoft SQL Server 2008 Setup Support Files
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MyScribe
    Oasis2Service
    OOBE
    PMB
    PMB VAIO Edition Guide
    PMB VAIO Edition plug-in (Click to Disc)
    PMB VAIO Edition plug-in (VAIO Image Optimizer)
    PMB VAIO Edition plug-in (VAIO Movie Story)
    PS_AIO_07_D110_SW_Min
    QuickTime
    QuickTransfer
    Raptr
    Realtek High Definition Audio Driver
    Safari
    Scan
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Service Pack 1 for SQL Server 2008 (KB968369)
    Setting Utility Series
    Skype™ 5.10
    SmartWebPrinting
    SmartWi Connection Utility
    SOHLib Merge Module
    SolutionCenter
    Sony Home Network Library
    Sql Server Customer Experience Improvement Program
    Status
    Toolbox
    TrayApp
    TuneUp Companion 2.4.6.4
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VAIO Care
    VAIO Content Monitoring Settings
    VAIO Control Center
    VAIO Data Restore Tool
    VAIO DVD Menu Data
    VAIO Entertainment Platform
    VAIO Event Service
    VAIO Gate
    VAIO Gate Default
    VAIO Hardware Diagnostics
    VAIO Help and Support
    VAIO Media plus
    VAIO Media plus Opening Movie
    VAIO Messenger
    VAIO Movie Story Template Data
    VAIO Original Function Settings
    VAIO Power Management
    VAIO Sample Contents
    VAIO Survey
    VAIO Transfer Support
    VAIO Update
    VAIO Wallpaper Contents
    VAIO Window Organizer
    VirtualCloneDrive
    VLC media player 1.0.3
    VU5x86
    Vuze
    WavePad Sound Editor
    WebReg
    WePrint
    WinAVI MP4 Converter
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Yahoo! BrowserPlus 2.9.8
    Yahoo! Install Manager
    Yahoo! Software Update
    Yahoo! Toolbar
    Zinio Reader 4
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/27/2012 9:38:06 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
    9/27/2012 7:27:19 PM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    9/27/2012 7:27:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
    9/27/2012 7:27:17 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
    10/2/2012 8:24:43 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
    10/2/2012 8:20:22 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    10/2/2012 8:19:18 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll Error Code: 126
    10/2/2012 12:33:10 AM, Error: Service Control Manager [7001] - The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    10/2/2012 1:17:02 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    10/1/2012 8:41:11 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache eamonm ehdrv ElbyCDIO spldr Wanarpv6
    10/1/2012 8:28:32 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache eamonm ehdrv ElbyCDIO EpfwLWF NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
    10/1/2012 11:09:35 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the Network Store Interface Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    10/1/2012 11:09:35 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Network Store Interface Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    .
    ==== End Of File ===========================
     
  20. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    You're running two AV programs, Eset and TrendMicro.
    You must uninstall one of them.

    ==========================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    =============================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  21. Socie

    Socie TS Rookie Topic Starter Posts: 46

    RogueKiller V8.1.0 [09/28/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Mark [Admin rights]
    Mode : Remove -- Date : 10/02/2012 21:38:47
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 17 ¤¤¤
    [Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\61883 (system32\DRIVERS\61883.sys) -> DELETED
    [Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\61883 (system32\DRIVERS\61883.sys) -> DELETED
    [TASK][SUSP PATH] {09732930-02FD-4466-AD3F-85DBEA2DAC85} : C:\Windows\system32\pcalua.exe -a "C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9EWOL5C8\jre-6u24-windows-i586-iftw[1].exe" -d C:\Users\Mark\Desktop -> DELETED
    [TASK][SUSP PATH] {3879BC79-2845-4362-BD65-FA48282D4BD7} : C:\Windows\system32\pcalua.exe -a "C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CH77TFT5\ytb_8.4.1.37_2.4.1_ysp_2.0.2.12_mail_bts_pub_us_setup_.exe" -d C:\Users\Mark\Desktop -> DELETED
    [TASK][SUSP PATH] {56C45164-7450-415C-9BA0-BB29A8C17ED9} : C:\Windows\system32\pcalua.exe -a C:\Users\Mark\AppData\Local\Temp\InstallFlashPlayer.exe -d C:\Users\Mark\Desktop -> DELETED
    [TASK][SUSP PATH] {D6C43DD3-EDEC-49CE-BC3D-BA4DADF64B0E} : C:\Windows\system32\pcalua.exe -a C:\Users\Mark\Desktop\Folders\64bit\TSRemove.exe -d C:\Users\Mark\Desktop\Folders\64bit -> DELETED
    [TASK][SUSP PATH] {FBE9BAB5-975C-47DF-BC55-2393B2E995E2} : C:\Windows\system32\pcalua.exe -a "C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CPZ7GLGO\ESETUninstaller.exe" -d C:\Users\Mark\Desktop -> DELETED
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> REPLACED (1)
    [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
    [HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> REPLACED (1)
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [FILEASSO] HKLM\[...]\command : ("") -> FOLDER NOT FOUND
    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{9fcc2808-15cf-4929-c6a8-311775864611}\U --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{9fcc2808-15cf-4929-c6a8-311775864611}\L --> REMOVED
    [ZeroAccess][FILE] @ : C:\Users\Mark\AppData\Local\{9fcc2808-15cf-4929-c6a8-311775864611}\@ --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\Users\Mark\AppData\Local\{9fcc2808-15cf-4929-c6a8-311775864611}\U --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\Users\Mark\AppData\Local\{9fcc2808-15cf-4929-c6a8-311775864611}\L --> REMOVED
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ Infection : ZeroAccess ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts
    127.0.0.1 localhost

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: ST9500325AS +++++
    --- User ---
    [MBR] 919f3cc5907891c5845501baaac0dbe5
    [BSP] 437e2d2853b8241ac655de78857303b4 : Windows 7 MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10165 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20819968 | Size: 100 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 21024768 | Size: 466673 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
     
  22. Socie

    Socie TS Rookie Topic Starter Posts: 46

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-10-02 21:42:56
    -----------------------------
    21:42:56.811 OS Version: Windows x64 6.1.7601 Service Pack 1
    21:42:56.811 Number of processors: 4 586 0x2502
    21:42:56.811 ComputerName: SOCIE UserName: Mark
    21:43:00.477 Initialize success
    21:43:57.583 AVAST engine defs: 12100300
    21:44:55.314 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    21:44:55.314 Disk 0 Vendor: ST950032 0006 Size: 476940MB BusType: 3
    21:44:55.345 Disk 0 MBR read successfully
    21:44:55.345 Disk 0 MBR scan
    21:44:55.345 Disk 0 Windows 7 default MBR code
    21:44:55.345 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10165 MB offset 2048
    21:44:55.361 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 20819968
    21:44:55.376 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 466673 MB offset 21024768
    21:44:55.408 Disk 0 scanning C:\Windows\system32\drivers
    21:45:10.698 Service scanning
    21:45:43.910 Modules scanning
    21:45:43.910 Disk 0 trace - called modules:
    21:45:44.284 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
    21:45:44.284 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009898060]
    21:45:44.300 3 CLASSPNP.SYS[fffff88001bd143f] -> nt!IofCallDriver -> [0xfffffa8006a26460]
    21:45:44.300 5 ACPI.sys[fffff88000f617a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80077eb050]
    21:45:47.217 AVAST engine scan C:\Windows
    21:45:51.320 AVAST engine scan C:\Windows\system32
    21:49:48.552 AVAST engine scan C:\Windows\system32\drivers
    21:50:09.690 AVAST engine scan C:\Users\Mark
    23:09:21.203 AVAST engine scan C:\ProgramData
    23:13:58.268 Scan finished successfully
    23:14:46.164 Disk 0 MBR has been saved successfully to "C:\Users\Mark\Desktop\MBR.dat"
    23:14:46.164 The log file has been saved successfully to "C:\Users\Mark\Desktop\aswMBR.txt
     
  23. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ==================================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If restarting doesn't help use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  24. Socie

    Socie TS Rookie Topic Starter Posts: 46

    ComboFix 12-10-02.02 - Mark 10/03/2012 0:14.2.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8174.5284 [GMT -4:00]
    Running from: c:\users\Mark\Desktop\ComboFix.exe
    AV: ESET Smart Security 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    AV: Trend Micro Titanium *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
    FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    SP: ESET Smart Security 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Trend Micro Titanium *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\SysWow64\FlashPlayerInstaller.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-03 to 2012-10-03 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-03 04:25 . 2012-10-03 04:25 -------- d-----w- c:\users\Public\AppData\Local\temp
    2012-10-03 04:25 . 2012-10-03 04:25 -------- d-----w- c:\users\MARKSO~1~PC3\AppData\Local\temp
    2012-10-03 04:25 . 2012-10-03 04:25 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-10-03 04:25 . 2012-10-03 04:25 -------- d-----w- c:\users\AppData\AppData\Local\temp
    2012-10-03 01:46 . 2012-10-03 01:46 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AABD56AA-2868-4654-8E48-15ECD4770B1E}\offreg.dll
    2012-09-23 23:22 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AABD56AA-2868-4654-8E48-15ECD4770B1E}\mpengine.dll
    2012-09-18 02:48 . 2012-08-21 17:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-09-18 02:47 . 2012-09-18 02:47 -------- d-----w- c:\program files\iPod
    2012-09-18 02:47 . 2012-09-18 02:47 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-09-18 02:47 . 2012-09-18 02:47 -------- d-----w- c:\program files\iTunes
    2012-09-08 21:18 . 2012-09-08 21:18 -------- d-----w- c:\program files\ESET
    2012-09-08 14:26 . 2012-09-08 14:26 916456 ----a-w- c:\windows\system32\deployJava1.dll
    2012-09-08 14:26 . 2012-09-08 14:26 289768 ----a-w- c:\windows\system32\javaws.exe
    2012-09-08 14:26 . 2012-09-08 14:26 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-09-08 14:26 . 2012-09-08 14:26 189416 ----a-w- c:\windows\system32\javaw.exe
    2012-09-08 14:26 . 2012-09-08 14:26 188904 ----a-w- c:\windows\system32\java.exe
    2012-09-08 14:26 . 2012-09-08 14:26 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
    2012-09-08 14:24 . 2012-09-08 14:24 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-08 14:24 . 2012-09-08 14:24 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-09-07 01:24 . 2012-09-07 01:24 -------- d-----w- c:\users\Mark\AppData\Roaming\Registry Mechanic
    2012-09-06 22:20 . 2012-09-06 22:20 -------- d-----w- c:\program files\CCleaner
    2012-09-03 20:21 . 2012-09-03 20:21 -------- d-----w- c:\program files (x86)\Common Files\Skype
    2012-09-03 15:26 . 2012-09-09 02:02 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
    2012-09-03 15:26 . 2012-09-03 15:26 -------- d-----w- c:\program files (x86)\PC Tools
    2012-09-03 15:21 . 2012-09-03 15:21 -------- d-----w- c:\users\Mark\AppData\Roaming\Product_RM
    2012-09-03 15:21 . 2012-09-03 15:21 -------- d-----w- c:\programdata\PC Tools
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-07 21:04 . 2011-12-26 19:09 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-01 04:08 . 2012-09-01 04:08 110080 ----a-r- c:\users\Mark\AppData\Roaming\Microsoft\Installer\{F3D711FA-C72D-4688-95B3-C7A71DB2F1A0}\IconF7A21AF7.exe
    2012-09-01 04:08 . 2012-09-01 04:08 110080 ----a-r- c:\users\Mark\AppData\Roaming\Microsoft\Installer\{F3D711FA-C72D-4688-95B3-C7A71DB2F1A0}\IconD7F16134.exe
    2012-09-01 04:08 . 2012-09-01 04:08 110080 ----a-r- c:\users\Mark\AppData\Roaming\Microsoft\Installer\{F3D711FA-C72D-4688-95B3-C7A71DB2F1A0}\Icon5B4E0377.exe
    2012-08-21 17:01 . 2010-09-08 04:25 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
    2012-08-21 17:01 . 2010-09-08 04:25 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
    2012-07-09 17:42 . 2012-07-09 17:42 4547984 ----a-w- c:\windows\system32\usbaaplrc.dll
    2012-07-09 17:42 . 2012-07-09 17:42 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
    2012-07-06 03:48 . 2012-07-06 03:34 29808 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-03-16 214840]
    .
    [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
    [HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
    [HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
    [HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
    "SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2010-01-20 82944]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-09-07 766536]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer5"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
    @="Service"
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - aswMBR
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-03 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-08 14:24]
    .
    2012-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 13:50]
    .
    2012-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 13:50]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 4081008]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-22 16397416]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.yahoo.com/?fr=fptb-yie9/
    mStart Page = hxxp://www.google.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    Trusted Zone: cinemanow.com
    Trusted Zone: roxio.com
    Trusted Zone: roxionow.com
    Trusted Zone: sonic.com
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-{8660E5B3-6C41-44DE-8503-98D99BBECD41} - c:\program files (x86)\Coupons.com CouponBar\tbcore3.dll
    Wow6432Node-HKLM-Run-Wi-Fi Sync - c:\program files (x86)\Wi-Fi Sync\wifisync.exe
    Wow6432Node-HKLM-Run-SunJavaUpdateSched - c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
    Wow6432Node-HKLM-Run-DivXUpdate - c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe
    WebBrowser-{8660E5B3-6C41-44DE-8503-98D99BBECD41} - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
    "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=inteldata\""
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-10-03 00:41:50
    ComboFix-quarantined-files.txt 2012-10-03 04:41
    .
    Pre-Run: 24,489,385,984 bytes free
    Post-Run: 24,699,854,848 bytes free
    .
    - - End Of File - - 11A588CDE45E4F6AEA52ADA700E3621D
     
  25. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Looks good.

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.