Jump to content

morandaminds

Members
 View Profile  See their activity

  • Posts

    9

  • Joined

  • Last visited

 Content Type 

Everything posted by morandaminds

  1. morandaminds
    I have been working on a friend's system which starting with a google redirect and began hiding some of his files. There were no signs of a Rogue AV or anything like that. I thought, "this will be a breeze". I first ran rkill to kill any processes currently running. rkill seemed to hang for 30 minutes or more and did not finish. I then decided to run a full scan with Malware Bytes which yielded a couple of entries, but nothing relative to a virus. I rebooted and the redirection continued. I then proceeded to run a gamut of other programs to try and remove the redirection including combofix. Hitman Pro 3.5 came up with an MBR virus which it needed to remove on reboot. Upon reboot I was presented with a lovely blue screen with the following code 0x0000007B and no file specified. I also updated and ran Kaspersky Rescue Disk 10 on USB which came up with nothing. I am at a loss to say the least. Typically the combination of these programs will yield a clean system. Unfortunately not today. At the moment I am unable to boot into windows 7 under normal or safe mode. I ran Kaspersky a second time and still came up with nothing. As you can tell I am in a bit of a pinch. This forum has always been an incredible resource for me and I would greatly appreciate any and all help you can provide. Thanks in advance, Dustin sorry I am unable to attach logs.
  2. morandaminds
    Issues are resolved. Thanks for your reply.
  3. morandaminds
    ESET ONLINE SCANNER LOG C:\Documents and Settings\NetworkService\Application Data\exqEdC.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined C:\Documents and Settings\NetworkService\Application Data\MKHIp.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-421ef8d3-25f76842.class Java/Bytverify trojan cleaned by deleting - quarantined C:\WINDOWS\SYSTEM32\345.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined I am still finding infected files. Can anyone help me out? Thanks, Dustin
  4. morandaminds
    Anyone?
  5. morandaminds
    Already ran malware bytes multiple times in Safe Mode and using Rkill before. Ran TDSS Killer - found and cured a rootkit virus. Ran combofix after uninstalling AVG. Seems to have helped, but the system is still sluggish. Although it is an older system with only 512mb or memory. Malware bytes found whitesmoke.pup as well as palladium. This guy really messed up his system. Any help would be greatly appreciated. Sorry to run combofix before instructed, looks like the system survived anyway. I've included the DDS log and attached attach.txt and ark.txt. Unfortunately I deleted the mbytes log. I can run it again if need be. Please let me know my next steps. Thanks in advance, Dustin DDS LOG DDS (Ver_10-12-12.02) - NTFSx86 Run by POS at 15:56:37.56 on Wed 03/02/2011 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.46 [GMT -8:00] AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\PROGRA~1\AVG\AVG10\avgchsvx.exe C:\PROGRA~1\AVG\AVG10\avgrsx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\AVG\AVG10\avgwdsvc.exe C:\Program Files\Executive Software\Diskeeper\DkService.exe C:\Program Files\FedEx\ShipManager\BIN\FedEx.Gsm.Common.LoggingService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\FedEx\ShipManager\SQLAnywhere\Bin32\dbsrv11.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Common Files\Dell\EUSW\Support.exe C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AVG\AVG10\avgnsx.exe C:\Program Files\FedEx\ShipManager\BIN\AdminService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Documents and Settings\User\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = iexplore uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [DwlClient] c:\program files\common files\dell\eusw\Support.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [DiskeeperSystray] "c:\program files\executive software\diskeeper\DkIcon.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe IE: &Viewpoint Search - c:\program files\viewpoint\viewpoint toolbar\ViewBar.dll/CXTSEARCH.HTML IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL Trusted Zone: bankofamerica.com\www Trusted Zone: fedex.com\www Trusted Zone: frame.crazywinnings.com Trusted Zone: frame.crazywinnings.com DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://a1540.g.akamai.net/7/1540/52/20060104/qtinstall.info.apple.com/snape/us/win/QuickTimeInstaller.exe DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1299016249328 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1299016244203 DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37999.5327546296 DPF: {A3D93B25-4601-49D2-B3AF-F447C73D561F} - hxxp://12.149.142.91:8080/program/SonySncRz25View.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll Notify: igfxcui - igfxsrvc.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\bez0xesr.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z007&form=ZGAADF&q= FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox ============= SERVICES / DRIVERS =============== R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720] R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400] R2 FedExAdminService;FedEx Administration Service;c:\program files\fedex\shipmanager\bin\AdminService.exe [2010-4-16 24576] R2 FedExLoggingService;FedEx Logging Service;c:\program files\fedex\shipmanager\bin\FedEx.Gsm.Common.LoggingService.exe [2010-4-16 7168] R2 FedExShipnetDBService;FedEx Shipnet Database Service;c:\program files\fedex\shipmanager\sqlanywhere\bin32\dbsrv11.exe [2010-4-16 130352] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 123472] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 30288] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 26192] S3 AE1000;Linksys AE1000 Driver;c:\windows\system32\drivers\AE1000XP.sys [2010-10-2 816672] S3 FedExShipService;FedEx Shipping Engine;c:\program files\fedex\shipmanager\bin\ShipEngineService.exe [2010-4-16 5120] S3 FedExTransactionService;FedEx Transaction Engine;c:\program files\fedex\shipmanager\bin\TransEngineService.exe [2010-4-16 6656] =============== Created Last 30 ================ 2011-03-02 22:04:03 -------- d-----w- c:\windows\system32\drivers\AVG 2011-03-02 22:02:11 -------- d-----w- c:\program files\AVG 2011-03-02 21:54:15 -------- d-s---w- C:\Combo-Fix19459C 2011-03-02 21:16:33 -------- d-sha-r- C:\cmdcons 2011-03-02 21:10:12 -------- d-----w- C:\Combo-Fix 2011-03-02 16:36:58 -------- d-----w- c:\docume~1\user\applic~1\Registry Mechanic 2011-03-02 01:41:21 -------- d-----w- c:\docume~1\user\applic~1\AVG10 2011-03-02 01:39:14 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files 2011-03-02 01:33:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10 2011-03-02 01:28:09 -------- d-----w- c:\docume~1\user\locals~1\applic~1\Apple Computer 2011-03-02 01:28:04 -------- d-----w- c:\docume~1\user\locals~1\applic~1\Apple 2011-03-02 01:22:36 -------- d-----w- c:\program files\CCleaner 2011-03-02 01:22:06 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-03-02 01:22:06 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll 2011-03-02 01:22:05 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-03-02 01:19:31 25048 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider.dll 2011-03-02 01:19:31 140248 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll 2011-03-02 01:19:30 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll 2011-03-02 01:19:30 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe 2011-03-01 23:59:25 -------- d-----w- c:\windows\system32\XPSViewer 2011-03-01 23:58:47 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll 2011-03-01 23:58:27 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2011-03-01 23:58:27 117760 ------w- c:\windows\system32\prntvpt.dll 2011-03-01 23:58:26 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2011-03-01 23:58:26 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2011-03-01 23:58:26 575488 ------w- c:\windows\system32\xpsshhdr.dll 2011-03-01 23:58:26 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll 2011-03-01 23:58:26 1676288 ------w- c:\windows\system32\xpssvcs.dll 2011-03-01 23:58:26 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll 2011-03-01 23:58:26 -------- d-----w- C:\02d0cd5c942597c1bf6828 2011-03-01 23:43:09 -------- d-sh--w- c:\documents and settings\user\IECompatCache 2011-03-01 23:42:14 -------- d-sh--w- c:\documents and settings\user\PrivacIE 2011-03-01 23:39:07 -------- d-sh--w- c:\documents and settings\user\IETldCache 2011-03-01 22:58:51 7680 ------w- c:\windows\system32\dllcache\iecompat.dll 2011-03-01 22:58:30 -------- d-----w- c:\windows\ie8updates 2011-03-01 22:57:58 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2011-03-01 22:57:54 602112 ------w- c:\windows\system32\dllcache\msfeeds.dll 2011-03-01 22:57:54 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll 2011-03-01 22:57:54 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll 2011-03-01 22:57:54 1991680 ------w- c:\windows\system32\dllcache\iertutil.dll 2011-03-01 22:57:53 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll 2011-03-01 22:57:53 11080704 ------w- c:\windows\system32\dllcache\ieframe.dll 2011-03-01 22:56:01 -------- dc-h--w- c:\windows\ie8 2011-03-01 22:43:12 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2 2011-03-01 22:27:09 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe 2011-03-01 22:26:03 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll 2011-03-01 22:23:46 974848 ------w- c:\windows\system32\dllcache\mfc42.dll 2011-03-01 22:23:46 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll 2011-03-01 22:23:22 617472 ------w- c:\windows\system32\dllcache\comctl32.dll 2011-03-01 22:22:27 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys 2011-03-01 22:22:21 81920 ------w- c:\windows\system32\dllcache\fontsub.dll 2011-03-01 22:22:21 119808 ------w- c:\windows\system32\dllcache\t2embed.dll 2011-03-01 22:18:02 471552 ------w- c:\windows\system32\dllcache\aclayers.dll 2011-03-01 22:16:21 153088 ------w- c:\windows\system32\dllcache\triedit.dll 2011-03-01 22:12:30 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe 2011-03-01 22:10:53 45568 ------w- c:\windows\system32\dllcache\wab.exe 2011-03-01 22:01:00 274288 ----a-w- c:\windows\system32\mucltui.dll 2011-03-01 22:01:00 16736 ----a-w- c:\windows\system32\mucltui.dll.mui 2011-03-01 21:51:05 15064 ----a-w- c:\windows\system32\wuapi.dll.mui 2011-03-01 21:45:30 -------- d-----w- c:\program files\Executive Software 2011-03-01 21:37:02 12872 ----a-w- c:\windows\system32\bootdelete.exe 2011-03-01 21:32:10 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-03-01 21:28:21 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro 2011-03-01 20:18:32 -------- d-----w- c:\program files\CleanUp! 2011-03-01 00:03:27 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData ==================== Find3M ==================== 2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys 2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll 2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll 2010-12-20 23:59:19 43520 ------w- c:\windows\system32\licmgr10.dll 2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-12-20 22:15:51 81920 ------w- c:\windows\system32\ieencode.dll 2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll 2010-12-20 12:55:26 385024 ------w- c:\windows\system32\html.iec 2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll 2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll 2010-12-09 13:38:47 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-12-09 13:07:05 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe ============= FINISH: 16:00:05.17 =============== Attach.zip
  6. morandaminds
    Kenny you are a genius man. This makes total sense. Its a friends laptop, and I noticed earlier today that his router does not have a username and password set up. Also when my friend takes his system home the problem does not happen. I am heading to his house early tomorrow morning. I will hard reset the router and test for a redirection. Is there anything else that looks funky in the log files then?
  7. morandaminds
    ComboFix 11-01-31.02 - Brandon 02/01/2011 17:40:03.3.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.2558 [GMT -8:00] Running from: c:\users\Brandon\Desktop\Combo-Fix.exe AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ((((((((((((((((((((((((( Files Created from 2011-01-02 to 2011-02-02 ))))))))))))))))))))))))))))))) . 2011-02-02 01:43 . 2011-02-02 01:43 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-02-02 00:28 . 2011-02-02 00:28 521448 ----a-w- c:\windows\system32\deployJava1.dll 2011-02-01 22:36 . 2011-02-01 22:37 -------- d---a-w- C:\BLTDVS_toolkit 2011-02-01 19:49 . 2010-12-21 02:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2011-02-01 19:48 . 2010-12-21 02:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-02-01 19:25 . 2011-01-13 10:20 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{72072ECD-3F72-46D0-A3C1-712611777295}\mpengine.dll 2011-02-01 18:21 . 2011-02-01 18:21 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2011-02-01 17:51 . 2011-02-01 17:51 -------- d-----w- c:\programdata\Hitman Pro 2011-02-01 16:54 . 2011-02-01 16:54 -------- d-----w- c:\users\Brandon\AppData\Roaming\Malwarebytes 2011-02-01 16:53 . 2011-02-01 16:53 -------- d-----w- c:\programdata\Malwarebytes 2011-02-01 16:53 . 2011-02-01 19:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-02-01 16:52 . 2011-02-01 19:46 -------- d-----w- c:\program files (x86)\CleanUp! 2011-01-27 17:51 . 2011-01-27 17:52 -------- d-----w- c:\users\Brandon\AppData\Local\Microsoft Help 2011-01-20 23:54 . 2011-01-20 23:54 -------- d-----w- c:\users\Brandon\AppData\Local\Windows Live Writer 2011-01-20 23:54 . 2011-01-20 23:54 -------- d-----w- c:\users\Brandon\AppData\Roaming\Windows Live Writer 2011-01-12 17:27 . 2011-01-12 17:27 -------- d-----w- c:\windows\en 2011-01-12 17:25 . 2011-01-12 17:25 -------- d-----w- c:\program files\Windows Live 2011-01-12 17:24 . 2011-01-12 17:24 -------- d-----w- c:\program files (x86)\MSN Toolbar 2011-01-12 17:24 . 2011-01-12 17:24 -------- d-----w- c:\program files (x86)\Bing Bar Installer 2011-01-12 17:24 . 2009-09-05 01:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll 2011-01-12 17:24 . 2009-09-05 01:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll 2011-01-12 17:24 . 2009-09-05 01:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll 2011-01-12 17:24 . 2009-09-05 01:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll 2011-01-12 17:24 . 2006-11-29 21:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll 2011-01-12 17:24 . 2006-11-29 21:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll 2011-01-12 17:13 . 2011-01-12 17:13 469256 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\5795bf21cbb27c2d\InstallManager_WLE_WLE.exe 2011-01-12 17:13 . 2011-01-12 17:13 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\facc52741cbb27b22\MeshBetaRemover.exe 2011-01-12 17:12 . 2011-01-12 17:12 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f1ce7fcb1cbb27b1a\DSETUP.dll 2011-01-12 17:12 . 2011-01-12 17:12 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f1ce7fcb1cbb27b1a\DXSETUP.exe 2011-01-12 17:12 . 2011-01-12 17:12 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f1ce7fcb1cbb27b1a\dsetup32.dll 2011-01-12 17:12 . 2011-01-12 17:12 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f1231cb71cbb27b19\DSETUP.dll 2011-01-12 17:12 . 2011-01-12 17:12 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f1231cb71cbb27b19\DXSETUP.exe 2011-01-12 17:12 . 2011-01-12 17:12 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f1231cb71cbb27b19\dsetup32.dll 2011-01-12 17:12 . 2011-02-01 19:23 -------- d-----w- c:\users\Brandon\AppData\Local\Windows Live 2011-01-12 17:11 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL 2011-01-12 17:11 . 2010-05-23 10:11 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll 2011-01-12 17:11 . 2010-05-23 08:37 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL 2011-01-12 17:11 . 2010-05-23 08:35 257024 ----a-w- c:\windows\system32\mfreadwrite.dll 2011-01-12 17:11 . 2010-05-23 08:35 206848 ----a-w- c:\windows\system32\mfps.dll 2011-01-12 17:11 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\SysWow64\mf.dll 2011-01-12 17:11 . 2010-05-23 08:35 4068864 ----a-w- c:\windows\system32\mf.dll 2011-01-12 15:03 . 2010-11-02 05:12 1540608 ----a-w- c:\windows\system32\DWrite.dll 2011-01-12 15:03 . 2010-11-02 05:12 1837568 ----a-w- c:\windows\system32\d3d10warp.dll 2011-01-12 15:03 . 2010-11-02 05:12 902656 ----a-w- c:\windows\system32\d2d1.dll 2011-01-12 15:03 . 2010-11-02 04:35 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2011-01-12 15:03 . 2010-11-02 04:35 739840 ----a-w- c:\windows\SysWow64\d2d1.dll 2011-01-12 15:03 . 2010-11-02 05:18 662528 ----a-w- c:\windows\system32\XpsPrint.dll 2011-01-12 15:03 . 2010-11-02 05:12 1133568 ----a-w- c:\windows\system32\FntCache.dll 2011-01-12 15:03 . 2010-11-02 04:35 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll 2011-01-12 15:03 . 2010-11-02 05:18 470016 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-01-12 15:03 . 2010-11-02 04:41 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-26 20:25 . 2010-12-26 20:25 176488 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10136.bin 2010-11-30 01:38 . 2010-11-30 01:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2010-11-30 01:38 . 2010-11-30 01:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2010-11-13 02:53 . 2010-08-09 14:02 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2010-11-04 06:35 . 2010-12-15 21:17 1194496 ----a-w- c:\windows\system32\wininet.dll 2010-11-04 06:31 . 2010-12-15 21:17 57856 ----a-w- c:\windows\system32\licmgr10.dll 2010-11-04 05:52 . 2010-12-15 21:17 978944 ----a-w- c:\windows\SysWow64\wininet.dll 2010-11-04 05:48 . 2010-12-15 21:17 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll 2010-11-04 05:16 . 2010-12-15 21:17 482816 ----a-w- c:\windows\system32\html.iec 2010-11-04 04:41 . 2010-12-15 21:17 386048 ----a-w- c:\windows\SysWow64\html.iec 2010-11-04 04:35 . 2010-12-15 21:17 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2010-11-04 04:08 . 2010-12-15 21:17 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb . ((((((((((((((((((((((((((((( SnapShot@2011-02-02_00.45.36 ))))))))))))))))))))))))))))))))))))))))) . - 2009-07-14 04:54 . 2011-02-01 23:08 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2011-02-02 01:31 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2011-02-02 01:31 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2011-02-01 23:08 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2011-02-01 23:08 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2011-02-02 01:31 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-03-25 00:32 . 2011-02-02 01:30 33046 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2011-02-02 01:30 27786 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin - 2009-07-14 05:10 . 2011-02-01 23:08 27786 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin - 2010-06-17 15:06 . 2011-02-01 23:15 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-06-17 15:06 . 2011-02-02 00:53 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-06-17 15:06 . 2011-02-02 00:53 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-06-17 15:06 . 2011-02-01 23:15 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2011-02-01 23:15 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2011-02-02 00:53 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-06-17 17:53 . 2011-02-02 00:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-06-17 17:53 . 2011-02-02 01:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-06-17 17:53 . 2011-02-02 00:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-06-17 17:53 . 2011-02-02 01:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-06-17 15:21 . 2011-02-02 01:30 7838 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4055778247-3674837687-767268293-1000_UserData.bin + 2011-02-02 01:29 . 2011-02-02 01:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-02-02 00:45 . 2011-02-02 00:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-02-02 00:45 . 2011-02-02 00:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-02-02 01:29 . 2011-02-02 01:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 02:36 . 2011-02-02 00:24 624178 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2011-02-02 01:34 624178 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2011-02-02 00:24 106522 c:\windows\system32\perfc009.dat + 2009-07-14 02:36 . 2011-02-02 01:34 106522 c:\windows\system32\perfc009.dat - 2009-07-14 05:01 . 2011-02-02 00:44 305456 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2011-02-02 01:28 305456 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-01-21 15:02 . 2011-02-02 01:28 614980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4055778247-3674837687-767268293-1000-8192.dat - 2011-01-21 15:02 . 2011-02-02 00:44 614980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4055778247-3674837687-767268293-1000-8192.dat - 2009-07-14 02:34 . 2011-02-01 23:32 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat + 2009-07-14 02:34 . 2011-02-02 01:13 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-09-23 4240760] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520] "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600] "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744] "DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-12-14 421160] c:\users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384] c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-30 136176] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-17 220672] R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-18 1255736] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-04-28 139704] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-10-09 92160] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648] S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-06-24 166984] S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2010-06-24 810144] S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-04-28 50600] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-09-30 2320920] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-09-26 233984] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616] . Contents of the 'Scheduled Tasks' folder 2011-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-30 22:21] 2011-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-30 22:21] . --------- x86-64 ----------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-09-16 357376] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-09 8158240] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-04 166424] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-04 390168] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-04 408600] "Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-06-24 2903688] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.aol.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local . - - - - ORPHANS REMOVED - - - - Toolbar-Locked - (no file) . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-4055778247-3674837687-767268293-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" [HKEY_USERS\S-1-5-21-4055778247-3674837687-767268293-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-02-01 17:44:26 ComboFix-quarantined-files.txt 2011-02-02 01:44 ComboFix2.txt 2011-02-02 01:34 ComboFix3.txt 2011-02-02 00:50 Pre-Run: 17,351,802,880 bytes free Post-Run: 17,303,355,392 bytes free - - End Of File - - 140CF62AA4B9FE82C9305233F7031037
  8. morandaminds
    Thanks Kenny! You're awesome. Defogger did NOT ask me to reboot when I disabled the drivers. Is this normal? I'm running combo-fix now and will post the log very soon.
  9. morandaminds
    I've thrown every tool I've got at this hijack, and it is still coming back for more. I've tried quick and full scans in safe and normal mode with mbytes which initially removed some items. I've tried TDSS Killer, Hitman 3.5 Pro, SuperAntiSpyware. I am at a loss and need some serious help. The browser hijack is redirecting me to sites and then every now and then coming up with a fake scan animation of my computer. I have tried rkill and it has killed some processes, but still no go with mbytes to finish the job. I appreciate the help greatly, Dustin DDS (Ver_10-12-12.02) - NTFS_AMD64 Run by Brandon at 15:17:49.45 on Tue 02/01/2011 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.2519 [GMT -8:00] AV: ESET Smart Security 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET Smart Security 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE C:\Windows\system32\WLANExt.exe C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\DellTPad\Apoint.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Dell\DellDock\DellDock.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\DellTPad\Apntex.exe C:\Windows\system32\conhost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\jusched.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\mswinext.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Brandon\Desktop\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.aol.com/ uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" StartupFolder: C:\Users\Brandon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File mRun-x64: [Apoint] C:\Program Files\DellTPad\Apoint.exe mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s mRun-x64: [igfxTray] C:\Windows\system32\igfxtray.exe mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe mRun-x64: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe mRun-x64: [broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe mRun-x64: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice ============= SERVICES / DRIVERS =============== R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-3-24 55280] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904] R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-10-9 92160] R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648] R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2010-6-24 166984] R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2010-6-24 810144] R2 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2010-4-28 50600] R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-3-24 2320920] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-3-24 172704] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344] R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2009-10-26 151936] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2009-9-26 233984] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-8-20 239616] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-30 136176] S2 McShield;McAfee Real-time Scanner;C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe --> C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [?] S3 McSysmon;McAfee SystemGuards;C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe --> C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe [?] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-7-16 220672] S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-21 1255736] =============== Created Last 30 ================ 2011-02-01 22:36:46 -------- d---a-w- C:\BLTDVS_toolkit 2011-02-01 19:49:02 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2011-02-01 19:48:58 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-02-01 19:25:30 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{72072ECD-3F72-46D0-A3C1-712611777295}\mpengine.dll 2011-02-01 18:21:54 -------- d-----w- C:\PROGRA~3\SUPERAntiSpyware.com 2011-02-01 17:51:04 -------- d-----w- C:\PROGRA~3\Hitman Pro 2011-02-01 16:54:08 -------- d-----w- C:\Users\Brandon\AppData\Roaming\Malwarebytes 2011-02-01 16:53:59 -------- d-----w- C:\PROGRA~3\Malwarebytes 2011-02-01 16:53:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2011-02-01 16:52:26 -------- d-----w- C:\Program Files (x86)\CleanUp! 2011-01-27 17:51:59 -------- d-----w- C:\Users\Brandon\AppData\Local\Microsoft Help 2011-01-20 23:54:11 -------- d-----w- C:\Users\Brandon\AppData\Roaming\Windows Live Writer 2011-01-20 23:54:11 -------- d-----w- C:\Users\Brandon\AppData\Local\Windows Live Writer 2011-01-12 17:27:42 -------- d-----w- C:\Windows\en 2011-01-12 17:24:21 -------- d-----w- C:\Program Files (x86)\MSN Toolbar 2011-01-12 17:24:09 -------- d-----w- C:\Program Files (x86)\Bing Bar Installer 2011-01-12 17:24:07 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll 2011-01-12 17:24:07 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll 2011-01-12 17:24:07 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll 2011-01-12 17:24:07 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll 2011-01-12 17:24:03 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll 2011-01-12 17:24:03 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll 2011-01-12 17:13:26 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5795bf21cbb27c2d\InstallManager_WLE_WLE.exe 2011-01-12 17:13:07 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\facc52741cbb27b22\MeshBetaRemover.exe 2011-01-12 17:12:52 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f1ce7fcb1cbb27b1a\DSETUP.dll 2011-01-12 17:12:52 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f1ce7fcb1cbb27b1a\DXSETUP.exe 2011-01-12 17:12:52 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f1ce7fcb1cbb27b1a\dsetup32.dll 2011-01-12 17:12:51 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f1231cb71cbb27b19\DSETUP.dll 2011-01-12 17:12:51 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f1231cb71cbb27b19\DXSETUP.exe 2011-01-12 17:12:51 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f1231cb71cbb27b19\dsetup32.dll 2011-01-12 17:12:08 -------- d-----w- C:\Users\Brandon\AppData\Local\Windows Live 2011-01-12 17:11:45 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll 2011-01-12 17:11:45 206848 ----a-w- C:\Windows\System32\mfps.dll 2011-01-12 17:11:45 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll 2011-01-12 17:11:45 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL 2011-01-12 17:11:45 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL 2011-01-12 17:11:44 4068864 ----a-w- C:\Windows\System32\mf.dll 2011-01-12 17:11:44 3181568 ----a-w- C:\Windows\SysWow64\mf.dll 2011-01-12 15:03:02 902656 ----a-w- C:\Windows\System32\d2d1.dll 2011-01-12 15:03:02 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll 2011-01-12 15:03:02 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll 2011-01-12 15:03:02 1540608 ----a-w- C:\Windows\System32\DWrite.dll 2011-01-12 15:03:02 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll 2011-01-12 15:03:01 662528 ----a-w- C:\Windows\System32\XpsPrint.dll 2011-01-12 15:03:01 1133568 ----a-w- C:\Windows\System32\FntCache.dll 2011-01-12 15:03:01 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll 2011-01-12 15:03:00 470016 ----a-w- C:\Windows\System32\XpsGdiConverter.dll 2011-01-12 15:03:00 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll ==================== Find3M ==================== 2010-11-30 01:38:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2010-11-30 01:38:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts 2010-11-13 02:53:06 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll 2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll 2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll 2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll 2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec 2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec 2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb ============= FINISH: 15:18:28.35 =============== This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Rkill was run on 02/01/2011 at 15:58:26. Operating System: Windows 7 Home Premium Processes terminated by Rkill or while it was running: C:\Windows\SysWOW64\InfDefaultInstall.exe C:\Windows\SysWOW64\runonce.exe Rkill completed on 02/01/2011 at 15:58:31. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5655 Windows 6.1.7600 (Safe Mode) Internet Explorer 8.0.7600.16385 2/1/2011 2:34:02 PM mbam-log-2011-02-01 (14-34-02).txt Scan type: Quick scan Objects scanned: 156434 Time elapsed: 1 minute(s), 55 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.