Jump to content

MG1

Members
  • Posts

    9
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi MrCharlie, I'm starting to suspect that the virus infecting my computer may be undetectable in most if not every single scan. I saw an article about a redirect virus that even ComboFix didn't find, and it got me thinking about new viruses versus standard approaches. I do know I need to understand more clearly what's going on and why. I also need to get deliberate about how we're planning to use the currently infected computer (which is our primary one but has been down, of course) in the future. If this virus is so difficult to track now, I wonder if it would hang around silently even after it appeared to be cleaned, assuming we could somehow find some of it through this process. I'm considering various options, including a clean (re)install of the OS on my machine. May I put this discussion on hold until I can figure out whether I feel it's wise for me to continue hunting the virus or if I should take a different approach?
  2. Okay, ran the Farbar Tool, results are pasted and attached as instructed: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2013 Ran by Golden (administrator) on GOLDEN-PC on 30-10-2013 18:43:02 Running from C:\Documents\Scan 103013 Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgchsva.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgnsa.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [intelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2314120 2009-06-01] (Microsoft Corporation) HKCU\...\Run: [cdloader] - C:\Users\Golden\AppData\Roaming\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.) MountPoints2: J - J:\autorun.exe AppInit_DLLs: avgrssta.dll [13048 2010-07-15] (AVG Technologies CZ, s.r.o.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xAE3F73539559CA01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.) Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Golden\AppData\Roaming\Mozilla\Firefox\Profiles\sldxbrun.default FF NetworkProxy: "type", 0 FF Plugin: @java.com/DTPlugin,version=10.10.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: firebug - C:\Users\Golden\AppData\Roaming\Mozilla\Firefox\Profiles\sldxbrun.default\Extensions\firebug@software.joehewitt.com.xpi FF Extension: Adblock Plus - C:\Users\Golden\AppData\Roaming\Mozilla\Firefox\Profiles\sldxbrun.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi ==================== Services (Whitelisted) ================= R2 avg9emc; C:\Program Files (x86)\AVG\AVG9\avgemc.exe [921952 2010-07-20] (AVG Technologies CZ, s.r.o.) R2 avg9wd; C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [308136 2010-07-15] (AVG Technologies CZ, s.r.o.) S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [537896 2008-06-24] (Nero AG) R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) ==================== Drivers (Whitelisted) ==================== R1 AvgLdx64; C:\Windows\System32\Drivers\avgldx64.sys [282976 2013-01-15] (AVG Technologies CZ, s.r.o.) R1 AvgMfx64; C:\Windows\System32\Drivers\avgmfx64.sys [35664 2011-10-07] (AVG Technologies CZ, s.r.o.) R1 AvgTdiA; C:\Windows\System32\Drivers\avgtdia.sys [317520 2011-05-05] (AVG Technologies CZ, s.r.o.) S3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE1200w764.sys [1254464 2011-03-29] (Broadcom Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] () ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-30 18:42 - 2013-10-30 18:42 - 00000000 ____D C:\FRST 2013-10-28 17:32 - 2013-10-28 17:32 - 00032013 _____ C:\Users\Golden\.recently-used.xbel 2013-10-28 17:22 - 2013-10-28 17:22 - 00002047 _____ C:\Users\Golden\Desktop\RKreport[0]_S_10282013_172232.txt 2013-10-27 13:15 - 2013-10-27 13:15 - 00000000 ____D C:\Users\Golden\Desktop\mwb instructions 2013-10-27 13:04 - 2013-10-27 13:07 - 00000000 ____D C:\Users\Golden\Desktop\RK_Quarantine 2013-10-27 13:02 - 2013-10-27 13:03 - 03997696 _____ C:\Users\Golden\Desktop\RogueKillerX64.exe 2013-10-26 22:05 - 2013-10-26 22:09 - 00000000 ____D C:\registry backup 102613 2013-10-26 22:05 - 2013-10-26 22:05 - 00000000 ____D C:\Users\Golden\Documents\New folder 2013-10-26 19:49 - 2009-06-10 14:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20131026-194908.backup 2013-10-19 14:44 - 2013-10-19 14:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-10-16 11:38 - 2013-09-04 05:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2013-10-16 11:38 - 2013-09-04 05:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2013-10-16 11:38 - 2013-09-04 05:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2013-10-16 11:38 - 2013-09-04 05:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2013-10-16 11:38 - 2013-09-04 05:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2013-10-16 11:38 - 2013-09-04 05:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2013-10-16 11:38 - 2013-09-04 05:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2013-10-15 16:47 - 2013-09-22 16:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-10-15 16:47 - 2013-09-22 16:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-10-15 16:47 - 2013-09-22 16:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-10-15 16:47 - 2013-09-22 16:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-10-15 16:47 - 2013-09-22 16:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-10-15 16:47 - 2013-09-22 16:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-10-15 16:47 - 2013-09-22 16:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-10-15 16:47 - 2013-09-22 16:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-10-15 16:47 - 2013-09-22 16:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-10-15 16:47 - 2013-09-22 16:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-10-15 16:47 - 2013-09-22 16:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-10-15 16:47 - 2013-09-22 15:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-10-15 16:47 - 2013-09-22 15:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-10-15 16:47 - 2013-09-22 15:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-10-15 16:47 - 2013-09-22 15:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-10-15 16:47 - 2013-09-22 15:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-10-15 16:47 - 2013-09-22 15:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-10-15 16:47 - 2013-09-22 15:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-10-15 16:47 - 2013-09-22 15:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-10-15 16:47 - 2013-09-22 15:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-10-15 16:47 - 2013-09-22 15:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-10-15 16:47 - 2013-09-22 15:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-10-15 16:47 - 2013-09-20 20:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-10-15 16:47 - 2013-09-20 20:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-10-15 16:47 - 2013-09-20 19:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-10-15 16:47 - 2013-09-20 19:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-10-15 16:46 - 2013-09-22 16:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-10-15 16:46 - 2013-09-22 16:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-10-15 16:46 - 2013-09-22 15:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-10-15 16:46 - 2013-09-22 15:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-10-15 16:46 - 2013-09-22 15:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-10-15 16:42 - 2013-10-15 16:44 - 00000000 ____D C:\f6ff593e3df111aeca5d3f7ccf4344 2013-10-15 16:30 - 2013-08-28 19:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-10-15 16:30 - 2013-08-28 19:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-10-15 16:30 - 2013-08-28 19:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2013-10-15 16:30 - 2013-08-28 19:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-10-15 16:30 - 2013-08-28 19:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2013-10-15 16:30 - 2013-08-28 18:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-10-15 16:30 - 2013-08-28 18:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-10-15 16:30 - 2013-08-28 18:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-10-15 16:30 - 2013-08-28 18:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2013-10-15 16:30 - 2013-08-28 18:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-10-15 16:30 - 2013-08-28 18:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2013-10-15 16:30 - 2013-08-28 17:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-10-15 16:30 - 2013-08-28 17:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-10-15 16:30 - 2013-08-28 17:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-10-15 16:30 - 2013-08-28 17:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-10-15 16:29 - 2013-07-04 05:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2013-10-15 16:29 - 2013-07-04 04:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2013-10-15 16:29 - 2013-06-25 15:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2013-10-15 16:28 - 2013-09-13 18:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2013-10-15 16:28 - 2013-09-07 19:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-10-15 16:28 - 2013-09-07 19:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2013-10-15 16:28 - 2013-09-07 19:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll 2013-10-15 16:28 - 2013-08-27 18:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll 2013-10-15 16:28 - 2013-08-01 05:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2013-10-15 16:28 - 2013-07-20 03:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2013-10-15 16:28 - 2013-07-20 03:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2013-10-15 16:28 - 2013-07-12 03:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys 2013-10-15 16:28 - 2013-07-12 03:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys 2013-10-15 16:28 - 2013-07-04 05:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2013-10-15 16:28 - 2013-07-04 05:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2013-10-15 16:28 - 2013-07-04 04:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2013-10-15 16:28 - 2013-07-04 04:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll 2013-10-15 16:28 - 2013-07-04 03:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2013-10-15 16:28 - 2013-07-02 21:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys 2013-10-15 16:28 - 2013-07-02 21:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys 2013-10-15 16:28 - 2013-07-02 21:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys 2013-10-15 16:28 - 2013-06-05 22:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2013-10-15 16:28 - 2013-06-05 22:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2013-10-15 16:28 - 2013-06-05 22:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2013-10-15 16:28 - 2013-06-05 22:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2013-10-15 16:28 - 2013-06-05 21:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2013-10-15 16:28 - 2013-06-05 21:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2013-10-15 16:28 - 2013-06-05 21:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2013-10-15 16:28 - 2013-06-05 20:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2013-10-15 16:28 - 2013-06-05 20:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2013-10-15 16:28 - 2013-06-05 20:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2013-10-08 12:10 - 2013-08-27 18:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys ==================== One Month Modified Files and Folders ======= 2013-10-30 18:42 - 2013-10-30 18:42 - 00000000 ____D C:\FRST 2013-10-30 18:42 - 2009-10-31 02:50 - 01550762 _____ C:\Windows\WindowsUpdate.log 2013-10-30 18:41 - 2009-07-13 21:45 - 00015344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-30 18:41 - 2009-07-13 21:45 - 00015344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-30 18:34 - 2009-10-30 12:22 - 00257931 _____ C:\Windows\setupact.log 2013-10-30 18:34 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-10-30 16:33 - 2009-10-30 12:15 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A4A0C1C1-C0A9-4751-85E5-0D7E43257930} 2013-10-30 16:31 - 2009-07-13 22:13 - 00005180 _____ C:\Windows\system32\PerfStringBackup.INI 2013-10-28 17:33 - 2010-09-26 16:36 - 00000000 ____D C:\Users\Golden\.gimp-2.6 2013-10-28 17:32 - 2013-10-28 17:32 - 00032013 _____ C:\Users\Golden\.recently-used.xbel 2013-10-28 17:32 - 2010-09-26 22:03 - 00000000 ____D C:\Users\Golden\AppData\Roaming\gtk-2.0 2013-10-28 17:32 - 2009-10-31 02:51 - 00000000 ____D C:\Users\Golden 2013-10-28 17:22 - 2013-10-28 17:22 - 00002047 _____ C:\Users\Golden\Desktop\RKreport[0]_S_10282013_172232.txt 2013-10-28 17:03 - 2009-10-30 12:07 - 00000000 ____D C:\Windows\system32\Drivers\Avg 2013-10-28 16:21 - 2011-03-23 13:06 - 00000995 _____ C:\Users\Golden\Desktop\magicJack.lnk 2013-10-28 16:21 - 2011-03-23 13:06 - 00000981 _____ C:\Users\Golden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk 2013-10-28 16:21 - 2011-03-23 13:04 - 00000000 ____D C:\Users\Golden\AppData\Roaming\mjusbsp 2013-10-28 14:28 - 2013-09-02 00:04 - 00000000 _____ C:\Users\Golden\Desktop\temp.txt 2013-10-27 17:40 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF 2013-10-27 14:02 - 2011-03-27 23:55 - 00000000 ____D C:\Users\Golden\Desktop\installation files 2013-10-27 13:15 - 2013-10-27 13:15 - 00000000 ____D C:\Users\Golden\Desktop\mwb instructions 2013-10-27 13:07 - 2013-10-27 13:04 - 00000000 ____D C:\Users\Golden\Desktop\RK_Quarantine 2013-10-27 13:03 - 2013-10-27 13:02 - 03997696 _____ C:\Users\Golden\Desktop\RogueKillerX64.exe 2013-10-26 22:32 - 2012-03-13 19:31 - 00000000 ____D C:\Users\Golden\Desktop\misc 2013-10-26 22:09 - 2013-10-26 22:05 - 00000000 ____D C:\registry backup 102613 2013-10-26 22:05 - 2013-10-26 22:05 - 00000000 ____D C:\Users\Golden\Documents\New folder 2013-10-26 21:00 - 2011-12-28 21:57 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-10-26 21:00 - 2009-10-30 12:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-10-25 19:01 - 2009-11-03 20:37 - 00000000 ____D C:\Users\Golden\AppData\Local\Adobe 2013-10-24 14:04 - 2012-05-27 17:45 - 00000000 ____D C:\Users\Golden\AppData\Roaming\Audacity 2013-10-23 18:43 - 2013-09-04 18:53 - 00002601 _____ C:\Users\Golden\Desktop\Aug 2013 electricity estimate.txt 2013-10-22 14:09 - 2011-02-17 19:07 - 00000000 ____D C:\Users\Golden\AppData\Roaming\FileZilla 2013-10-20 08:01 - 2012-05-06 12:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-10-19 15:24 - 2009-10-30 12:25 - 00000000 ____D C:\Users\Golden\AppData\Local\Mozilla 2013-10-19 14:44 - 2013-10-19 14:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-10-16 11:27 - 2009-11-03 21:22 - 00084138 _____ C:\Windows\PFRO.log 2013-10-16 11:27 - 2009-07-13 21:45 - 00439520 _____ C:\Windows\system32\FNTCACHE.DAT 2013-10-15 19:57 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache 2013-10-15 16:44 - 2013-10-15 16:42 - 00000000 ____D C:\f6ff593e3df111aeca5d3f7ccf4344 2013-10-15 16:44 - 2013-07-12 21:18 - 00000000 ____D C:\Windows\system32\MRT 2013-10-15 16:42 - 2009-10-30 12:27 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-09-30 16:45 - 2013-09-16 21:08 - 00000000 ____D C:\Users\Golden\Desktop\tawny frogmouth Some content of TEMP: ==================== C:\Users\Golden\AppData\Local\Temp\ntdll_dump.dll C:\Users\Golden\AppData\Local\Temp\ose00000.exe C:\Users\Golden\AppData\Local\Temp\ose00001.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-21 00:21 ==================== End Of Log ============================ Addition.txt
  3. MrCharlie, I want to make sure i understand you about the correct way to download Farbar. You wrote: When I go to the page, I see what is in the attached screenshot at the top of the page. Those blue buttons look somewhat like what you say, HOWEVER not 100% (no @BleepingComputer and instead bit version numbers). And they are also directly underneath a header that says Sponsored Links. I don't see any other buttons on the page. Are the blue buttons in the attached screenshot the correct ones for true download per your instructions? Just want to make sure I do everything correctly.
  4. Hi MrCharlie, Quick note for now, more later. You asked what browser - Firefox. I've had a deluge of work and family stuff in the last 24 hours and wasn't able to get to the scan you suggested today but can get to it tomorrow (Wed 10/30). Want to do it while not half-asleep. Just wanted to let you know I'm still on it...
  5. Oddly, just after I PMed you I had a redirect - the first from anywhere other than that site - from one of my bookmarks (an old google version). I am scared about Combofix and wish there was something less dangerous to my machine but will do what you ask.
  6. MrCharlie, your suggestions aren't making any logical sense to me just yet. 1. You wrote: "There's nothing showing in the logs so far but that doesn't mean that you're clean. If you're still having a problem I think we should run some scans." How could I determine if there's still a problem if I don't return to that one specific site? That's the only place I have seen anything. And if that site is actually infected, wouldn't returning to that site and using it simply to see if I get more attempted redirects be quite unwise? 2 & 3. My understanding is that Combofix is pretty serious stuff and shouldn't ever be used lightly. Given that I can't determine if I'm "still having a problem" unless I return to a possibly infected site for the purpose of seeing if it tries to redirect again, I'm trying to understand the logic of using something (Combofix) that as I understand it could itself mess with my machine ... without any evidence that there is any problem outside of that site and without the action of returning to a site that as far as I can tell, has been infected and I may have avoided infection through a combo of quick action and slow internet speed. Seems like using Combofix would be taking a big risk without being able to answer your question about "if I'm still having a problem" in the first place. Note: the problematic site is legit but has had other malware problems in the past that I know about from rare but memorable firefox alerts and skimming discussion in their support forums after fixes. However, in the past, such problems have been specific to the ads, and Adblock Plus combined with blocking some site images (and possibly not having Flash enabled in general when I browse) has removed me from that part of the site dynamic. This redirect, however, seemed to come directly from some site scripts or something more directly associated with the site and I can't see the wisdom in returning to the site and exposing my machine again just to see if there's still a problem.
  7. Glad to hear all looks okay. The only problem I had to begin with was a set of three staggered instances of attempted redirect from one particular site to outrate when I clicked the site's buttons (it's a forum). Third time I took an extra second to look in the address bar before quickly exiting firefox (the first couple, I immediately exited firefox when my brain caught that something wasn't right) and my brain registered outrate.com in the address to which it said it was redirecting. I haven't returned to that site since this happened and I'm not sure I ever should (which makes me sad,it's an interesting community and I learn a lot in dialogue there). As for my own machine: I haven't had any problems with google redirects or any other sites or anything else I'm aware of. I came here and posted because I want to be sure that I'm not dealing with some sort of silent infection that would either get ugly later or stay silent over time but do nasty things anyway. Three questions: 1. Am I correct in understanding that you don't think there is cause for concern that my computer has been infected/affected by the attempted outrate redirects from that site? 2. Assuming you don't think there is cause for concern with my machine - what do you recommend I do about/in relation to that site? 3. What next steps should I take from this scanning process (remember I also scanned with tdsskiller before posting here)? Hope the above info and questions make sense. I really really appreciate your help!
  8. Hi MrCharlie, Below is the RougeKiller report. Any information you could share with me about what you see and why you suggest specific steps would be really helpful as we go through this process. I like to be educated about what's going on so I can take proper responsibility for my own understanding, if that makes any sense. Anyway, the report: RogueKiller V8.7.5 _x64_ [Oct 22 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Golden [Admin rights] Mode : Scan -- Date : 10/27/2013 13:06:44 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD3200AAKS-00V1A0 ATA Device +++++ --- User --- [MBR] b5aaba646f52737e5f906e1a30a08755 [bSP] 998053bfc207ddea7e2d78fdb2b008c9 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 305143 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_10272013_130644.txt >>
  9. Greetings, Three times now on the same website (personalitycafe.com) I've clicked one of their buttons and gotten an attempted redirect.The first two times I immediately closed firefox so didn't see much. I waited a second more the third time and saw outrate.com in the address of the site it began trying to load. I'm running on a 1.5MB DSL connection and things can normally take a bit of time to load, so I may have gotten out before anything could happen - but I don't know and figure better safe than sorry. I've run malwarebytes quick scan, spybot scan, avg free (though avg scan was before the third attempted outrate redirect from that site) and tdsskiller and all the scans have come up clean. I also have seen zero instances so far of any search engine redirects. However. I'm a better safe than sorry mode as noted. I'm pasting below my DDS results and want to know if someone wiser than I can decide this and see if there seems to be any indication of a problem: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16720 BrowserJavaVersion: 10.5.1 Run by Golden at 22:31:48 on 2013-10-26 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3967.2807 [GMT -7:00] . AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Program Files (x86)\AVG\AVG9\avgchsva.exe C:\Program Files (x86)\AVG\AVG9\avgrsa.exe C:\Windows\system32\lsm.exe C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\system32\taskhost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\Dwm.exe C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files (x86)\AVG\AVG9\avgemc.exe C:\Program Files (x86)\AVG\AVG9\avgnsa.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe C:\Windows\System32\WUDFHost.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\notepad.exe C:\Windows\system32\taskmgr.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank uProxyOverride = 127.0.0.1; BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll uRun: [cdloader] "C:\Users\Golden\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . TCP: NameServer = 192.168.0.1 TCP: Interfaces\{93A32983-2774-473F-A6BB-DD727057C2FC} : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{EFD56DE8-E163-4A06-B92E-21CB06BFC2D5} : DHCPNameServer = 10.0.0.1 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll SSODL: WebCheck - <orphaned> x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" . INFO: x64-HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll x64-SSODL: WebCheck - <orphaned> Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Golden\AppData\Roaming\Mozilla\Firefox\Profiles\sldxbrun.default\ FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\Windows\System32\drivers\avgldx64.sys [2009-10-30 282976] R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;C:\Windows\System32\drivers\avgmfx64.sys [2009-10-30 35664] R1 AvgTdiA;AVG Free Network Redirector x64;C:\Windows\System32\drivers\avgtdia.sys [2009-10-30 317520] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-18 203264] R2 avg9emc;AVG Free E-mail Scanner;C:\Program Files (x86)\AVG\AVG9\avgemc.exe [2010-7-15 921952] R2 avg9wd;AVG Free WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-7-15 308136] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-10-30 1153368] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 Linksys_adapter_H;Linksys Adapter Network Driver;C:\Windows\System32\drivers\AE1200w764.sys [2011-3-29 1254464] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-25 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2009-8-28 49152] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-2-23 1255736] . =============== File Associations =============== . FileExt: .reg: regfile=regedit.exe "%1" [userChoice] . =============== Created Last 30 ================ . 2013-10-27 05:05:10 -------- d-----w- C:\registry backup 102613 2013-10-16 18:38:15 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys 2013-10-16 18:38:15 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys 2013-10-16 18:38:15 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys 2013-10-16 18:38:15 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys 2013-10-16 18:38:15 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys 2013-10-16 18:38:15 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys 2013-10-16 18:38:15 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys 2013-10-15 23:46:59 2241024 ----a-w- C:\Windows\System32\wininet.dll 2013-10-15 23:42:29 -------- d-----w- C:\f6ff593e3df111aeca5d3f7ccf4344 2013-10-15 23:29:52 785624 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys 2013-10-15 23:29:30 633856 ----a-w- C:\Windows\System32\comctl32.dll 2013-10-15 23:29:30 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll 2013-10-08 19:10:24 3155968 ----a-w- C:\Windows\System32\win32k.sys . ==================== Find3M ==================== . 2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-09-22 23:27:48 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-09-22 23:27:48 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-09-22 22:54:51 3959296 ----a-w- C:\Windows\System32\jscript9.dll 2013-09-22 22:54:50 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-09-22 22:54:50 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-09-21 03:38:39 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-09-21 03:30:24 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-09-21 02:48:36 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-09-21 02:39:47 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys 2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll 2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll 2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll 2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll 2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll 2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll 2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll 2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll 2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll 2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll 2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys 2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll 2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll 2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe 2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe 2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2013-08-01 12:09:36 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys . ============= FINISH: 22:32:06.18 =============== and I understand from the otehr post I'm also supposed to post the attach file? . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 10/31/2009 2:50:56 AM System Uptime: 10/26/2013 9:35:48 PM (1 hours ago) . Motherboard: ASUSTeK Computer INC. | | M3A76-CM Processor: AMD Athlon II X2 240 Processor | AM2 | 2800/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 298 GiB total, 191.805 GiB free. D: is CDROM () E: is Removable F: is Removable G: is Removable H: is Removable I: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP305: 9/20/2013 8:16:15 PM - Scheduled Checkpoint RP306: 9/27/2013 8:42:29 PM - Scheduled Checkpoint RP307: 10/5/2013 1:09:22 AM - Scheduled Checkpoint RP308: 10/9/2013 12:14:57 AM - Windows Update RP309: 10/15/2013 4:39:34 PM - Windows Update RP310: 10/16/2013 11:38:21 AM - Windows Update RP311: 10/23/2013 10:06:37 PM - Scheduled Checkpoint . ==== Installed Programs ====================== . 2007 Microsoft Office Suite Service Pack 2 (SP2) Acrobat.com Adobe AIR Adobe Reader 9.5.3 Adobe Shockwave Player 11.5 Audacity 2.0 Avery Wizard 4.0 Canon iP2700 series Printer Driver Canon iP2700 series User Registration Canon Utilities Easy-PhotoPrint EX Canon Utilities Solution Menu CCleaner (remove only) FileZilla Client 3.7.1 GIMP 2.6.10 GoGear Mix Device Manager GPL Ghostscript 9.01 Gtk+ Runtime Environment 2.10.11-1 Inquisit 3 Web Edition Java 7 Update 10 (64-bit) Java Auto Updater Java 7 Update 5 JavaFX 2.1.1 K-Lite Codec Pack 5.1.0 (Full) LAME v3.99.3 (for Windows) magicJack Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft IntelliPoint 7.0 Microsoft Office Excel MUI (English) 2007 Microsoft Office Home and Student 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 Mozilla Firefox 24.0 (x86 en-US) Mozilla Maintenance Service MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nero 8 Essentials neroxml Notepad++ OpenOffice.org 3.3 Pegasus Mail R for Windows 2.15.0 SA25x5 & SA26x5 Device Manager SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6 Scribus 1.3.3.14 Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2) Spybot - Search & Destroy Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) Visual C++ 8.0 Runtime Setup Package (x64) . ==== Event Viewer Messages From Past Week ======== . 10/26/2013 9:36:01 PM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter 10/26/2013 9:36:01 PM, Error: atikmdag [43029] - Display is not active 10/26/2013 8:51:04 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 10/26/2013 8:51:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 10/26/2013 8:51:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 10/26/2013 8:50:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 10/26/2013 8:50:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 10/26/2013 8:50:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 10/26/2013 8:50:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 10/26/2013 8:50:42 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx64 AvgMfx64 AvgTdiA DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf 10/26/2013 8:50:40 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 10/26/2013 8:50:40 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 10/26/2013 8:50:40 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 10/26/2013 8:50:40 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 10/26/2013 8:50:40 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 10/26/2013 8:50:40 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 10/26/2013 8:50:40 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 10/26/2013 8:50:40 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 10/26/2013 8:50:40 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 10/26/2013 8:50:40 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 10/22/2013 2:49:49 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR6. . ==== End Of File =========================== Help?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.