Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

hijacked registry


Recommended Posts

hijacked registry

 

.

DDS (Ver_11-05-19.01) - NTFSx86

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24

Run by Ryan at 10:57:34 on 2011-05-22

Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.4094.2565 [GMT -4:00]

.

AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: IObit Security 360 *Disabled/Outdated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}

SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Windows\System32\svchost.exe -k ipripsvc

C:\Program Files (x86)\IObit\IObit Security 360\IS360srv.exe

C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\msdtc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\IObit\IObit Security 360\is360.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\explorer.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Ryan\Downloads\dds.scr

C:\Windows\SysWOW64\WSCRIPT.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://igoogle.com/

uInternet Settings,ProxyOverride = *.local

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun: [iObit Security 360] "C:\Program Files (x86)\IObit\IObit Security 360\IS360tray.exe" /autostart

dRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TOUCHP~1.LNK - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\9gfcmxmn.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig

FF - prefs.js: network.proxy.type - 4

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Users\Ryan\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-connections-per-server - 6

FF - user.js: network.http.max-persistent-connections-per-server - 3

FF - user.js: nglayout.initialpaint.delay - 750

FF - user.js: content.notify.interval - 750000

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

============= SERVICES / DRIVERS ===============

.

R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\system32\DRIVERS\tos_sps64.sys --> C:\Windows\system32\DRIVERS\tos_sps64.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-4 128384]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 iprip;RIP Listener;C:\Windows\System32\svchost.exe -k ipripsvc [2009-7-13 20992]

R2 IS360service;IS360service;C:\Program Files (x86)\IObit\IObit Security 360\is360srv.exe [2011-5-16 312152]

R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-9-17 2477304]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-5-10 136824]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]

S3 HtcUsbMdmV64;HTC Proprietary USB Driver;C:\Windows\system32\DRIVERS\HtcUsbMdmV64.sys --> C:\Windows\system32\DRIVERS\HtcUsbMdmV64.sys [?]

S3 HtcVCom32;HTC Diagnostic Port;C:\Windows\system32\DRIVERS\HtcVComV64.sys --> C:\Windows\system32\DRIVERS\HtcVComV64.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187B.sys --> C:\Windows\system32\DRIVERS\RTL8187B.sys [?]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2011-05-22 13:27:54 -------- d-sh--w- C:\$RECYCLE.BIN

2011-05-22 13:24:11 -------- d-----w- C:\TDSSKiller_Quarantine

2011-05-22 13:11:06 -------- d-----w- C:\Program Files (x86)\ESET

2011-05-22 13:02:29 -------- d-----w- C:\Users\Ryan\AppData\Local\temp

2011-05-22 12:51:26 98816 ----a-w- C:\Windows\sed.exe

2011-05-22 12:51:26 89088 ----a-w- C:\Windows\MBR.exe

2011-05-22 12:51:26 256512 ----a-w- C:\Windows\PEV.exe

2011-05-22 12:51:26 161792 ----a-w- C:\Windows\SWREG.exe

2011-05-22 10:23:55 -------- d-----w- C:\Users\Ryan\AppData\Roaming\Malwarebytes

2011-05-22 10:23:49 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-05-22 10:23:48 -------- d-----w- C:\ProgramData\Malwarebytes

2011-05-22 10:23:45 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-05-22 10:23:45 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-05-22 08:46:54 -------- d-----w- C:\Users\Ryan\AppData\Roaming\SUPERAntiSpyware.com

2011-05-22 08:46:54 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2011-05-22 08:46:44 -------- d-----w- C:\ProgramData\!SASCORE

2011-05-22 08:46:41 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2011-05-14 23:27:45 197120 ----a-w- C:\Windows\System32\d3d10_1.dll

2011-05-14 23:27:45 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll

2011-05-13 23:02:41 142336 ----a-w- C:\Windows\System32\poqexec.exe

2011-05-13 23:02:41 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe

2011-05-11 02:39:06 5509504 ----a-w- C:\Windows\System32\ntoskrnl.exe

2011-05-11 02:39:05 3957632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2011-05-11 02:39:05 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2011-05-11 02:37:13 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys

2011-05-11 02:37:13 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys

2011-05-11 02:37:13 52224 ----a-w- C:\Windows\System32\drivers\usbehci.sys

2011-05-11 02:37:13 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys

2011-05-11 02:37:13 324608 ----a-w- C:\Windows\System32\drivers\usbport.sys

2011-05-11 02:37:13 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys

2011-05-11 02:37:13 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys

2011-05-04 19:50:13 8802128 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E332E1E4-4F62-4395-93C2-81F144E35E33}\mpengine.dll

2011-04-30 19:39:05 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll

2011-04-30 19:39:04 89048 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll

2011-04-30 19:39:04 781272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll

2011-04-30 19:39:04 465880 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll

2011-04-30 19:39:04 1974616 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_42.dll

2011-04-30 19:39:04 1892184 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_42.dll

2011-04-30 19:39:04 1874904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

2011-04-30 19:39:04 15832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll

2011-04-27 19:48:08 662528 ----a-w- C:\Windows\System32\XpsPrint.dll

2011-04-27 19:48:08 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2011-04-27 19:47:42 1657216 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2011-04-27 19:47:41 2566144 ----a-w- C:\Windows\System32\esent.dll

2011-04-27 19:47:40 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys

2011-04-27 19:47:40 187264 ----a-w- C:\Windows\System32\drivers\storport.sys

2011-04-27 19:47:40 1686016 ----a-w- C:\Windows\SysWow64\esent.dll

2011-04-27 19:47:40 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys

2011-04-27 19:47:40 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys

2011-04-27 19:47:40 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys

2011-04-27 19:47:39 96768 ----a-w- C:\Windows\System32\fsutil.exe

2011-04-27 19:47:39 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe

2011-04-27 19:47:39 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys

2011-04-27 19:43:49 2870272 ----a-w- C:\Windows\explorer.exe

2011-04-27 19:43:48 2614784 ----a-w- C:\Windows\SysWow64\explorer.exe

2011-04-27 19:07:46 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe

2011-04-27 19:07:46 31232 ----a-w- C:\Windows\System32\prevhost.exe

2011-04-26 22:43:17 902656 ----a-w- C:\Windows\System32\d2d1.dll

2011-04-26 22:43:17 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2011-04-26 22:43:17 1540608 ----a-w- C:\Windows\System32\DWrite.dll

2011-04-26 22:43:17 1135104 ----a-w- C:\Windows\System32\FntCache.dll

2011-04-26 22:43:17 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll

2011-04-25 03:13:40 367104 ----a-w- C:\Windows\System32\wcncsvc.dll

2011-04-25 03:13:40 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll

2011-04-24 21:15:31 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys

2011-04-24 21:15:31 286720 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-04-24 21:15:31 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys

2011-04-24 21:15:31 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys

2011-04-24 20:46:07 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2011-04-24 20:46:07 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2011-04-24 20:44:25 1359872 ----a-w- C:\Windows\System32\mfc42u.dll

2011-04-24 20:44:24 1395712 ----a-w- C:\Windows\System32\mfc42.dll

2011-04-24 20:44:24 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll

2011-04-24 20:44:24 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll

2011-04-24 20:44:21 461312 ----a-w- C:\Windows\System32\drivers\srv.sys

2011-04-24 20:44:21 401920 ----a-w- C:\Windows\System32\drivers\srv2.sys

2011-04-24 20:44:21 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2011-04-24 20:15:53 -------- d-----w- C:\Program Files\iTunes

2011-04-24 20:15:53 -------- d-----w- C:\Program Files\iPod

2011-04-24 20:15:53 -------- d-----w- C:\Program Files (x86)\iTunes

2011-04-24 20:13:07 -------- d-----w- C:\Program Files\Bonjour

2011-04-24 20:13:07 -------- d-----w- C:\Program Files (x86)\Bonjour

2011-04-24 20:12:21 3138048 ----a-w- C:\Windows\System32\mstscax.dll

2011-04-24 20:12:21 2690560 ----a-w- C:\Windows\SysWow64\mstscax.dll

2011-04-24 20:12:20 1097216 ----a-w- C:\Windows\System32\mstsc.exe

2011-04-24 20:12:20 1034240 ----a-w- C:\Windows\SysWow64\mstsc.exe

2011-04-24 19:56:10 961024 ----a-w- C:\Windows\System32\CPFilters.dll

2011-04-24 19:56:10 723968 ----a-w- C:\Windows\System32\EncDec.dll

2011-04-24 19:56:10 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll

2011-04-24 19:56:10 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll

2011-04-24 19:56:10 259072 ----a-w- C:\Windows\System32\mpg2splt.ax

2011-04-24 19:56:10 1118720 ----a-w- C:\Windows\System32\sbe.dll

2011-04-24 19:56:09 850432 ----a-w- C:\Windows\SysWow64\sbe.dll

2011-04-24 19:56:09 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax

2011-04-24 19:20:58 46080 ----a-w- C:\Windows\System32\atmlib.dll

2011-04-24 19:20:58 367104 ----a-w- C:\Windows\System32\atmfd.dll

2011-04-24 19:20:58 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2011-04-24 19:20:58 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll

2011-04-24 19:20:20 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe

2011-04-24 19:20:20 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe

2011-04-24 19:20:20 182272 ----a-w- C:\Windows\System32\dnsrslvr.dll

2011-04-24 19:19:59 976896 ----a-w- C:\Windows\System32\inetcomm.dll

2011-04-24 19:19:59 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll

2011-04-24 19:19:46 640896 ----a-w- C:\Windows\System32\winload.efi

2011-04-24 19:19:46 603976 ----a-w- C:\Windows\System32\winload.exe

2011-04-24 19:19:46 518160 ----a-w- C:\Windows\System32\winresume.exe

2011-04-24 19:19:45 556928 ----a-w- C:\Windows\System32\winresume.efi

2011-04-24 19:19:45 20352 ----a-w- C:\Windows\System32\kdusb.dll

2011-04-24 19:19:45 19328 ----a-w- C:\Windows\System32\kd1394.dll

2011-04-24 19:19:45 17792 ----a-w- C:\Windows\System32\kdcom.dll

2011-04-24 19:03:56 612352 ----a-w- C:\Windows\System32\vbscript.dll

2011-04-24 19:03:56 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll

2011-04-24 18:48:49 3133440 ----a-w- C:\Windows\System32\win32k.sys

.

==================== Find3M ====================

.

2011-04-06 16:26:58 96544 ----a-w- C:\Windows\System32\dnssd.dll

2011-04-06 16:26:58 69408 ----a-w- C:\Windows\System32\jdns_sd.dll

2011-04-06 16:26:58 237856 ----a-w- C:\Windows\System32\dnssdX.dll

2011-04-06 16:26:58 119584 ----a-w- C:\Windows\System32\dns-sd.exe

2011-04-06 16:20:16 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll

2011-04-06 16:20:16 75040 ----a-w- C:\Windows\SysWow64\jdns_sd.dll

2011-04-06 16:20:16 197920 ----a-w- C:\Windows\SysWow64\dnssdX.dll

2011-04-06 16:20:16 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe

2011-03-04 06:17:25 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2011-03-04 06:17:24 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2011-02-24 06:29:15 1197056 ----a-w- C:\Windows\System32\wininet.dll

2011-02-24 06:24:57 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2011-02-24 05:32:44 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-02-24 05:30:16 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2011-02-24 05:05:13 482816 ----a-w- C:\Windows\System32\html.iec

2011-02-24 04:24:04 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-02-24 04:23:48 386048 ----a-w- C:\Windows\SysWow64\html.iec

2011-02-24 03:50:26 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

.

============= FINISH: 10:58:18.35 ===============

Attach.txt

DDS.txt

Link to comment
Share on other sites

I think my internet and registry have been hijacked

 

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_11-05-19.01)

.

Microsoft Windows 7 Enterprise

Boot Device: \Device\HarddiskVolume2

Install Date: 8/8/2010 9:28:45 PM

System Uptime: 5/22/2011 10:30:04 AM (0 hours ago)

.

Motherboard: TOSHIBA | | Portable PC

Processor: Intel® Core2 Duo CPU T6400 @ 2.00GHz | CPU | 2000/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 297 GiB total, 30.287 GiB free.

D: is CDROM ()

F: is FIXED (FAT32) - 233 GiB total, 13.151 GiB free.

H: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description:

Device ID: ACPI\TOS1901\2&DABA3FF&1

Manufacturer:

Name:

PNP Device ID: ACPI\TOS1901\2&DABA3FF&1

Service:

.

==== System Restore Points ===================

.

RP132: 1/31/2011 7:31:48 AM - Removed GOM Player + Ask Toolbar.

RP133: 1/31/2011 5:25:47 PM - Installed Java 6 Update 23

RP134: 2/3/2011 9:14:17 AM - Installed calibre

RP135: 2/11/2011 2:38:39 PM - Windows Update

RP136: 2/12/2011 9:00:15 AM - Windows Update

RP137: 2/12/2011 4:12:55 PM - Windows Update

RP138: 2/16/2011 4:14:00 PM - Installed Java 6 Update 24

RP139: 2/23/2011 11:19:43 PM - Scheduled Checkpoint

RP140: 3/3/2011 7:04:08 PM - Scheduled Checkpoint

RP141: 3/10/2011 7:47:35 PM - Scheduled Checkpoint

RP142: 3/18/2011 6:58:09 PM - Scheduled Checkpoint

RP143: 3/25/2011 8:07:05 PM - Scheduled Checkpoint

RP144: 4/2/2011 5:58:55 AM - Scheduled Checkpoint

RP145: 4/9/2011 11:43:23 PM - Scheduled Checkpoint

RP146: 4/17/2011 8:46:21 PM - Scheduled Checkpoint

RP147: 4/24/2011 10:31:43 PM - Scheduled Checkpoint

RP148: 4/24/2011 11:00:13 PM - Windows Update

RP149: 4/25/2011 8:36:50 AM - Windows Update

RP150: 4/25/2011 6:32:11 PM - Windows Update

RP151: 4/27/2011 2:00:28 AM - Windows Update

RP152: 4/27/2011 4:48:03 PM - Windows Update

RP153: 4/28/2011 2:00:26 AM - Windows Update

RP154: 5/4/2011 12:18:32 PM - Installed WModem_Installer

RP155: 5/11/2011 12:45:51 AM - Windows Update

RP156: 5/11/2011 8:51:29 AM - Windows Update

RP157: 5/12/2011 12:20:23 AM - Windows Update

RP158: 5/12/2011 8:26:14 AM - Windows Update

RP159: 5/14/2011 3:00:27 AM - Windows Update

RP160: 5/14/2011 7:45:44 PM - Windows Update

RP161: 5/22/2011 5:44:26 AM - 21may11

.

==== Installed Programs ======================

.

Adobe Acrobat 9 Pro - English, Français, Deutsch

Adobe Acrobat 9.4.1 - CPSID_83708

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader X (10.0.1)

AIM 7

Amazon MP3 Downloader 1.0.10

Apple Application Support

Apple Software Update

calibre

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Definition update for Microsoft Office 2010 (KB982726)

DivX Setup

Download Updater (AOL LLC)

ESET Online Scanner v3

Free File Viewer 2010

GOM Player

Google Chrome

Google Update Helper

HTC Driver Installer

HTC Sync

Internet TV for Windows Media Center

IObit Security 360

Java Auto Updater

Java 6 Update 24

LiveUpdate 3.3 (Symantec Corporation)

MagicDisc 2.7.106

Malwarebytes' Anti-Malware

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable - KB2467175

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft XML Parser

Mozilla Firefox 4.0.1 (x86 en-US)

Mozilla Thunderbird (3.1.2)

OLYMPUS ib

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

RealUpgrade 1.1

RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02

Rosetta Stone Version 3

Security Task Manager 1.8c

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft Excel 2010 (KB2466146)

Security Update for Microsoft Office 2010 (KB2289078)

Security Update for Microsoft Office 2010 (KB2289161)

Security Update for Microsoft PowerPoint 2010 (KB2519975)

Security Update for Microsoft Publisher 2010 (KB2409055)

Security Update for Microsoft Word 2010 (KB2345000)

SigmaPlot 10.0

System Requirements Lab for Intel

TOSHIBA Supervisor Password

Update for Microsoft Office 2010 (KB2202188)

Update for Microsoft Office 2010 (KB2413186)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft OneNote 2010 (KB2493983)

Update for Microsoft Outlook Social Connector (KB2441641)

VC80CRTRedist - 8.0.50727.4053

Windows Media Player Firefox Plugin

WinUtilities 10.0 Free Edition

WinX DVD Ripper Platinum 6.0.0

WModem Driver Installer

Yahoo! BrowserPlus 2.9.8

Yahoo! Messenger

.

==== Event Viewer Messages From Past Week ========

.

5/22/2011 9:45:33 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

5/22/2011 9:38:42 AM, Error: Service Control Manager [7031] - The Symantec Settings Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

5/22/2011 9:38:42 AM, Error: Service Control Manager [7031] - The Symantec Event Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 200 milliseconds: Restart the service.

5/22/2011 8:59:45 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

5/22/2011 8:59:07 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

5/22/2011 8:47:01 AM, Error: Service Control Manager [7034] - The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).

5/22/2011 4:09:35 AM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: A privilege that the service requires to function properly does not exist in the service account configuration. You may use the Services Microsoft Management Console (MMC) snap-in (services.msc) and the Local Security Settings MMC snap-in (secpol.msc) to view the service configuration and the account configuration.

5/22/2011 3:56:58 AM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004

5/22/2011 3:53:20 AM, Error: Service Control Manager [7000] - The Diagnostic System Host service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.

5/22/2011 3:03:17 AM, Error: Service Control Manager [7001] - The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

5/22/2011 10:57:45 AM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.

5/22/2011 10:33:43 AM, Error: Service Control Manager [7022] - The Diagnostic System Host service hung on starting.

5/22/2011 10:32:09 AM, Error: Service Control Manager [7001] - The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

5/22/2011 10:31:39 AM, Error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.

5/22/2011 10:31:06 AM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter

5/22/2011 10:31:06 AM, Error: atikmdag [43029] - Display is not active

5/22/2011 10:30:59 AM, Error: volmgr [46] - Crash dump initialization failed!

.

==== End Of File ===========================

Attach.txt

DDS.txt

Link to comment
Share on other sites

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer.

 

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

 

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

***************************************************

The DDS log shows that you only have 30.2 Gb of free space on your hard drive. Windows requires 15% (45 Gb) in order to function properly. You will need to find some way of freeing up more space on your C drive. You can do this by uninstalling unused programs. You can also transfer important documents, files, videos, music and pictures to DVD's.

 

Download OTL to your desktop.

 

* Open OTL

* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

 

:OTL
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
BHO-X64: URLRedirectionBHO - No File
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
FF - prefs.js: network.proxy.type - 4

:COMMANDS
[resethosts]
[purity]
[emptytemp]
[start explorer]

 

* Click Run Fix

* OTLI2 may ask to reboot the machine. Please do so if asked.

* Click OK

* A report will open. Copy and Paste that report in your next reply.

**************************************************

SUPERAntiSpyware

 

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

 

Download SuperAntispyware Free Edition (SAS)

* Double-click the icon on your desktop to run the installer.

* When asked to Update the program definitions, click Yes

* If you encounter any problems while downloading the updates, manually download and unzip them from here

* Next click the Preferences button.

 

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts

* Click the Scanning Control tab.

* Under Scanner Options make sure only the following are checked:

 

•Close browsers before scanning

•Scan for tracking cookies

•Terminate memory threats before quarantining

Please leave the others unchecked

 

•Click the Close button to leave the control center screen.

 

* On the main screen click Scan your computer

* On the left check the box for the drive you are scanning.

* On the right choose Perform Complete Scan

* Click Next to start the scan. Please be patient while it scans your computer.

* After the scan is complete a summary box will appear. Click OK

* Make sure everything in the white box has a check next to it, then click Next

* It will quarantine what it found and if it asks if you want to reboot, click Yes

 

•To retrieve the removal information please do the following:

•After reboot, double-click the SUPERAntiSpyware icon on your desktop.

•Click Preferences. Click the Statistics/Logs tab.

 

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

 

•It will open in your default text editor (preferably Notepad).

•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

 

* Save the log somewhere you can easily find it. (normally the desktop)

* Click close and close again to exit the program.

*Copy and Paste the log in your post.

************************************************

 

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

 

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Link to comment
Share on other sites

scan results

 

Here are the scan results

All processes killed

========== OTL ==========

Prefs.js: network.proxy.type - 4 removed from refs.js

========== COMMANDS ==========

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

[EMPTYTEMP]

 

User: All Users

 

User: Classic .NET AppPool

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

User: Ryan

->Temp folder emptied: 95299 bytes

->Temporary Internet Files folder emptied: 251570 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 127335389 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 1084 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 282 bytes

 

Total Files Cleaned = 122.00 mb

 

 

OTL by OldTimer - Version 3.2.23.0 log created on 05222011_210132

 

Files\Folders moved on Reboot...

 

Registry entries deleted on Reboot...

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 05/23/2011 at 00:35 AM

 

Application Version : 4.52.1000

 

Core Rules Database Version : 7110

Trace Rules Database Version: 4922

 

Scan type : Complete Scan

Total Scan Time : 03:23:01

 

Memory items scanned : 525

Memory threats detected : 0

Registry items scanned : 13222

Registry threats detected : 0

File items scanned : 302387

File threats detected : 37

 

Adware.Tracking Cookie

C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\Low\ryan@ad.yieldmanager[1].txt

C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\Low\ryan@ar.atwola[1].txt

C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\Low\ryan@at.atwola[1].txt

C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\Low\ryan@collective-media[2].txt

C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\Low\ryan@eset.122.2o7[1].txt

C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\Low\ryan@interclick[2].txt

C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\Low\ryan@invitemedia[2].txt

C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\Low\ryan@legolas-media[2].txt

C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\Low\ryan@media6degrees[2].txt

C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\Low\ryan@segment-pixel.invitemedia[2].txt

C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\Low\ryan@tacoda.at.atwola[1].txt

C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\Low\ryan@xiti[1].txt

 

Trojan.Agent/Gen-ImageDocFake

C:\USERS\RYAN\DOCUMENTS\RSMAS\PROGRAMS\CO2BRINE.DOC

C:\USERS\RYAN\DOCUMENTS\RSMAS\PROGRAMS\CONVERSIONSTODOC\CO2BRINE.DOC

C:\USERS\RYAN\DOCUMENTS\RSMAS\PROGRAMS\CONVERSIONSTODOC\CO2SYS.DOC

C:\USERS\RYAN\DOCUMENTS\RSMAS\PROGRAMS\CONVERSIONSTODOC\EQSTATE.DOC

C:\USERS\RYAN\DOCUMENTS\RSMAS\PROGRAMS\IONPAIR.DOC

F:\OFFICE COMPUTER BACKUP\FLASH DRIVE BACKUP 9AUG2010\QB PROGRAMS\CO2BRINE.DOC

F:\OFFICE COMPUTER BACKUP\FLASH DRIVE BACKUP 9AUG2010\QB PROGRAMS\IONPAIR.DOC

F:\OFFICE COMPUTER BACKUP\FLASH DRIVE BACKUP 9AUG2010\QB PROGRAMS\CONVERSIONSTODOC\CO2BRINE.DOC

F:\OFFICE COMPUTER BACKUP\FLASH DRIVE BACKUP 9AUG2010\QB PROGRAMS\CONVERSIONSTODOC\CO2SYS.DOC

F:\OFFICE COMPUTER BACKUP\FLASH DRIVE BACKUP 9AUG2010\QB PROGRAMS\CONVERSIONSTODOC\EQSTATE.DOC

F:\OFFICE COMPUTER BACKUP\PROGRAMS\CO2BRINE.DOC

F:\OFFICE COMPUTER BACKUP\PROGRAMS\IONPAIR.DOC

F:\OFFICE COMPUTER BACKUP\PROGRAMS\CONVERSIONSTODOC\CO2BRINE.DOC

F:\OFFICE COMPUTER BACKUP\PROGRAMS\CONVERSIONSTODOC\CO2SYS.DOC

F:\OFFICE COMPUTER BACKUP\PROGRAMS\CONVERSIONSTODOC\EQSTATE.DOC

F:\LAPTOP BACKUP\DOCUMENTS\DOCUMENTS\RSMAS\PROGRAMS\CO2BRINE.DOC

F:\LAPTOP BACKUP\DOCUMENTS\DOCUMENTS\RSMAS\PROGRAMS\IONPAIR.DOC

F:\LAPTOP BACKUP\DOCUMENTS\DOCUMENTS\RSMAS\PROGRAMS\CONVERSIONSTODOC\CO2BRINE.DOC

F:\LAPTOP BACKUP\DOCUMENTS\DOCUMENTS\RSMAS\PROGRAMS\CONVERSIONSTODOC\CO2SYS.DOC

F:\LAPTOP BACKUP\DOCUMENTS\DOCUMENTS\RSMAS\PROGRAMS\CONVERSIONSTODOC\EQSTATE.DOC

F:\BACKUP\RSMAS\PROGRAMS\CO2BRINE.DOC

F:\BACKUP\RSMAS\PROGRAMS\IONPAIR.DOC

F:\BACKUP\RSMAS\PROGRAMS\CONVERSIONSTODOC\CO2BRINE.DOC

F:\BACKUP\RSMAS\PROGRAMS\CONVERSIONSTODOC\CO2SYS.DOC

F:\BACKUP\RSMAS\PROGRAMS\CONVERSIONSTODOC\EQSTATE.DOC

 

Malwarebytes' Anti-Malware 1.50.1.1100

http://www.malwarebytes.org

 

Database version: 6647

 

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

 

5/23/2011 2:19:20 AM

mbam-log-2011-05-23 (02-19-20).txt

 

Scan type: Full scan (C:\|F:\|)

Objects scanned: 464560

Time elapsed: 1 hour(s), 31 minute(s), 17 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

Link to comment
Share on other sites

That's great. It cleaned a bunch of stuff.

 

Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

 

link # 1

Link # 2

If you are using Firefox, make sure that your download settings are as follows:

 

* Tools->Options->Main tab

* Set to "Always ask me where to Save the files".

 

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

 

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

 

Right-click combofix.exe and select Run as Administrator and follow the prompts.

When finished, ComboFix will produce a log for you.

Post the ComboFix login your next reply.

 

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

 

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

Link to comment
Share on other sites

Here's the log:

 

ComboFix 11-05-23.02 - Ryan 05/23/2011 18:52:44.2.2 - x64

Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.4094.2989 [GMT -4:00]

Running from: c:\users\Ryan\Downloads\ComboFix.exe

AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

SP: IObit Security 360 *Disabled/Updated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}

SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2011-04-23 to 2011-05-23 )))))))))))))))))))))))))))))))

.

.

2011-05-23 22:59 . 2011-05-23 22:59 -------- d-----w- c:\users\Ryan\AppData\Local\temp

2011-05-23 22:59 . 2011-05-23 22:59 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-05-23 22:59 . 2011-05-23 22:59 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp

2011-05-23 01:01 . 2011-05-23 01:01 -------- d-----w- C:\_OTL

2011-05-22 13:24 . 2011-05-22 13:24 -------- d-----w- C:\TDSSKiller_Quarantine

2011-05-22 13:11 . 2011-05-22 13:11 -------- d-----w- c:\program files (x86)\ESET

2011-05-22 10:23 . 2011-05-22 10:23 -------- d-----w- c:\users\Ryan\AppData\Roaming\Malwarebytes

2011-05-22 10:23 . 2010-12-20 22:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-05-22 10:23 . 2011-05-22 10:23 -------- d-----w- c:\programdata\Malwarebytes

2011-05-22 10:23 . 2011-05-22 10:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-05-22 10:23 . 2010-12-20 22:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-22 08:46 . 2011-05-22 08:46 -------- d-----w- c:\users\Ryan\AppData\Roaming\SUPERAntiSpyware.com

2011-05-22 08:46 . 2011-05-22 08:46 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-05-22 08:46 . 2011-05-22 08:46 -------- d-----w- c:\programdata\!SASCORE

2011-05-22 08:46 . 2011-05-22 08:46 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-05-14 23:27 . 2011-01-17 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll

2011-05-14 23:27 . 2011-01-17 05:38 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll

2011-05-13 23:02 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe

2011-05-13 23:02 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe

2011-05-11 02:39 . 2011-04-09 06:45 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-05-11 02:39 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2011-05-11 02:39 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2011-05-11 02:37 . 2011-03-25 03:23 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys

2011-05-11 02:37 . 2011-03-25 03:23 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2011-05-11 02:37 . 2011-03-25 03:23 324608 ----a-w- c:\windows\system32\drivers\usbport.sys

2011-05-11 02:37 . 2011-03-25 03:22 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys

2011-05-11 02:37 . 2011-03-25 03:22 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys

2011-05-11 02:37 . 2011-03-25 03:22 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2011-05-11 02:37 . 2011-03-25 03:22 7936 ----a-w- c:\windows\system32\drivers\usbd.sys

2011-05-06 21:41 . 2011-05-06 21:41 -------- d-----w- c:\users\Default\AppData\Local\Symantec

2011-05-04 19:50 . 2011-04-18 13:15 8802128 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E332E1E4-4F62-4395-93C2-81F144E35E33}\mpengine.dll

2011-04-30 19:39 . 2011-04-14 16:26 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll

2011-04-30 19:39 . 2011-04-14 16:25 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll

2011-04-30 19:39 . 2011-04-14 16:25 1874904 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll

2011-04-30 19:39 . 2011-04-14 16:25 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll

2011-04-30 19:39 . 2011-04-14 16:25 465880 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll

2011-04-30 19:39 . 2011-04-14 16:25 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll

2011-04-30 19:39 . 2010-01-01 08:00 1974616 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll

2011-04-30 19:39 . 2010-01-01 08:00 1892184 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll

2011-04-27 19:48 . 2011-03-12 12:03 662528 ----a-w- c:\windows\system32\XpsPrint.dll

2011-04-27 19:48 . 2011-03-12 11:31 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll

2011-04-27 19:47 . 2011-03-11 06:23 1657216 ----a-w- c:\windows\system32\drivers\ntfs.sys

2011-04-27 19:47 . 2011-03-11 06:18 2566144 ----a-w- c:\windows\system32\esent.dll

2011-04-27 19:47 . 2011-03-11 06:23 187264 ----a-w- c:\windows\system32\drivers\storport.sys

2011-04-27 19:47 . 2011-03-11 06:23 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys

2011-04-27 19:47 . 2011-03-11 06:23 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys

2011-04-27 19:47 . 2011-03-11 06:22 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys

2011-04-27 19:47 . 2011-03-11 06:22 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys

2011-04-27 19:47 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\SysWow64\esent.dll

2011-04-27 19:47 . 2011-03-11 06:23 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys

2011-04-27 19:47 . 2011-03-11 06:15 96768 ----a-w- c:\windows\system32\fsutil.exe

2011-04-27 19:47 . 2011-03-11 05:37 74240 ----a-w- c:\windows\SysWow64\fsutil.exe

2011-04-27 19:43 . 2011-02-26 06:23 2870272 ----a-w- c:\windows\explorer.exe

2011-04-27 19:43 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\SysWow64\explorer.exe

2011-04-27 19:07 . 2011-02-18 06:33 31232 ----a-w- c:\windows\system32\prevhost.exe

2011-04-27 19:07 . 2011-02-18 05:33 31232 ----a-w- c:\windows\SysWow64\prevhost.exe

2011-04-26 22:43 . 2011-02-19 06:37 1135104 ----a-w- c:\windows\system32\FntCache.dll

2011-04-26 22:43 . 2011-02-19 06:37 1540608 ----a-w- c:\windows\system32\DWrite.dll

2011-04-26 22:43 . 2011-02-19 06:36 902656 ----a-w- c:\windows\system32\d2d1.dll

2011-04-26 22:43 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll

2011-04-26 22:43 . 2011-02-19 05:32 739840 ----a-w- c:\windows\SysWow64\d2d1.dll

2011-04-25 03:13 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll

2011-04-25 03:13 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll

2011-04-24 21:15 . 2011-02-23 05:15 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-24 21:15 . 2011-02-23 05:15 286720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-04-24 21:15 . 2011-02-23 05:15 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-04-24 21:15 . 2011-02-23 05:15 90624 ----a-w- c:\windows\system32\drivers\bowser.sys

2011-04-24 20:46 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-04-24 20:46 . 2011-02-24 05:32 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll

2011-04-24 20:44 . 2011-03-11 06:19 1359872 ----a-w- c:\windows\system32\mfc42u.dll

2011-04-24 20:44 . 2011-03-11 06:19 1395712 ----a-w- c:\windows\system32\mfc42.dll

2011-04-24 20:44 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll

2011-04-24 20:44 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll

2011-04-24 20:44 . 2011-02-23 05:16 461312 ----a-w- c:\windows\system32\drivers\srv.sys

2011-04-24 20:44 . 2011-02-23 05:16 401920 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-04-24 20:44 . 2011-02-23 05:15 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-04-24 20:15 . 2011-04-24 20:16 -------- d-----w- c:\program files\iTunes

2011-04-24 20:15 . 2011-04-24 20:16 -------- d-----w- c:\program files (x86)\iTunes

2011-04-24 20:15 . 2011-04-24 20:15 -------- d-----w- c:\program files\iPod

2011-04-24 20:13 . 2011-04-24 20:13 -------- d-----w- c:\program files\Bonjour

2011-04-24 20:13 . 2011-04-24 20:13 -------- d-----w- c:\program files (x86)\Bonjour

2011-04-24 20:12 . 2010-12-18 06:12 3138048 ----a-w- c:\windows\system32\mstscax.dll

2011-04-24 20:12 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\SysWow64\mstscax.dll

2011-04-24 20:12 . 2010-12-18 06:08 1097216 ----a-w- c:\windows\system32\mstsc.exe

2011-04-24 20:12 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\SysWow64\mstsc.exe

2011-04-24 19:56 . 2010-12-23 06:07 1118720 ----a-w- c:\windows\system32\sbe.dll

2011-04-24 19:56 . 2010-12-23 06:07 961024 ----a-w- c:\windows\system32\CPFilters.dll

2011-04-24 19:56 . 2010-12-23 06:07 723968 ----a-w- c:\windows\system32\EncDec.dll

2011-04-24 19:56 . 2010-12-23 06:02 259072 ----a-w- c:\windows\system32\mpg2splt.ax

2011-04-24 19:56 . 2010-12-23 05:28 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll

2011-04-24 19:56 . 2010-12-23 05:28 534528 ----a-w- c:\windows\SysWow64\EncDec.dll

2011-04-24 19:56 . 2010-12-23 05:28 850432 ----a-w- c:\windows\SysWow64\sbe.dll

2011-04-24 19:56 . 2010-12-23 05:24 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax

2011-04-24 19:20 . 2011-02-19 06:36 46080 ----a-w- c:\windows\system32\atmlib.dll

2011-04-24 19:20 . 2011-02-19 05:32 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2011-04-24 19:20 . 2011-02-19 04:13 367104 ----a-w- c:\windows\system32\atmfd.dll

2011-04-24 19:20 . 2011-02-19 03:37 294912 ----a-w- c:\windows\SysWow64\atmfd.dll

2011-04-24 19:20 . 2011-03-03 06:17 182272 ----a-w- c:\windows\system32\dnsrslvr.dll

2011-04-24 19:20 . 2011-03-03 06:14 30208 ----a-w- c:\windows\system32\dnscacheugc.exe

2011-04-24 19:20 . 2011-03-03 05:27 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe

2011-04-24 19:19 . 2011-03-08 06:14 976896 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-24 19:19 . 2011-03-08 05:38 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll

2011-04-24 19:19 . 2011-02-05 12:41 640896 ----a-w- c:\windows\system32\winload.efi

2011-04-24 19:19 . 2011-02-05 12:39 603976 ----a-w- c:\windows\system32\winload.exe

2011-04-24 19:19 . 2011-02-05 12:39 518160 ----a-w- c:\windows\system32\winresume.exe

2011-04-24 19:19 . 2011-02-05 12:41 556928 ----a-w- c:\windows\system32\winresume.efi

2011-04-24 19:19 . 2011-02-05 12:41 20352 ----a-w- c:\windows\system32\kdusb.dll

2011-04-24 19:19 . 2011-02-05 12:41 19328 ----a-w- c:\windows\system32\kd1394.dll

2011-04-24 19:19 . 2011-02-05 12:41 17792 ----a-w- c:\windows\system32\kdcom.dll

2011-04-24 19:03 . 2011-02-18 06:37 612352 ----a-w- c:\windows\system32\vbscript.dll

2011-04-24 19:03 . 2011-02-18 05:36 428032 ----a-w- c:\windows\SysWow64\vbscript.dll

2011-04-24 18:48 . 2011-03-03 03:58 3133440 ----a-w- c:\windows\system32\win32k.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-06 16:26 . 2011-04-06 16:26 96544 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 16:26 . 2011-04-06 16:26 69408 ----a-w- c:\windows\system32\jdns_sd.dll

2011-04-06 16:26 . 2011-04-06 16:26 237856 ----a-w- c:\windows\system32\dnssdX.dll

2011-04-06 16:26 . 2011-04-06 16:26 119584 ----a-w- c:\windows\system32\dns-sd.exe

2011-04-06 16:20 . 2011-04-06 16:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll

2011-04-06 16:20 . 2011-04-06 16:20 75040 ----a-w- c:\windows\SysWow64\jdns_sd.dll

2011-04-06 16:20 . 2011-04-06 16:20 197920 ----a-w- c:\windows\SysWow64\dnssdX.dll

2011-04-06 16:20 . 2011-04-06 16:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe

2011-03-04 06:17 . 2011-04-27 20:07 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2011-03-04 06:17 . 2011-04-27 20:07 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IObit Security 360"="c:\program files (x86)\IObit\IObit Security 360\IS360tray.exe" [2010-06-11 1280344]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-04 2988928]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

touch pad.lnk - c:\program files\Synaptics\SynTP\SynTPEnh.exe [2008-8-14 1573160]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]

R3 HtcUsbMdmV64;HTC Proprietary USB Driver;c:\windows\system32\DRIVERS\HtcUsbMdmV64.sys [x]

R3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\DRIVERS\HtcVComV64.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 iprip;RIP Listener;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 IS360service;IS360service;c:\program files (x86)\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-10 136824]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

iissvcs REG_MULTI_SZ w3svc was

apphost REG_MULTI_SZ apphostsvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-01-23 c:\windows\Tasks\Free File Viewer Update Checker.job

- c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2011-01-23 16:25]

.

.

--------- x86-64 -----------

.

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://igoogle.com/

uInternet Settings,ProxyOverride = *.local

FF - ProfilePath - c:\users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\9gfcmxmn.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig

FF - prefs.js: network.proxy.type - 4

FF - user.js: network.http.max-connections-per-server - 6

FF - user.js: network.http.max-persistent-connections-per-server - 3

FF - user.js: nglayout.initialpaint.delay - 750

FF - user.js: content.notify.interval - 750000

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-klmdb.sys

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9d,b2,a4,b3,23,e2,b1,46,a9,19,ae,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9d,b2,a4,b3,23,e2,b1,46,a9,19,ae,\

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000001

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-05-23 19:02:00

ComboFix-quarantined-files.txt 2011-05-23 23:01

ComboFix2.txt 2011-05-22 13:02

.

Pre-Run: 184,118,669,312 bytes free

Post-Run: 184,052,256,768 bytes free

.

- - End Of File - - 0CBD3FEC49087CE5D2F04BA647951225

Link to comment
Share on other sites

Please download the Sophos Anti-Rootkit Scanner and save it to your desktop.

 

You will need to enter your name, e-mail address and location in order to access the download page.

 

  • Once you have downloaded the file, double click the sarsfx icon
  • Review the licence agreement and click on the Accept button
  • The scanner will prompt you to extract the files to C:\SOPHTEMP - DO NOT change this location, simply click the Install button
     
  • Once the files have been extracted; using Windows Explorer, navigate to C:\SOPHTEMP and double click on the blue shield icon called sargui
  • Ensure that there are checkmarks next to Running processes, Windows registry and Local hard drives, then click Start scan
  • Allow the program to scan your computer - please be patient as it may take some time
  • Once the scan has completed a window will pop-up with the results of the scan - click OK to this
  • In the main window, you will see each of the entries found by the scan (if any)
    • If the scanner generated any warning messages, please click on each warning and copy and paste the text of it into this thread for me to review
    • Once you have posted any warning messages here, you can close the scanner and wait for me to get back to you

    [*]If you have not had any warnings, any entries which can be cleaned up by the scanner will have a box with a green checkmark in it next to the entry

    [*]To clean up these entries click on the Clean up checked items button

    [*]If you accidentally check a file NOT recommended for clean up, you will get a warning message and if necessary can re-select the entries you want to clean up

    [*]Once you have cleaned the selected files, you will be prompted to re-boot your computer - please do so

    [*]When you have re-booted, please post a fresh HijackThis log into this thread and tell me how your computer is running now

Link to comment
Share on other sites

Ok. Please try this:

 

Please download Rooter and Save it to your desktop.

  • Double click it to start the tool.Vista and Windows7 run as administrator.
  • Click Scan.
  • Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.

*************************************************

Download Security Check by screen317 from one of the following links and save it to your desktop.

 

Link 1

Link 2

 

* Unzip SecurityCheck.zip and a folder named Security Check should appear.

* Open the Security Check folder and double-click Security Check.bat

* Follow the on-screen instructions inside of the black box.

* A Notepad document should open automatically called checkup.txt

* Post the contents of that document in your next reply.

 

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Link to comment
Share on other sites

Here are the results

Rooter.exe (v1.0.2) by Eric_71

.

SeDebugPrivilege granted successfully ...

.

Windows 7 . (6.1.7600)

[32_bits] - Intel64 Family 6 Model 23 Stepping 10, GenuineIntel

.

[wscsvc] (Security Center) RUNNING (state:4)

[MpsSvc] RUNNING (state:4)

Windows Firewall -> Enabled

Windows Defender -> Disabled !

User Account Control (UAC) -> Enabled

.

Internet Explorer 8.0.7600.16385

Mozilla Firefox 4.0.1 (en-US)

.

C:\ [Fixed-NTFS] .. ( Total:296 Go - Free:171 Go )

D:\ [CD_Rom]

F:\ [Fixed-FAT32] .. ( Total:232 Go - Free:13 Go )

H:\ [CD_Rom]

.

Scan : 21:39.18

Path : C:\Users\Ryan\Downloads\Rooter.exe

User : Ryan ( Administrator -> YES )

.

----------------------\\ Processes

.

Locked [system Process] (0)

Locked System (4)

______ ???�?????? (336)

______ ???�?????? (464)

______ ???�?????? (540)

______ ???�?????? (556)

______ ???�?????? (596)

______ ???�?????? (612)

______ ???�?????? (620)

______ ???�?????? (720)

______ ???�?????? (792)

______ ???�?????? (848)

______ ???�?????? (896)

______ ???�?????? (968)

______ ???�?????? (1016)

______ ???�?????? (348)

______ ???�?????? (1040)

______ ???�?????? (1120)

______ ???�?????? (1204)

______ ???�?????? (1296)

______ C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (1416)

______ ???�?????? (1636)

______ ???�?????? (1664)

______ ???�?????? (1868)

______ C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (1888)

______ ???�?????? (1984)

______ C:\Program Files (x86)\Bonjour\mDNSResponder.exe (1092)

______ ???�?????? (1316)

______ ???�?????? (1176)

______ ???�?????? (2336)

______ C:\Program Files (x86)\IObit\IObit Security 360\IS360srv.exe (2356)

______ C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe (2416)

______ ???�?????? (2424)

______ ???�?????? (2620)

______ ???�?????? (2704)

______ ???�?????? (2812)

______ C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (2888)

______ ???�?????? (3000)

______ ???�?????? (3024)

______ ???�?????? (2192)

______ C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe (3100)

______ ???�?????? (3712)

______ ???�?????? (3876)

______ ???�?????? (2956)

______ C:\Program Files (x86)\IObit\IObit Security 360\is360.exe (1972)

______ ???�?????? (2840)

Locked audiodg.exe (1744)

______ C:\Users\Ryan\Downloads\Rooter.exe (3576)

.

----------------------\\ Device\Harddisk0\

.

\Device\Harddisk0 [sectors : 63 x 512 Bytes]

.

\Device\Harddisk0\Partition1 (Start_Offset:1048576 | Length:1572864000)

\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:1573912576 | Length:318496571392)

.

----------------------\\ Scheduled Tasks

.

C:\Windows\Tasks\Free File Viewer Update Checker.job

C:\Windows\Tasks\SA.DAT

C:\Windows\Tasks\SCHEDLGU.TXT

.

----------------------\\ Registry

.

.

----------------------\\ Files & Folders

.

----------------------\\ Scan completed at 21:39.34

.

C:\Rooter$\Rooter_1.txt - (24/05/2011 | 21:39.34)

 

Results of screen317's Security Check version 0.99.11

Windows 7 (UAC is enabled)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 24

Out of date Java installed!

Adobe Flash Player 10.2.159.1

Adobe Reader X (10.0.1)

Mozilla Thunderbird (3.1.2) Thunderbird Out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Norton ccSvcHst.exe

``````````End of Log````````````

Link to comment
Share on other sites

Update Your Java (JRE)

 

Old versions of Java have vulnerabilities that malware can use to infect your system.

 

First Verify your Java Version

 

If there are any other version(s) installed then update now.

 

Get the new version (if needed)

 

If your version is out of date install the newest version of the Sun Java Runtime Environment.

 

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

 

Be sure to close ALL open web browsers before starting the installation.

 

Remove any old versions

 

1. Download JavaRa and unzip the file to your Desktop.

2. Open JavaRA.exe and choose Remove Older Versions

3. Once complete exit JavaRA.

 

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

***************************************************

ESET Online Scan

 

Scan your computer with the ESET FREE Online Virus Scan

 

* Click the ESET Online Scanner button.

 

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop

* Double click on the esetsmartinstaller_enu.exe icon on your desktop.

* Place a check mark next to YES, I accept the Terms of Use.

 

* Click the Start button.

* Accept any security warnings from your browser.

* Leave the check mark next to Remove found threats and place a check next to Scan archives.

* Click the Start button.

* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.

* When the scan completes, click List of found threats.

* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.

* Click the Back button then click Finish.

 

In your next reply please include the ESET Online Scan Log

Link to comment
Share on other sites

It doesn't seem like anything was fixed. Why are there so many locked and unknown registry entries?

That's normal. I'm sure that your computer is clean. Isn't it working any better?

You were not very specific in your starting thread. You only mentioned "I think my internet and registry have been hijacked".

The scans did find some minor malware but there was no evidence to suggest any thing else.

Link to comment
Share on other sites

nothing's changed. My internet is extremely slow, and constantly getting the error that the connection has been reset. The system log has had 347 errors in the last hour. What is the windows image acquisition service and why is it always running?

Link to comment
Share on other sites

My internet is extremely slow, and constantly getting the error that the connection has been reset

That could be a problem with your internet provider.

The system log has had 347 errors in the last hour.

Could I see the log?

What is the windows image acquisition service and why is it always running?

It's fully explained here.

 

Please navigate to Start>Run and type cmd

 

in the window that pops up type ipconfig /flushdns

Link to comment
Share on other sites

Others on the same network do not have any issues

 

How do save the log to show you?

 

I do not have a printer, scanner, or camera of any type installed

 

I've done the flushdns countless times it doesn't help, and often I can't connect afterwards

Link to comment
Share on other sites

How do save the log to show you?

The best way would be to copy and paste the log in Notepad.

 

I do not have a printer, scanner, or camera of any type installed

Then you should disable it. Here's a link.

 

Please run Notepad (start > All Programs > Accessories >

Notepad) and copy and paste the text in the code box into a new file:

 

@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0

 

•Go to the File menu at the top of the Notepad and select Save as.

 

•Select save in: desktop

 

•Fill in File name: test.bat

 

•Save as type: All file types (*.*)

 

•Click save.

 

•Close the Notepad.

 

•Locate and double-click test.bat on the desktop.

 

•A notepad opens, copy and paste the content it (log1.txt) to your reply.

Link to comment
Share on other sites

I don't think you understand what I mean by the system log, because you can't copy and paste. It's under control panel, system and security, administrative tools, view event logs

 

I dissabled the service, and now I keep hearing the ding noise when there's an error but nothing pops up, and I couldn't open the control panel or the task manager until I restarted.

 

Here's the log

 

Windows IP Configuration

 

Host Name . . . . . . . . . . . . : Woosley

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

 

Wireless LAN adapter Wireless Network Connection 4:

 

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2

Physical Address. . . . . . . . . : 00-22-FA-D7-36-BB

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

 

Wireless LAN adapter Wireless Network Connection:

 

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® WiFi Link 5100 AGN

Physical Address. . . . . . . . . : 00-22-FA-D7-36-BA

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Link-local IPv6 Address . . . . . : fe80::95cb:25f3:85bd:466%18(Preferred)

IPv4 Address. . . . . . . . . . . : 10.4.31.95(Preferred)

Subnet Mask . . . . . . . . . . . : 255.255.0.0

Lease Obtained. . . . . . . . . . : Saturday, May 28, 2011 12:26:08 PM

Lease Expires . . . . . . . . . . : Sunday, May 29, 2011 12:26:20 PM

Default Gateway . . . . . . . . . : 10.4.0.1

DHCP Server . . . . . . . . . . . : 172.20.101.4

DHCPv6 IAID . . . . . . . . . . . : 318776058

DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-F1-37-0E-00-1E-33-BC-87-64

DNS Servers . . . . . . . . . . . : 205.152.144.23

205.152.37.23

NetBIOS over Tcpip. . . . . . . . : Enabled

 

Ethernet adapter Local Area Connection:

 

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . : nbp.usap.gov

Description . . . . . . . . . . . : Realtek PCIe FE Family Controller

Physical Address. . . . . . . . . : 00-1E-33-BC-87-64

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

 

Tunnel adapter Teredo Tunneling Pseudo-Interface:

 

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

 

Tunnel adapter isatap.{7B7635C8-DC47-44A7-B069-47BBCC3DAD51}:

 

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft ISATAP Adapter

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Server: dns.mia.bellsouth.net

Address: 205.152.144.23

 

Name: google.com

Addresses: 74.125.229.83

74.125.229.82

74.125.229.84

74.125.229.81

74.125.229.80

 

Server: dns.mia.bellsouth.net

Address: 205.152.144.23

 

Name: yahoo.com

Addresses: 67.195.160.76

69.147.125.65

72.30.2.43

98.137.149.56

209.191.122.70

 

 

Pinging google.com [74.125.229.52] with 32 bytes of data:

Reply from 74.125.229.52: bytes=32 time=43ms TTL=48

Reply from 74.125.229.52: bytes=32 time=14ms TTL=48

 

Ping statistics for 74.125.229.52:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 14ms, Maximum = 43ms, Average = 28ms

 

Pinging yahoo.com [98.137.149.56] with 32 bytes of data:

Reply from 98.137.149.56: bytes=32 time=170ms TTL=46

Reply from 98.137.149.56: bytes=32 time=101ms TTL=46

 

Ping statistics for 98.137.149.56:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 101ms, Maximum = 170ms, Average = 135ms

===========================================================================

Interface List

19...00 22 fa d7 36 bb ......Microsoft Virtual WiFi Miniport Adapter #2

18...00 22 fa d7 36 ba ......Intel® WiFi Link 5100 AGN

16...00 1e 33 bc 87 64 ......Realtek PCIe FE Family Controller

1...........................Software Loopback Interface 1

21...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface

23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter

===========================================================================

 

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination Netmask Gateway Interface Metric

0.0.0.0 0.0.0.0 10.4.0.1 10.4.31.95 40

10.4.0.0 255.255.0.0 On-link 10.4.31.95 296

10.4.31.95 255.255.255.255 On-link 10.4.31.95 296

10.4.255.255 255.255.255.255 On-link 10.4.31.95 296

127.0.0.0 255.0.0.0 On-link 127.0.0.1 306

127.0.0.1 255.255.255.255 On-link 127.0.0.1 306

127.255.255.255 255.255.255.255 On-link 127.0.0.1 306

224.0.0.0 240.0.0.0 On-link 127.0.0.1 306

224.0.0.0 240.0.0.0 On-link 10.4.31.95 296

255.255.255.255 255.255.255.255 On-link 127.0.0.1 306

255.255.255.255 255.255.255.255 On-link 10.4.31.95 296

===========================================================================

Persistent Routes:

None

 

IPv6 Route Table

===========================================================================

Active Routes:

If Metric Network Destination Gateway

1 306 ::1/128 On-link

18 296 fe80::/64 On-link

18 296 fe80::95cb:25f3:85bd:466/128

On-link

1 306 ff00::/8 On-link

18 296 ff00::/8 On-link

===========================================================================

Persistent Routes:

None

Link to comment
Share on other sites

I'm sorry but that's about all I know about connections problems. I'm confident that it's not a malware problem considering all the tests we've run and the few infections that we found. You should start a thread in another forum regarding this connection problem. We really should do some cleanup before you go.

 

To remove all of the tools we used and the files and folders they created do the following:

Double click OTL.exe.

  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

*************************************************

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

 

Double-click TFC.exe to run it.

 

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

 

TFC will close all programs when run, so make sure you have saved all your work before you begin.

 

* Click the Start button to begin the cleaning process.

* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.

* Please let TFC run uninterrupted until it is finished.

 

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...