here is page 6.
here is page 6.
Hi there, thanks for the log.
Are you behind a router? Do you know to whom does the 192.168.1.1 IP belong?
Please do the following:
ComboFix - CFScript
WARNING !
This script is for THIS user and computer ONLY!
Using this tool incorrectly could damage your Operating System... preventing it from starting again!
You will not have Internet access when you execute ComboFix. All open windows will need to be closed!
Please open Notepad and copy/paste all the text below... into the window:
Code:KILLALL:: DDS:: uInternet Settings,ProxyOverride = *.local
- Save it to your desktop as CFScript.txt
- Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
- Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:
This will cause ComboFix to run again.
Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
Do Not touch your computer when ComboFix is running!
When finished... Notepad will open ... ComboFix will produce a log file called "log.txt".- Please copy/paste the contents of log.txt... in your next reply. If you find any difficult to post the log again, I'd prefer you to try to upload it to Mediafire rather than uploading it as a pdf, as I can handle the information more easily by copying it in order to research.
** Enable your Antivirus and Firewall, before connecting to the Internet again! **
-- WTT Classroom Graduate --
-- ASAP Member --
-- UNITE Trained Eliminator --
192.168.1.1 comes up on our other computers as our ip address, via Verizon FIOS
ComboFix 11-08-19.02 - John 08/20/2011 13:13:47.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8174.6642 [GMT -4:00]
Running from: c:\users\John\Desktop\ComboFix.exe
Command switches used :: c:\users\John\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\John\AppData\Roaming\3904.ABD
.
.
((((((((((((((((((((((((( Files Created from 2011-07-20 to 2011-08-20 )))))))))))))))))))))))))))))))
.
.
2011-08-20 17:17 . 2011-08-20 17:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-13 22:44 . 2011-07-20 13:44 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{86FC9CF9-3ADA-47F7-9D4D-7467E612EFB1}\mpengine.dll
2011-08-07 11:58 . 2011-08-07 11:58 -------- d-----w- c:\users\John\AppData\Roaming\Avira
2011-08-07 03:09 . 2011-05-24 23:14 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-08-06 20:13 . 2011-08-13 22:40 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-08-06 20:13 . 2011-08-13 22:40 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-08-06 20:13 . 2011-08-06 20:13 -------- d-----w- c:\programdata\Avira
2011-08-06 20:13 . 2011-08-06 20:13 -------- d-----w- c:\program files (x86)\Avira
2011-07-31 15:12 . 2011-07-31 15:12 -------- d-----w- c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-07-31 14:36 . 2011-07-31 14:36 -------- d-----w- c:\users\John\AppData\Local\Solid State Networks
2011-07-31 13:56 . 2011-07-31 13:56 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-07-31 13:40 . 2011-07-31 13:40 -------- d-----w- c:\program files (x86)\Uniblue
2011-07-31 13:39 . 2011-07-31 13:39 -------- d-----w- c:\users\John\AppData\Local\PackageAware
2011-07-31 13:22 . 2011-07-31 13:22 -------- d-----w- c:\users\John\AppData\Local\Mozilla
2011-07-31 13:13 . 2011-07-31 13:13 -------- d-----w- c:\program files (x86)\WOT
2011-07-30 17:00 . 2011-07-30 17:00 -------- d-----w- c:\program files (x86)\ESET
2011-07-30 16:51 . 2011-07-30 16:51 -------- d-----w- c:\users\John\AppData\Roaming\Malwarebytes
2011-07-30 16:51 . 2011-07-30 16:51 -------- d-----w- c:\programdata\Malwarebytes
2011-07-30 16:51 . 2011-07-06 23:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-30 16:50 . 2011-07-30 16:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-30 16:50 . 2011-07-06 23:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-23 20:54 . 2011-07-23 20:56 -------- d-----w- c:\program files (x86)\SpywareBlaster
2011-07-23 20:54 . 2010-01-10 23:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2011-07-23 20:52 . 2011-07-27 21:42 -------- d-----w- c:\users\John\AppData\Roaming\Sammsoft
2011-07-23 20:52 . 2011-07-27 21:42 -------- d-----w- c:\program files (x86)\ARO 2011
2011-07-23 18:20 . 2011-07-23 18:20 -------- d-----w- C:\ERUNT
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-18 20:39 . 2011-05-17 01:43 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-06 12:05 . 2010-06-24 17:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-31 13:55 . 2011-01-20 02:15 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-07-23 20:37 . 2011-01-20 02:15 525544 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-18 12:26 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-07-18 12:26 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-07-16 04:26 . 2011-08-13 22:44 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-06-11 03:07 . 2011-07-14 11:59 3137536 ----a-w- c:\windows\system32\win32k.sys
2011-06-06 07:36 . 2011-02-10 20:28 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-05-24 11:42 . 2011-06-29 08:20 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:40 . 2011-06-29 08:20 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:40 . 2011-06-29 08:20 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:39 . 2011-06-29 08:20 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37 . 2011-06-29 08:20 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-17_21.33.20 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-08-17 16:10 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-08-19 22:06 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-08-17 16:10 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-08-19 22:06 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-08-19 22:06 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-08-17 16:10 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-20 02:39 . 2011-08-17 22:07 52316 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-08-17 22:07 33102 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-01-25 22:53 . 2011-08-17 22:07 12788 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1190624232-1164676516-3757976289-1000_UserData.bin
- 2011-01-25 22:34 . 2011-08-14 07:58 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-25 22:34 . 2011-08-19 23:39 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-25 22:34 . 2011-08-19 23:39 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-01-25 22:34 . 2011-08-14 07:58 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-08-14 07:58 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-08-19 23:39 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-20 17:18 . 2011-08-20 17:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-08-17 21:32 . 2011-08-17 21:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-20 17:18 . 2011-08-20 17:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-08-17 21:32 . 2011-08-17 21:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-08-18 20:39 . 2011-08-18 20:39 243360 c:\windows\SysWOW64\Macromed\Flash\FlashUtil10v_Plugin.exe
+ 2011-01-26 15:14 . 2011-08-20 16:48 357132 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 02:36 . 2011-08-14 16:14 626844 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-08-17 22:10 626844 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-08-17 22:10 107160 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-08-14 16:14 107160 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2011-08-20 17:17 425684 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-08-17 21:31 425684 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-07-31 14:47 . 2011-08-18 20:39 6277280 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
- 2011-01-25 23:11 . 2011-08-17 21:31 3346576 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-01-25 23:11 . 2011-08-20 17:17 3346576 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-01-30 14:48 . 2011-08-20 17:17 2600185 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1190624232-1164676516-3757976289-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-02-01 39408]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2009-02-03 237693]
"SPIRunE"="SPIRunE.dll" [2009-07-27 18432]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-17 98304]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-18 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2010-10-27 75048]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-09-04 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\oem\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-02 522736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"Memeo Backup Premium"="c:\program files (x86)\Memeo\AutoBackupPro\MemeoLauncher2.exe" [2010-07-28 136416]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-05-30 885760]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
.
c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\erunt\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/01/19 20:27;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-10-27 236016]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-01 136176]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-09-04 219632]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-01-20 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-01-20 79360]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-01 136176]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2010-07-30 25072]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-09-04 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe [2010-07-28 25824]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-06-17 434864]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_9EC60124
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-01 22:43]
.
2011-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-01 22:43]
.
2011-07-30 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]
.
2011-08-20 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-23 10920552]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-05-30 2055816]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.excite.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://sslvpn.tmhs.org/CACHE/stc/1/binaries/vpnweb.cab
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\1w28n1wy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.excite.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1190624232-1164676516-3757976289-1000\Software\SecuROM\License information*]
"datasecu"=hex:19,0b,5e,84,4c,64,31,ab,cd,93,b4,52,9c,45,69,80,05,df,a0,cf,79,
15,34,07,8f,de,b4,a5,f7,aa,f9,60,07,27,17,90,c8,73,69,35,6a,eb,11,53,32,09,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
.
**************************************************************************
.
Completion time: 2011-08-20 13:21:51 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-20 17:21
ComboFix2.txt 2011-08-17 21:35
.
Pre-Run: 904,862,298,112 bytes free
Post-Run: 905,846,497,280 bytes free
.
- - End Of File - - 90D9D4236706B1107E1328454B8D1A81
Notes:
The ComboFix program asked to be upgraded at the beginning of the scan so I agreed. Upon generation of the log, after it rebooted, I once again could not access any files. This time I saved the log before rebooting again, so I am learning.
Please also be aware that lately I have been getting messages upon reboot, the first one looks like this:
It goes on with a longer message about not being able to create a registry back up and then another message comes up asking something which I click no to.HTML Code:ERU For Windos NT Unable to create file C:\\Windows\ERDNT\AutoBackup\8-20-2011\FRDNT.INF
Thanks again for helping me with all of this!
Hello Samwise
I am now back from my trip away (many thanks to Blottedisk for helping out).
I am reviewing your logs and will reply back to you as soon as I can.
Proud Graduate of the WTT Classroom
Thank you Blottedisk!!!
Welcome back JonTom!
Hello Samwise
Okay, this is where we are at the moment.
I have checked through your recent logs and there does not appear to be anything obvious showing in terms of malware.
Can you tell me if you are receiving any popups or redirects?
How is the machine running besides the error messages you are receiving?
Please answer the above questions and provide the information requested below:
- Please download SystemLook by JPShortstuff
- Please download SystemLook by JPShortstuff by clicking here and save the file (called SystemLook.exe) to your desktop.
- Right click on SystemLook.exe and select "Run as Administrator" to run the program.
- Copy the content of the following codebox into the main textfield:
Code::dir c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42} /s
- Click the Look button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
- Note: The log can also be found on your Desktop entitled SystemLook.txt
When you ran system file checker a log may have been saved on your machine. I would like you to search for that log.
Please navigate to the following location and see if a log is present:
C:\Windows\Logs\CBS\CBS.log
If it is, please post it along with the SystemLook log and the answers to my questions
Proud Graduate of the WTT Classroom
I am not really using the computer, until I have your clearance....so I am not seeing a lot of problems. Will proceed with your instructions. So far, rebooting, etc. seems to be working fine (excepting the error message).
SystemLook 30.07.11 by jpshortstuff
Log created at 19:55 on 21/08/2011 by John
Administrator - Elevation successful
========== dir ==========
c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42} - Parameters: "/s"
---Files---
{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}.native.bitness.log --a---- 693 bytes [15:12 31/07/2011] [15:12 31/07/2011]
{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}.native.data.log --a---- 8655 bytes [15:12 31/07/2011] [15:12 31/07/2011]
{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}.native.elements.log --a---- 1367 bytes [15:12 31/07/2011] [15:12 31/07/2011]
{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}.native.weight.log --a---- 586 bytes [15:12 31/07/2011] [15:12 31/07/2011]
c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} d------ [15:12 31/07/2011]
-= EOF =-
Posting Permissions
