Jump to content

tonyb983

Members
 View Profile  See their activity

  • Posts

    4

  • Joined

  • Last visited

 Content Type 

Everything posted by tonyb983

  1. tonyb983
    Everything seems to be working ok, should I be good? Is there anything I can do to my boss's computer to stop this from happening in the future?
  2. tonyb983
    ComboFix 12-08-20.02 - Mike Brigham 08/21/2012 12:14:03.1.4 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2743.1777 [GMT -4:00] Running from: c:\users\Mike Brigham\Desktop\ComboFix.exe AV: ZoneAlarm Security Suite Antivirus *Enabled/Updated* {E9467272-859A-F159-FA9E-55E7E32D7A25} FW: ZoneAlarm Security Suite Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: ZoneAlarm Security Suite Anti-Spyware *Enabled/Updated* {52279396-A3A0-FED7-C02E-6E9598AA3098} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Mike Brigham\Desktop\Internet Explorer.lnk c:\windows\expl.dat c:\windows\system32\drivers\npf.sys c:\windows\system32\svch.dat c:\windows\system32\winl.dat . Infected copy of c:\windows\system32\winlogon.exe was found and disinfected Restored copy from - c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe . c:\windows\system32\svchost.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot . Infected copy of c:\windows\explorer.exe was found and disinfected Restored copy from - c:\combofix\HarddiskVolumeShadowCopy8_!Windows!winsxs!x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373!explorer.exe . Infected copy of c:\windows\system32\svchost.exe was found and disinfected Restored copy from - c:\combofix\HarddiskVolumeShadowCopy7_!Windows!System32!svchost.exe Infected copy of c:\windows\system32\winlogon.exe was found and disinfected Restored copy from - c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe Infected copy of c:\windows\explorer.exe was found and disinfected Restored copy from - c:\combofix\HarddiskVolumeShadowCopy8_!Windows!winsxs!x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373!explorer.exe . ((((((((((((((((((((((((( Files Created from 2012-07-21 to 2012-08-21 ))))))))))))))))))))))))))))))) . . 2012-08-21 16:20 . 2012-08-21 16:20 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-21 14:46 . 2012-08-21 14:46 -------- d-----w- c:\users\Mike Brigham\AppData\Roaming\Malwarebytes 2012-08-21 14:46 . 2012-08-21 14:46 -------- d-----w- c:\programdata\Malwarebytes 2012-08-21 14:46 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-21 14:46 . 2012-08-21 14:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-08-20 20:01 . 2012-06-22 15:39 70768 ----a-w- c:\windows\system32\drivers\PCTBD.sys 2012-08-20 20:01 . 2012-06-22 15:38 767960 ----a-w- c:\windows\BDTSupport.dll 2012-08-20 19:57 . 2012-06-22 19:34 203120 ----a-w- c:\windows\system32\drivers\PCTSD.sys 2012-08-20 19:56 . 2012-08-20 20:01 -------- d-----w- c:\programdata\PC Tools 2012-08-20 19:56 . 2012-08-20 19:56 -------- d-----w- c:\users\Mike Brigham\AppData\Roaming\TestApp 2012-08-16 07:02 . 2012-07-06 19:23 393728 ----a-w- c:\windows\system32\drivers\bthport.sys 2012-08-15 13:19 . 2012-07-18 17:47 2345984 ----a-w- c:\windows\system32\win32k.sys 2012-08-15 13:19 . 2012-05-05 07:46 400896 ----a-w- c:\windows\system32\srcore.dll 2012-08-15 13:19 . 2012-02-11 05:43 492032 ----a-w- c:\windows\system32\win32spl.dll 2012-08-15 13:19 . 2012-02-11 05:37 317440 ----a-w- c:\windows\system32\spoolsv.exe 2012-08-15 13:19 . 2012-07-04 21:14 41984 ----a-w- c:\windows\system32\browcli.dll 2012-08-15 13:19 . 2012-07-04 21:14 102912 ----a-w- c:\windows\system32\browser.dll 2012-08-15 13:19 . 2012-05-14 04:33 769024 ----a-w- c:\windows\system32\localspl.dll 2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-15 13:27 . 2012-05-19 15:53 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-15 13:27 . 2011-07-21 03:03 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-22 14:43 . 2012-08-20 20:01 3488 ----a-w- c:\windows\UDB.zip 2012-06-22 14:43 . 2012-08-20 20:01 131 ----a-w- c:\windows\IDB.zip 2012-06-07 00:59 . 2012-06-07 00:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX 2012-06-06 05:05 . 2012-07-11 12:43 1390080 ----a-w- c:\windows\system32\msxml6.dll 2012-06-06 05:05 . 2012-07-11 12:43 1236992 ----a-w- c:\windows\system32\msxml3.dll 2012-06-06 05:03 . 2012-07-11 12:43 805376 ----a-w- c:\windows\system32\cdosys.dll 2012-06-02 22:19 . 2012-06-25 12:58 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-25 12:58 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-25 12:58 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-25 12:58 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:19 . 2012-06-25 12:58 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:12 . 2012-06-25 12:58 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12 . 2012-06-25 12:58 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 19:19 . 2012-06-25 12:58 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 19:12 . 2012-06-25 12:58 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 04:45 . 2012-07-11 12:43 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-06-02 04:45 . 2012-07-11 12:43 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-06-02 04:40 . 2012-07-11 12:43 369336 ----a-w- c:\windows\system32\drivers\cng.sys 2012-06-02 04:40 . 2012-07-11 12:43 225280 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 04:39 . 2012-07-11 12:43 219136 ----a-w- c:\windows\system32\ncrypt.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2010-05-20 206336] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-10-26 73360] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-05-20 421888] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "DBRMTray"="c:\dell\DBRM\Reminder\TrayApp.exe" [2010-02-04 7168] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli DPPWDFLT . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk backup=c:\windows\pss\Bluetooth.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2012-07-27 20:51 35768 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI] 2010-12-31 03:08 5249024 ----a-w- c:\program files\Dell\DW WLAN Card\WLTRAY.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2009-07-14 01:14 8704 ----a-w- c:\windows\System32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DBRMTray] 2010-05-20 14:39 206336 ----a-w- c:\dell\DBRM\Reminder\DbrmTrayicon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central] 2009-06-24 22:21 409744 ------w- c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DpAgent] 2009-05-12 23:50 842816 ----a-w- c:\program files\DigitalPersona\Bin\DpAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeFallProtection] 2010-10-01 15:48 727664 ----a-w- c:\program files\STMicroelectronics\AccelerometerP11\FF_Protection.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2010-08-26 09:15 171032 ----a-w- c:\windows\System32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2010-08-26 09:15 136216 ----a-w- c:\windows\System32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2010-05-24 23:19 13838952 ----a-w- c:\windows\System32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2010-08-26 09:15 170520 ----a-w- c:\windows\System32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickSet] 2010-01-15 16:26 3873648 ----a-w- c:\program files\Dell\QuickSet\quickset.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] 2010-01-08 02:45 1602856 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp] 2010-04-07 10:35 495708 ----a-w- c:\program files\IDT\WDM\sttray.exe . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] R3 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [x] R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [x] R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD.sys [x] R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools\PC Tools Security\pctsAuxs.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] R3 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [x] S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [x] S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [x] S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x] S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x] S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x] S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [x] S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [x] S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [x] S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [x] S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [x] S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [x] S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [x] S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Contents of the 'Scheduled Tasks' folder . 2012-08-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-19 13:27] . 2012-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3418139999-3408910341-3212262846-1000Core.job - c:\users\Mike Brigham\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-20 19:07] . 2012-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3418139999-3408910341-3212262846-1000UA.job - c:\users\Mike Brigham\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-20 19:07] . . ------- Supplementary Scan ------- . uStart Page = hxxp://builtup.net/ IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll Trusted Zone: aol.com\television Trusted Zone: aol.com\tvlistings TCP: DhcpNameServer = 192.168.3.1 . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{3ce45c4f-bfff-4988-9a3c-a75c1f491319} - (no file) Toolbar-Locked - (no file) WebBrowser-{3CE45C4F-BFFF-4988-9A3C-A75C1F491319} - (no file) HKCU-Run-Ytsxvyp - c:\users\Mike Brigham\AppData\Roaming\wshrmw.exe HKCU-Run-WRYX - c:\users\Mike Brigham\AppData\Roaming\query3.exe HKCU-Run-Jkemjlnqe - c:\users\Mike Brigham\AppData\Roaming\perfi009X.exe HKLM-Run-ISW - (no file) AddRemove-RealAudio Player 5.0 - c:\windows\RAUNINST.exe Software\Progressive Networks\RealAudio Player\5.0 . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8, 89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b "{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}"=hex:51,66,7a,6c,4c,1d,38,12,8b,c7,39, ea,82,fe,a8,0b,f7,bf,ff,e1,a6,74,f5,13 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{1CA1377B-DC1D-4A52-9585-6E06050FAC53}"=hex:51,66,7a,6c,4c,1d,38,12,15,34,b2, 18,2f,92,3c,0f,ea,93,2d,46,00,51,e8,47 "{395610AE-C624-4F58-B89E-23733EA00F9A}"=hex:51,66,7a,6c,4c,1d,38,12,c0,13,45, 3d,16,88,36,0a,c7,88,60,33,3b,fe,4b,8e "{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63, 57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57 "{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}"=hex:51,66,7a,6c,4c,1d,38,12,ac,35,59, 8e,07,4b,42,08,c2,2b,0a,2c,b2,b0,92,f7 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd, d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17 "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:6b,7c,3e,b6,08,7f,cd,01 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2f,47,d8,9f,7e,e8,05,45,95,5a,e2,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2f,47,d8,9f,7e,e8,05,45,95,5a,e2,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(708) c:\windows\system32\DPPWDFLT.DLL . - - - - - - - > 'Explorer.exe'(976) c:\program files\CheckPoint\ZoneAlarm\MailFrontier\mlfhook.dll c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvvsvc.exe c:\windows\system32\nvvsvc.exe c:\windows\system32\WLANExt.exe c:\windows\system32\conhost.exe c:\windows\system32\taskhost.exe c:\windows\system32\WUDFHost.exe c:\windows\system32\conhost.exe c:\windows\system32\sppsvc.exe c:\\?\c:\windows\system32\wbem\WMIADAP.EXE . ************************************************************************** . Completion time: 2012-08-21 12:28:57 - machine was rebooted ComboFix-quarantined-files.txt 2012-08-21 16:28 . Pre-Run: 439,008,223,232 bytes free Post-Run: 439,168,409,600 bytes free . - - End Of File - - 530B14317882DEFAFCF7EC451188185B
  3. tonyb983
    Thanks for the quick reply, here's what I got: --------------------- MBAM LOG --------------------- Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.21.08 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Mike Brigham :: MIKEBRIGHAM-PC [administrator] 8/21/2012 11:42:59 AM mbam-log-2012-08-21 (11-42-59).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 194329 Time elapsed: 11 minute(s), 14 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ------------------ aswMBR ------------------ aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-08-21 11:56:15 ----------------------------- 11:56:15.043 OS Version: Windows 6.1.7601 Service Pack 1 11:56:15.043 Number of processors: 4 586 0x2505 11:56:15.043 ComputerName: MIKEBRIGHAM-PC UserName: Mike Brigham 11:56:16.541 Initialize success 11:57:15.281 AVAST engine download error: 0 11:57:26.373 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 11:57:26.373 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3 11:57:26.388 Disk 0 MBR read successfully 11:57:26.404 Disk 0 MBR scan 11:57:26.404 Disk 0 Windows VISTA default MBR code 11:57:26.404 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63 11:57:26.419 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920 11:57:26.435 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461899 MB offset 30801920 11:57:26.451 Disk 0 scanning sectors +976771120 11:57:26.513 Disk 0 scanning C:\Windows\system32\drivers 11:57:31.942 Service scanning 11:57:43.689 Modules scanning 11:57:52.050 Disk 0 trace - called modules: 11:57:52.066 ntkrnlpa.exe CLASSPNP.SYS disk.sys stdcfltn.sys PCTCore.sys ACPI.sys halmacpi.dll iaStor.sys 11:57:52.066 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88674488] 11:57:52.066 3 CLASSPNP.SYS[8bf7e59e] -> nt!IofCallDriver -> [0x88674b28] 11:57:52.081 5 stdcfltn.sys[8b9f6896] -> nt!IofCallDriver -> [0x88674020] 11:57:52.081 7 PCTCore.sys[8b27c82d] -> nt!IofCallDriver -> [0x86aaa908] 11:57:52.081 9 ACPI.sys[8ae8f3d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86a48028] 11:57:52.097 Scan finished successfully 11:58:19.896 Disk 0 MBR has been saved successfully to "E:\logs\2\MBR.dat" 11:58:19.896 The log file has been saved successfully to "E:\logs\2\aswMBR.txt" --------------------- dds.txt --------------------- . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 Run by Mike Brigham at 11:58:39 on 2012-08-21 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2743.1759 [GMT -4:00] . AV: ZoneAlarm Security Suite Antivirus *Enabled/Updated* {E9467272-859A-F159-FA9E-55E7E32D7A25} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: ZoneAlarm Security Suite Anti-Spyware *Enabled/Updated* {52279396-A3A0-FED7-C02E-6E9598AA3098} FW: ZoneAlarm Security Suite Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Microsoft\BingBar\SeaPort.EXE C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Program Files\CheckPoint\ZAForceField\ForceField.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\dell\DBRM\Reminder\DbrmTrayicon.exe C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\mantispm.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\WUDFHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://builtup.net/ uURLSearchHooks: H - No File uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\client server security agent\bho\1009\TmIEPlg.dll BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll BHO: DigitalPersona Fingerprint Software Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - c:\program files\digitalpersona\bin\DpOtsPluginIe8.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll" BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll" TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File TB: {3CE45C4F-BFFF-4988-9A3C-A75C1F491319} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Ytsxvyp] c:\users\mike brigham\appdata\roaming\wshrmw.exe uRun: [WRYX] c:\users\mike brigham\appdata\roaming\query3.exe uRun: [Jkemjlnqe] c:\users\mike brigham\appdata\roaming\perfi009X.exe uRun: [Google Update] "c:\users\mike brigham\appdata\local\google\update\GoogleUpdate.exe" /c mRun: [DBRMTray] c:\dell\dbrm\reminder\DbrmTrayIcon.exe mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [iSW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRunOnce: [DBRMTray] c:\dell\dbrm\reminder\TrayApp.exe uPolicies-explorer: HideSCAHealth = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll Trusted Zone: aol.com\television Trusted Zone: aol.com\tvlistings DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.3.1 TCP: Interfaces\{46F318D8-E9F2-4438-8DA0-3C412C1027D2} : DhcpNameServer = 192.168.3.1 TCP: Interfaces\{46F318D8-E9F2-4438-8DA0-3C412C1027D2}\245796C647025507 : DhcpNameServer = 192.168.0.1 68.87.73.246 68.87.71.230 TCP: Interfaces\{46F318D8-E9F2-4438-8DA0-3C412C1027D2}\C696E6B6379737 : DhcpNameServer = 75.75.75.75 75.75.76.76 Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - Notify: igfxcui - igfxdev.dll LSA: Notification Packages = scecli DPPWDFLT Hosts: 127.0.0.1 www.spywareinfo.com . ============= SERVICES / DRIVERS =============== . R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2012-8-20 383368] R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2012-8-20 342168] R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2012-8-20 909728] R0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\drivers\stdcfltn.sys [2010-12-30 17648] R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-10-14 11352] R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2012-8-20 203120] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960] R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648] R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools\pc tools security\bdt\BDTUpdateService.exe [2012-8-20 575448] R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-7-25 27016] R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-7-25 493184] R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-11-25 47104] R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-11-25 49152] R2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-11-25 38400] R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2010-12-30 43888] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-12-30 143968] R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-11-25 125696] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-12-31 105576] R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [2012-8-20 70768] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-11-25 277536] S2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-10-26 1153368] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-19 250056] S3 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_f39a6924a795ad94\AEstSrv.exe [2010-11-25 81920] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-12-30 29472] S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2010-12-30 134144] S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2009-7-13 45568] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools\pc tools security\pctsAuxs.exe [2012-8-20 402368] S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools\pc tools security\pctsSvc.exe [2012-8-20 1118680] S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 45568] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-1 52224] S3 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2010-12-30 2320920] S3 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-6-3 1664304] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-2-4 1343400] . =============== Created Last 30 ================ . 2012-08-21 14:46:20 -------- d-----w- c:\users\mike brigham\appdata\roaming\Malwarebytes 2012-08-21 14:46:04 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-21 14:46:04 -------- d-----w- c:\programdata\Malwarebytes 2012-08-21 14:46:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-08-20 20:01:49 767960 ----a-w- c:\windows\BDTSupport.dll 2012-08-20 20:01:49 70768 ----a-w- c:\windows\system32\drivers\PCTBD.sys 2012-08-20 20:01:48 2267096 ----a-w- c:\windows\PCTBDCore.dll 2012-08-20 20:01:48 1689560 ----a-w- c:\windows\PCTBDRes.dll 2012-08-20 20:01:48 149464 ----a-w- c:\windows\SGDetectionTool.dll 2012-08-20 20:01:13 254944 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2012-08-20 20:01:13 107896 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys 2012-08-20 20:01:07 17880 ----a-w- c:\windows\system32\drivers\pctBTFix.sys 2012-08-20 20:01:03 70568 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2012-08-20 20:00:55 -------- d-----w- c:\program files\PC Tools 2012-08-20 19:57:09 909728 ----a-w- c:\windows\system32\drivers\pctEFA.sys 2012-08-20 19:57:09 342168 ----a-w- c:\windows\system32\drivers\pctDS.sys 2012-08-20 19:57:07 383368 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2012-08-20 19:57:07 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2012-08-20 19:57:05 203120 ----a-w- c:\windows\system32\drivers\PCTSD.sys 2012-08-20 19:57:05 -------- d-----w- c:\program files\common files\PC Tools 2012-08-20 19:56:50 -------- d-----w- c:\users\mike brigham\appdata\roaming\TestApp 2012-08-20 19:56:50 -------- d-----w- c:\programdata\PC Tools 2012-08-16 07:02:33 393728 ----a-w- c:\windows\system32\drivers\bthport.sys 2012-08-15 13:19:28 2345984 ----a-w- c:\windows\system32\win32k.sys 2012-08-15 13:19:27 400896 ----a-w- c:\windows\system32\srcore.dll 2012-08-15 13:19:16 492032 ----a-w- c:\windows\system32\win32spl.dll 2012-08-15 13:19:16 317440 ----a-w- c:\windows\system32\spoolsv.exe 2012-08-15 13:19:12 41984 ----a-w- c:\windows\system32\browcli.dll 2012-08-15 13:19:12 102912 ----a-w- c:\windows\system32\browser.dll 2012-08-15 13:19:10 769024 ----a-w- c:\windows\system32\localspl.dll 2012-07-27 20:51:30 184248 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll . ==================== Find3M ==================== . 2012-08-15 13:27:25 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-15 13:27:25 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-07 00:59:42 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX 2012-06-06 05:05:52 1390080 ----a-w- c:\windows\system32\msxml6.dll 2012-06-06 05:05:52 1236992 ----a-w- c:\windows\system32\msxml3.dll 2012-06-06 05:03:06 805376 ----a-w- c:\windows\system32\cdosys.dll 2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 19:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 19:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 04:45:04 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-06-02 04:45:03 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-06-02 04:40:59 369336 ----a-w- c:\windows\system32\drivers\cng.sys 2012-06-02 04:40:39 225280 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- c:\windows\system32\ncrypt.dll . ============= FINISH: 11:59:56.18 =============== ---------------------- attach.txt ---------------------- . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume2 Install Date: 2/3/2011 11:25:25 AM System Uptime: 8/21/2012 11:38:06 AM (0 hours ago) . Motherboard: Dell Inc. | | 07VWR8 Processor: Intel® Core i5 CPU M 560 @ 2.67GHz | CPU 1 | 2661/533mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 451 GiB total, 409.167 GiB free. D: is CDROM (UDF) E: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP123: 7/10/2012 10:01:52 AM - Scheduled Checkpoint RP124: 7/12/2012 3:00:50 AM - Windows Update RP125: 7/19/2012 9:54:14 AM - Scheduled Checkpoint RP126: 7/26/2012 10:09:16 AM - Scheduled Checkpoint RP127: 8/3/2012 9:47:44 AM - Scheduled Checkpoint RP128: 8/11/2012 2:48:30 PM - Scheduled Checkpoint RP129: 8/16/2012 3:00:33 AM - Windows Update RP130: 8/20/2012 3:08:58 PM - Windows Modules Installer . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) AccelerometerP11 Adobe AIR Adobe Download Manager Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.4) Advanced Audio FX Engine Apple Application Support Apple Software Update Bing Bar Browser Guard 4.0 Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Dell Backup and Recovery Manager Dell Edoc Viewer Dell Touchpad Dell Webcam Central DigitalPersona Personal 4.01 DW WLAN Card Utility Garmin HomePort Garmin USB Drivers Google Chrome Intel® Management Engine Components Java Auto Updater Java 6 Update 31 Junk Mail filter update Live! Cam Avatar Creator Malwarebytes Anti-Malware version 1.62.0.1300 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office 2010 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Standard 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MSVCRT Netscape Communicator 4.51 NVIDIA Drivers PC Tools Spyware Doctor 9.0 QuickSet32 QuickTime RealPlayer 5.0 Roxio Creator Audio Roxio Creator Copy Roxio Creator Data Roxio Creator DE 10.3 Roxio Creator Tools Roxio Express Labeler 3 Roxio Update Manager Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Spybot - Search & Destroy Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687400) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Validity Sensors DDK VC 9.0 Runtime WIDCOMM Bluetooth Software Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Upload Tool Windows Live Writer ZoneAlarm Antivirus ZoneAlarm Firewall ZoneAlarm Internet Security Suite ZoneAlarm Security ZoneAlarm Toolbar . ==== Event Viewer Messages From Past Week ======== . 8/21/2012 9:05:21 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer BUILT-UP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{46F318D8-E9F2-4438-8DA0-3C412C102. The master browser is stopping or an election is being forced. 8/21/2012 11:38:34 AM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed. 8/21/2012 11:20:21 AM, Error: PCTCore [280] - 8/21/2012 10:44:25 AM, Error: Service Control Manager [7034] - The TrueVector Internet Monitor service terminated unexpectedly. It has done this 1 time(s). 8/20/2012 9:39:49 AM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 8/19/2012 1:58:42 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10. 8/16/2012 3:23:48 AM, Error: Service Control Manager [7023] - The Diagnostic Service Host service terminated with the following error: The requested control is not valid for this service. 8/15/2012 9:54:14 PM, Error: Service Control Manager [7022] - The Diagnostic Service Host service hung on starting. . ==== End Of File ===========================
  4. tonyb983
    As the title states, whenever my boss uses his laptop to google something, the results end up redirecting to spam sites. I've tried everything I've found online and am getting pretty desperate. Already ran MBAM, found one minor problem that I believe to be unrelated, but it has been fixed. Here is the MBAM log: ============ mbam-log-2012-08-21 (10-58-15).txt ============== Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.21.08 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Mike Brigham :: MIKEBRIGHAM-PC [administrator] 8/21/2012 10:58:15 AM mbam-log-2012-08-21 (10-58-15).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 193905 Time elapsed: 12 minute(s), 16 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\Mike Brigham\Desktop\.url (Malware.Trace) -> Quarantined and deleted successfully. (end) ================= dds.txt ============================ . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 Run by Mike Brigham at 11:20:50 on 2012-08-21 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2743.1513 [GMT -4:00] . AV: ZoneAlarm Security Suite Antivirus *Enabled/Updated* {E9467272-859A-F159-FA9E-55E7E32D7A25} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: ZoneAlarm Security Suite Anti-Spyware *Enabled/Updated* {52279396-A3A0-FED7-C02E-6E9598AA3098} FW: ZoneAlarm Security Suite Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Microsoft\BingBar\SeaPort.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\CheckPoint\ZAForceField\ForceField.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\dell\DBRM\Reminder\DbrmTrayicon.exe C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\mantispm.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe C:\Windows\system32\taskhost.exe C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe C:\Windows\notepad.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://builtup.net/ uURLSearchHooks: H - No File uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\client server security agent\bho\1009\TmIEPlg.dll BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll BHO: DigitalPersona Fingerprint Software Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - c:\program files\digitalpersona\bin\DpOtsPluginIe8.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll" BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll" TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File TB: {3CE45C4F-BFFF-4988-9A3C-A75C1F491319} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Ytsxvyp] c:\users\mike brigham\appdata\roaming\wshrmw.exe uRun: [WRYX] c:\users\mike brigham\appdata\roaming\query3.exe uRun: [Jkemjlnqe] c:\users\mike brigham\appdata\roaming\perfi009X.exe uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [Google Update] "c:\users\mike brigham\appdata\local\google\update\GoogleUpdate.exe" /c mRun: [DBRMTray] c:\dell\dbrm\reminder\DbrmTrayIcon.exe mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [iSW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRunOnce: [DBRMTray] c:\dell\dbrm\reminder\TrayApp.exe mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent uPolicies-explorer: HideSCAHealth = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll Trusted Zone: aol.com\television Trusted Zone: aol.com\tvlistings DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.3.1 TCP: Interfaces\{46F318D8-E9F2-4438-8DA0-3C412C1027D2} : DhcpNameServer = 192.168.3.1 TCP: Interfaces\{46F318D8-E9F2-4438-8DA0-3C412C1027D2}\245796C647025507 : DhcpNameServer = 192.168.0.1 68.87.73.246 68.87.71.230 TCP: Interfaces\{46F318D8-E9F2-4438-8DA0-3C412C1027D2}\C696E6B6379737 : DhcpNameServer = 75.75.75.75 75.75.76.76 Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - Notify: igfxcui - igfxdev.dll LSA: Notification Packages = scecli DPPWDFLT Hosts: 127.0.0.1 www.spywareinfo.com . ============= SERVICES / DRIVERS =============== . R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2012-8-20 383368] R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2012-8-20 342168] R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2012-8-20 909728] R0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\drivers\stdcfltn.sys [2010-12-30 17648] R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-10-14 11352] R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2012-8-20 203120] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960] R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648] R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools\pc tools security\bdt\BDTUpdateService.exe [2012-8-20 575448] R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-7-25 27016] R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-7-25 493184] R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-11-25 47104] R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-11-25 49152] R2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-11-25 38400] R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2010-12-30 43888] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-12-30 143968] R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-11-25 125696] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-12-31 105576] R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [2012-8-20 70768] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-11-25 277536] S2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-10-26 1153368] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-19 250056] S3 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_f39a6924a795ad94\AEstSrv.exe [2010-11-25 81920] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-12-30 29472] S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2010-12-30 134144] S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2009-7-13 45568] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools\pc tools security\pctsAuxs.exe [2012-8-20 402368] S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools\pc tools security\pctsSvc.exe [2012-8-20 1118680] S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 45568] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-1 52224] S3 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2010-12-30 2320920] S3 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-6-3 1664304] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-2-4 1343400] . =============== Created Last 30 ================ . 2012-08-21 14:46:20 -------- d-----w- c:\users\mike brigham\appdata\roaming\Malwarebytes 2012-08-21 14:46:04 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-21 14:46:04 -------- d-----w- c:\programdata\Malwarebytes 2012-08-21 14:46:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-08-20 20:01:49 767960 ----a-w- c:\windows\BDTSupport.dll 2012-08-20 20:01:49 70768 ----a-w- c:\windows\system32\drivers\PCTBD.sys 2012-08-20 20:01:48 2267096 ----a-w- c:\windows\PCTBDCore.dll 2012-08-20 20:01:48 1689560 ----a-w- c:\windows\PCTBDRes.dll 2012-08-20 20:01:48 149464 ----a-w- c:\windows\SGDetectionTool.dll 2012-08-20 20:01:13 254944 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2012-08-20 20:01:13 107896 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys 2012-08-20 20:01:07 17880 ----a-w- c:\windows\system32\drivers\pctBTFix.sys 2012-08-20 20:01:03 70568 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2012-08-20 20:00:55 -------- d-----w- c:\program files\PC Tools 2012-08-20 19:57:09 909728 ----a-w- c:\windows\system32\drivers\pctEFA.sys 2012-08-20 19:57:09 342168 ----a-w- c:\windows\system32\drivers\pctDS.sys 2012-08-20 19:57:07 383368 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2012-08-20 19:57:07 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2012-08-20 19:57:05 203120 ----a-w- c:\windows\system32\drivers\PCTSD.sys 2012-08-20 19:57:05 -------- d-----w- c:\program files\common files\PC Tools 2012-08-20 19:56:50 -------- d-----w- c:\users\mike brigham\appdata\roaming\TestApp 2012-08-20 19:56:50 -------- d-----w- c:\programdata\PC Tools 2012-08-16 07:02:33 393728 ----a-w- c:\windows\system32\drivers\bthport.sys 2012-08-15 13:19:28 2345984 ----a-w- c:\windows\system32\win32k.sys 2012-08-15 13:19:27 400896 ----a-w- c:\windows\system32\srcore.dll 2012-08-15 13:19:16 492032 ----a-w- c:\windows\system32\win32spl.dll 2012-08-15 13:19:16 317440 ----a-w- c:\windows\system32\spoolsv.exe 2012-08-15 13:19:12 41984 ----a-w- c:\windows\system32\browcli.dll 2012-08-15 13:19:12 102912 ----a-w- c:\windows\system32\browser.dll 2012-08-15 13:19:10 769024 ----a-w- c:\windows\system32\localspl.dll 2012-07-27 20:51:30 184248 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll . ==================== Find3M ==================== . 2012-08-15 13:27:25 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-15 13:27:25 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-07 00:59:42 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX 2012-06-06 05:05:52 1390080 ----a-w- c:\windows\system32\msxml6.dll 2012-06-06 05:05:52 1236992 ----a-w- c:\windows\system32\msxml3.dll 2012-06-06 05:03:06 805376 ----a-w- c:\windows\system32\cdosys.dll 2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 19:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 19:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 04:45:04 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-06-02 04:45:03 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-06-02 04:40:59 369336 ----a-w- c:\windows\system32\drivers\cng.sys 2012-06-02 04:40:39 225280 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- c:\windows\system32\ncrypt.dll . ============= FINISH: 11:22:30.02 =============== =============== attach.txt ============================== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume2 Install Date: 2/3/2011 11:25:25 AM System Uptime: 8/21/2012 6:20:50 AM (5 hours ago) . Motherboard: Dell Inc. | | 07VWR8 Processor: Intel® Core i5 CPU M 560 @ 2.67GHz | CPU 1 | 2661/533mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 451 GiB total, 409.154 GiB free. D: is CDROM (UDF) E: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP123: 7/10/2012 10:01:52 AM - Scheduled Checkpoint RP124: 7/12/2012 3:00:50 AM - Windows Update RP125: 7/19/2012 9:54:14 AM - Scheduled Checkpoint RP126: 7/26/2012 10:09:16 AM - Scheduled Checkpoint RP127: 8/3/2012 9:47:44 AM - Scheduled Checkpoint RP128: 8/11/2012 2:48:30 PM - Scheduled Checkpoint RP129: 8/16/2012 3:00:33 AM - Windows Update RP130: 8/20/2012 3:08:58 PM - Windows Modules Installer . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) AccelerometerP11 Adobe AIR Adobe Download Manager Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.4) Advanced Audio FX Engine Apple Application Support Apple Software Update Bing Bar Browser Guard 4.0 Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Dell Backup and Recovery Manager Dell Edoc Viewer Dell Touchpad Dell Webcam Central DigitalPersona Personal 4.01 DW WLAN Card Utility Garmin HomePort Garmin USB Drivers Google Chrome Intel® Management Engine Components Java Auto Updater Java 6 Update 31 Junk Mail filter update Live! Cam Avatar Creator Malwarebytes Anti-Malware version 1.62.0.1300 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office 2010 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Standard 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MSVCRT Netscape Communicator 4.51 NVIDIA Drivers PC Tools Spyware Doctor 9.0 QuickSet32 QuickTime RealPlayer 5.0 Roxio Creator Audio Roxio Creator Copy Roxio Creator Data Roxio Creator DE 10.3 Roxio Creator Tools Roxio Express Labeler 3 Roxio Update Manager Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Spybot - Search & Destroy Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687400) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Validity Sensors DDK VC 9.0 Runtime WIDCOMM Bluetooth Software Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Upload Tool Windows Live Writer ZoneAlarm Antivirus ZoneAlarm Firewall ZoneAlarm Internet Security Suite ZoneAlarm Security ZoneAlarm Toolbar . ==== Event Viewer Messages From Past Week ======== . 8/21/2012 9:05:21 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer BUILT-UP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{46F318D8-E9F2-4438-8DA0-3C412C102. The master browser is stopping or an election is being forced. 8/21/2012 11:20:21 AM, Error: PCTCore [280] - 8/21/2012 10:44:25 AM, Error: Service Control Manager [7034] - The TrueVector Internet Monitor service terminated unexpectedly. It has done this 1 time(s). 8/20/2012 9:39:49 AM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 8/20/2012 3:15:14 PM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed. 8/19/2012 1:58:42 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10. 8/16/2012 3:23:48 AM, Error: Service Control Manager [7023] - The Diagnostic Service Host service terminated with the following error: The requested control is not valid for this service. 8/15/2012 9:54:14 PM, Error: Service Control Manager [7022] - The Diagnostic Service Host service hung on starting. . ==== End Of File =========================== Any help would be greatly appreciated. Thanks.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.