Jump to content

Kim's Quest For a SMooth Running Computer

Kimberlee
 Share

Recommended Posts

Kimberlee Community Regular

Kimberlee

Posted
Posted (edited)

So I recently used cobofix as a means to diagnose any problem with malware or problems with windows. The following is a log of the results.

 

ComboFix 11-11-08.02 - Jay 11/08/2011 1:24.1.2 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.8190.6225 [GMT -8:00]

Running from: c:\users\Jay\Desktop\ComboFix.exe

AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2011-10-08 to 2011-11-08 )))))))))))))))))))))))))))))))

.

.

2011-11-08 09:28 . 2011-11-08 09:28 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-11-08 08:49 . 2011-11-08 08:49 -------- d-----w- c:\program files (x86)\VideoLAN

2011-11-08 08:48 . 2011-11-08 08:54 -------- d-----w- C:\Hotspot Shield

2011-11-08 08:48 . 2011-11-08 08:48 -------- d-----w- c:\programdata\Babylon

2011-11-08 06:42 . 2011-11-08 06:42 -------- d-----w- c:\windows\OPTIONS

2011-11-08 06:42 . 2008-06-30 13:14 474112 ----a-r- c:\windows\system32\drivers\rtl8192u.sys

2011-11-08 06:42 . 2011-11-08 06:42 -------- d-----w- c:\windows\SysWow64\REALTEK RTL8192U Wireless LAN Driver and Utility

2011-11-08 06:42 . 2007-04-23 21:15 31016 ----a-w- c:\windows\system32\drivers\RtlProt.sys

2011-11-08 06:42 . 2011-11-08 06:42 -------- d-----w- c:\program files (x86)\REALTEK

2011-11-08 06:42 . 2011-11-08 06:03 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information

2011-11-08 06:40 . 2011-11-08 08:48 -------- d-----w- c:\users\Jay

2011-11-08 06:37 . 2011-11-08 06:39 -------- d-----w- c:\windows\Debug

2011-11-08 06:34 . 2011-11-08 06:36 -------- d-----w- c:\program files (x86)\Microsoft LifeCam

2011-11-08 06:18 . 2011-11-08 06:33 -------- d-----w- c:\windows\Panther

2011-11-08 06:07 . 2011-11-08 06:07 -------- d-----w- C:\Windows.old

2011-11-08 05:58 . 2011-11-08 05:58 -------- d-----w- c:\program files (x86)\Common Files\InstallShield

2011-11-08 05:52 . 2011-11-08 05:52 -------- d-----w- c:\program files (x86)\VS Revo Group

2011-11-08 05:46 . 2011-11-08 05:46 -------- d-----w- c:\program files\7-Zip

2011-11-08 05:05 . 2011-10-20 00:56 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2011-11-08 05:03 . 2011-10-20 00:56 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-11-08 05:01 . 2011-10-20 00:56 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-11-08 04:45 . 2011-11-08 04:45 -------- d-----w- c:\program files\CPUID

2011-11-08 04:45 . 2010-11-09 23:35 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x64.sys

2011-11-08 04:41 . 2011-11-08 04:41 -------- d-----w- c:\programdata\Avira

2011-11-08 04:40 . 2011-11-08 04:40 -------- d-----w- c:\program files (x86)\Avira

2011-11-08 04:35 . 2009-09-05 01:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll

2011-11-08 04:35 . 2009-09-05 01:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll

2011-11-08 04:34 . 2011-11-08 04:34 -------- d-----w- c:\windows\SysWow64\xlive

2011-11-08 04:34 . 2011-11-08 04:34 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE

2011-11-08 04:32 . 2011-11-08 04:32 -------- d-----w- c:\program files (x86)\Microsoft.NET

2011-11-08 04:07 . 2005-05-26 23:34 3767504 ----a-w- c:\windows\system32\d3dx9_26.dll

2011-11-08 04:07 . 2005-05-26 23:34 2297552 ----a-w- c:\windows\SysWow64\d3dx9_26.dll

2011-11-08 04:07 . 2011-11-08 06:40 -------- d-sh--w- c:\windows\Installer

2011-11-08 04:04 . 2011-11-08 04:04 270912 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2011-11-08 04:04 . 2011-11-08 04:04 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite

2011-11-08 04:04 . 2011-11-08 04:04 -------- d-----w- c:\programdata\DAEMON Tools Lite

2011-11-08 04:01 . 2011-11-08 04:01 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-08 04:01 . 2011-11-08 04:01 -------- d-----w- c:\windows\SysWow64\Macromed

2011-11-08 03:56 . 2011-11-08 03:56 -------- d-----w- c:\programdata\NVIDIA

2011-11-08 03:51 . 2008-07-09 11:02 422944 ----a-w- c:\windows\system32\nvcpl.cpl

2011-11-08 03:51 . 2008-07-09 11:02 1209888 ----a-w- c:\windows\system32\nvcplui.exe

2011-11-08 03:51 . 2008-07-09 11:02 1070112 ----a-w- c:\windows\system32\nvcpluir.dll

2011-11-08 03:51 . 2008-07-09 11:02 494592 ----a-w- c:\windows\system32\nvudisp.exe

2011-11-08 03:50 . 2008-07-09 23:59 494592 ----a-w- c:\windows\system32\NVUNINST.EXE

2011-11-07 21:12 . 2011-11-08 06:03 -------- d-----w- C:\Games

2011-11-01 05:45 . 2011-11-01 05:45 -------- d-----w- C:\Temp

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1555968]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-20 258512]

"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

2;2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [x]

S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-20 86224]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]

S2 Realtek92U;Realtek92U;c:\program files (x86)\REALTEK\8192U Wireless LAN Utility\RtlService.exe [2007-07-27 36864]

S3 RTL8192U;Realtek RTL8192u 802.11n Wireless LAN USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192u.sys [x]

.

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvSvc"="c:\windows\system32\nvsvc64.dll" [2008-07-09 580640]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-09 15850016]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-09 82464]

"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = %SystemRoot%\system32\blank.htm

TCP: DhcpNameServer = 192.168.0.1

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\i24uim93.default\

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll

HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\REALTEK\8192U Wireless LAN Utility\RtWlan.exe

.

**************************************************************************

.

Completion time: 2011-11-08 01:33:36 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-08 09:33

.

Pre-Run: 64,478,498,816 bytes free

Post-Run: 66,030,153,728 bytes free

.

- - End Of File - - B3C7683804F1FD2385460F36E2583965

 

I would appreciate someone smarter than I am with computers to give me some feedback if thats ok.

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 2:04:50 AM, on 11/8/2011

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Realtek92U - Realtek - C:\Program Files (x86)\REALTEK\8192U Wireless LAN Utility\RtlService.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 4447 bytes

 

 

The above is the results of HiJackThis. More data to sift through.

Edited by Kimberlee
Link to comment
Share on other sites
Kimberlee Community Regular

Kimberlee

Posted
  • Author
Posted

So I recently used cobofix as a means to diagnose any problem with malware or problems with windows. The following is a log of the results.

 

ComboFix 11-11-08.02 - Jay 11/08/2011 1:24.1.2 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.8190.6225 [GMT -8:00]

Running from: c:\users\Jay\Desktop\ComboFix.exe

AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2011-10-08 to 2011-11-08 )))))))))))))))))))))))))))))))

.

.

2011-11-08 09:28 . 2011-11-08 09:28 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-11-08 08:49 . 2011-11-08 08:49 -------- d-----w- c:\program files (x86)\VideoLAN

2011-11-08 08:48 . 2011-11-08 08:54 -------- d-----w- C:\Hotspot Shield

2011-11-08 08:48 . 2011-11-08 08:48 -------- d-----w- c:\programdata\Babylon

2011-11-08 06:42 . 2011-11-08 06:42 -------- d-----w- c:\windows\OPTIONS

2011-11-08 06:42 . 2008-06-30 13:14 474112 ----a-r- c:\windows\system32\drivers\rtl8192u.sys

2011-11-08 06:42 . 2011-11-08 06:42 -------- d-----w- c:\windows\SysWow64\REALTEK RTL8192U Wireless LAN Driver and Utility

2011-11-08 06:42 . 2007-04-23 21:15 31016 ----a-w- c:\windows\system32\drivers\RtlProt.sys

2011-11-08 06:42 . 2011-11-08 06:42 -------- d-----w- c:\program files (x86)\REALTEK

2011-11-08 06:42 . 2011-11-08 06:03 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information

2011-11-08 06:40 . 2011-11-08 08:48 -------- d-----w- c:\users\Jay

2011-11-08 06:37 . 2011-11-08 06:39 -------- d-----w- c:\windows\Debug

2011-11-08 06:34 . 2011-11-08 06:36 -------- d-----w- c:\program files (x86)\Microsoft LifeCam

2011-11-08 06:18 . 2011-11-08 06:33 -------- d-----w- c:\windows\Panther

2011-11-08 06:07 . 2011-11-08 06:07 -------- d-----w- C:\Windows.old

2011-11-08 05:58 . 2011-11-08 05:58 -------- d-----w- c:\program files (x86)\Common Files\InstallShield

2011-11-08 05:52 . 2011-11-08 05:52 -------- d-----w- c:\program files (x86)\VS Revo Group

2011-11-08 05:46 . 2011-11-08 05:46 -------- d-----w- c:\program files\7-Zip

2011-11-08 05:05 . 2011-10-20 00:56 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2011-11-08 05:03 . 2011-10-20 00:56 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-11-08 05:01 . 2011-10-20 00:56 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-11-08 04:45 . 2011-11-08 04:45 -------- d-----w- c:\program files\CPUID

2011-11-08 04:45 . 2010-11-09 23:35 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x64.sys

2011-11-08 04:41 . 2011-11-08 04:41 -------- d-----w- c:\programdata\Avira

2011-11-08 04:40 . 2011-11-08 04:40 -------- d-----w- c:\program files (x86)\Avira

2011-11-08 04:35 . 2009-09-05 01:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll

2011-11-08 04:35 . 2009-09-05 01:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll

2011-11-08 04:34 . 2011-11-08 04:34 -------- d-----w- c:\windows\SysWow64\xlive

2011-11-08 04:34 . 2011-11-08 04:34 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE

2011-11-08 04:32 . 2011-11-08 04:32 -------- d-----w- c:\program files (x86)\Microsoft.NET

2011-11-08 04:07 . 2005-05-26 23:34 3767504 ----a-w- c:\windows\system32\d3dx9_26.dll

2011-11-08 04:07 . 2005-05-26 23:34 2297552 ----a-w- c:\windows\SysWow64\d3dx9_26.dll

2011-11-08 04:07 . 2011-11-08 06:40 -------- d-sh--w- c:\windows\Installer

2011-11-08 04:04 . 2011-11-08 04:04 270912 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2011-11-08 04:04 . 2011-11-08 04:04 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite

2011-11-08 04:04 . 2011-11-08 04:04 -------- d-----w- c:\programdata\DAEMON Tools Lite

2011-11-08 04:01 . 2011-11-08 04:01 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-08 04:01 . 2011-11-08 04:01 -------- d-----w- c:\windows\SysWow64\Macromed

2011-11-08 03:56 . 2011-11-08 03:56 -------- d-----w- c:\programdata\NVIDIA

2011-11-08 03:51 . 2008-07-09 11:02 422944 ----a-w- c:\windows\system32\nvcpl.cpl

2011-11-08 03:51 . 2008-07-09 11:02 1209888 ----a-w- c:\windows\system32\nvcplui.exe

2011-11-08 03:51 . 2008-07-09 11:02 1070112 ----a-w- c:\windows\system32\nvcpluir.dll

2011-11-08 03:51 . 2008-07-09 11:02 494592 ----a-w- c:\windows\system32\nvudisp.exe

2011-11-08 03:50 . 2008-07-09 23:59 494592 ----a-w- c:\windows\system32\NVUNINST.EXE

2011-11-07 21:12 . 2011-11-08 06:03 -------- d-----w- C:\Games

2011-11-01 05:45 . 2011-11-01 05:45 -------- d-----w- C:\Temp

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1555968]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-20 258512]

"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

2;2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [x]

S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-20 86224]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]

S2 Realtek92U;Realtek92U;c:\program files (x86)\REALTEK\8192U Wireless LAN Utility\RtlService.exe [2007-07-27 36864]

S3 RTL8192U;Realtek RTL8192u 802.11n Wireless LAN USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192u.sys [x]

.

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvSvc"="c:\windows\system32\nvsvc64.dll" [2008-07-09 580640]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-09 15850016]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-09 82464]

"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = %SystemRoot%\system32\blank.htm

TCP: DhcpNameServer = 192.168.0.1

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\i24uim93.default\

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll

HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\REALTEK\8192U Wireless LAN Utility\RtWlan.exe

.

**************************************************************************

.

Completion time: 2011-11-08 01:33:36 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-08 09:33

.

Pre-Run: 64,478,498,816 bytes free

Post-Run: 66,030,153,728 bytes free

.

- - End Of File - - B3C7683804F1FD2385460F36E2583965

 

I would appreciate someone smarter than I am with computers to give me some feedback if thats ok.

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 2:04:50 AM, on 11/8/2011

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Realtek92U - Realtek - C:\Program Files (x86)\REALTEK\8192U Wireless LAN Utility\RtlService.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 4447 bytes

 

 

The above is the results of HiJackThis. More data to sift through.

 

 

 

This is the very LATEST Hijackthis scan -

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 1:50:52 AM, on 11/9/2011

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\vVX1000.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Realtek92U - Realtek - C:\Program Files (x86)\REALTEK\8192U Wireless LAN Utility\RtlService.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 4810 bytes

Link to comment
Share on other sites
Kimberlee Community Regular

Kimberlee

Posted
  • Author
Posted

Fallout3.esm

Anchorage.esm

ThePitt.esm

BrokenSteel.esm

PointLookout.esm

Zeta.esm

CALIBR.esm

CRAFT.esm

xCALIBR.esm

xCALIBRuniverse.esm

Arwen_Core.esm

Arwen_Realism_Core.esp

Arwen_Med-Tec.esp

Fellout-Full.esp

Fellout-BrokenSteel.esp

Fellout-Anchorage.esp

Fellout-Zeta.esp

Fellout-PointLookout.esp

Fellout-pipboylight.esp

DarNifiedUIF3.esp

AlternateStart.esp

xCALIBRuniverse.esp

 

Total active plugins: 22

Total plugins: 23

 

My current load order...

Link to comment
Share on other sites
MotoSxorpio Grand Master

MotoSxorpio

Posted
Posted

Fallout3.esm

Anchorage.esm

ThePitt.esm

BrokenSteel.esm

PointLookout.esm

Zeta.esm

CALIBR.esm

CRAFT.esm

xCALIBR.esm

xCALIBRuniverse.esm

 

DarNifiedUIF3.esp

AlternateStart.esp

 

Arwen_Core.esm

Arwen_Realism_Core.esp

Arwen_Med-Tec.esp

Fellout-Full.esp

Fellout-BrokenSteel.esp

Fellout-Anchorage.esp

Fellout-Zeta.esp

Fellout-PointLookout.esp

Fellout-pipboylight.esp

 

xCALIBRuniverse.esp

 

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...