Jump to content

forumcall4asst

Members
  • Posts

    10
  • Joined

  • Last visited

Reputation

0 Neutral
  1. This user is actually a group technician at a institution and he should NOT be going to the forums for assistance.

  2. Here are the logs... Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6176 Windows 6.1.7601 Service Pack 1 Internet Explorer 8.0.7601.17514 3/26/2011 1:17:18 PM mbam-log-2011-03-26 (13-17-18).txt Scan type: Full scan (C:\|) Objects scanned: 296750 Time elapsed: 32 minute(s), 19 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) . ==== Installed Programs ====================== . . 2007 Microsoft Office system Activation Assistant for the 2007 Microsoft Office suites Adams Personal Legal Forms and Agreements CD Adobe AIR Apple Application Support Apple Mobile Device Support Apple Software Update avast! Internet Security Bonjour CCleaner Creative Audio Control Panel Creative Software AutoUpdate Creative Sound Blaster Properties Defraggler Facebook Plug-In Furcadia Google Chrome iSEEK AnswerWorks English Runtime iTunes Lexmark 1300 Series MapleStory Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft IntelliPoint 8.0 Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional Hybrid 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 MobileMe Control Panel Nexon Game Manager NVIDIA Drivers NVIDIA PhysX NVIDIA Stereoscopic 3D Driver OGA Notifier 2.0.0048.0 Panda Internet Security 2011 QuickTime Roblox Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2289158) Security Update for 2007 Microsoft Office System (KB2344875) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for Microsoft Office Access 2007 (KB979440) Security Update for Microsoft Office Excel 2007 (KB2345035) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB982158) Security Update for Microsoft Office PowerPoint Viewer (KB2413381) Security Update for Microsoft Office Publisher 2007 (KB2284697) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) Shutterfly Express Uploader Sid Meier's Civilization V Steam TurboTax 2009 TurboTax 2009 waziper TurboTax 2009 WinPerFedFormset TurboTax 2009 WinPerReleaseEngine TurboTax 2009 WinPerTaxSupport TurboTax 2009 wrapper Unity Web Player Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Outlook 2007 (KB2412171) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update for Outlook 2007 Junk Email Filter (KB2508979) Windows Media Player Firefox Plugin Wizard101 WolfQuest World of Warcraft . ==== End Of File =========================== . DDS (Ver_11-03-05.01) - NTFSx86 Run by standard at 13:20:31.30 on Sat 03/26/2011 Internet Explorer: 8.0.7601.17514 . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\Creative\Shared Files\CTAudSvc.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Program Files\AVAST Software\Avast\afwServ.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\lxdccoms.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Lexmark 1300 Series\lxdcamon.exe C:\Users\Public\Games\World of Warcraft\WoW.exe C:\Program Files\Roblox\Versions\version-2b18f293e6da4dcc\RobloxApp.exe C:\Users\standard\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\standard\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\rundll32.exe C:\Users\standard\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\standard\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\standard\Downloads\dds (3).scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = <local>;*.local BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll uRun: [Google Update] "c:\users\standard\appdata\local\google\update\GoogleUpdate.exe" /c mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry mRun: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [lxdcmon.exe] "c:\program files\lexmark 1300 series\lxdcmon.exe" mRun: [lxdcamon] "c:\program files\lexmark 1300 series\lxdcamon.exe" uPolicies-explorer: RestrictRun = 0 (0x0) mPolicies-explorer: RestrictRun = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL Trusted Zone: intuit.com\ttlc DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab . ============= SERVICES / DRIVERS =============== . R? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 R? btusbflt;Bluetooth USB Filter R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86 R? Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service R? lxdcCATSCustConnectService;lxdcCATSCustConnectService R? TsUsbFlt;TsUsbFlt R? WatAdminSvc;Windows Activation Technologies Service S? aswFsBlk;aswFsBlk S? aswFW;avast! TDI Firewall driver S? aswMonFlt;aswMonFlt S? aswNdis;avast! Firewall NDIS Filter Service S? aswNdis2;avast! Firewall Core Firewall Service S? aswSnx;aswSnx S? aswSP;aswSP S? avast! Antivirus;avast! Antivirus S? avast! Firewall;avast! Firewall S? lxdc_device;lxdc_device S? RTL8167;Realtek 8167 NT Driver S? Stereo Service;NVIDIA Stereoscopic 3D Driver Service . =============== Created Last 30 ================ . 2011-03-26 06:17:21 1235712 ----a-w- c:\progra~2\SPLB50B.tmp 2011-03-26 05:44:58 1235712 ----a-w- c:\progra~2\SPL66AE.tmp 2011-03-26 05:32:57 103936 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\lxdcdrpp.dll 2011-03-26 05:31:29 999424 ----a-w- c:\windows\system32\lxdcusb1.dll 2011-03-26 05:31:29 700416 ----a-w- c:\windows\system32\lxdchbn3.dll 2011-03-26 05:31:29 684032 ----a-w- c:\windows\system32\lxdccomc.dll 2011-03-26 05:31:29 585728 ----a-w- c:\windows\system32\lxdclmpm.dll 2011-03-26 05:31:29 537520 ----a-w- c:\windows\system32\lxdccoms.exe 2011-03-26 05:31:29 425984 ----a-w- c:\windows\system32\lxdccomm.dll 2011-03-26 05:31:29 413696 ----a-w- c:\windows\system32\lxdcinpa.dll 2011-03-26 05:31:29 397312 ----a-w- c:\windows\system32\lxdciesc.dll 2011-03-26 05:31:29 1232896 ----a-w- c:\windows\system32\lxdcserv.dll 2011-03-25 16:41:14 -------- d-s---w- C:\ComboFix 2011-03-25 11:09:31 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{26b59704-b48f-4d75-acec-d5ca58618a59}\mpengine.dll 2011-03-24 03:04:07 333066941 ----a-w- c:\windows\trzBAC2.tmp 2011-03-24 00:57:42 1748260 ----a-w- c:\progra~2\SPLFF7A.tmp 2011-03-22 13:56:51 161792 ----a-w- c:\windows\system32\d3d10_1.dll 2011-03-22 05:26:37 -------- d-----w- c:\windows\system32\SPReview 2011-03-22 05:04:08 103936 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\1_lxdcdrpp.dll 2011-03-22 04:52:20 -------- d-----w- C:\lexmark 2011-03-21 15:20:06 -------- d-sh--w- C:\$RECYCLE.BIN 2011-03-21 15:14:45 -------- d-----w- c:\users\standard\appdata\local\Apple 2011-03-21 15:02:04 -------- d-----w- c:\users\standard\appdata\roaming\Uniblue 2011-03-21 15:01:36 -------- d-----w- c:\users\standard\appdata\local\PackageAware 2011-03-21 01:50:39 -------- d-----w- c:\windows\system32\EventProviders 2011-03-21 01:41:46 805376 ----a-w- c:\windows\system32\FntCache.dll 2011-03-21 01:41:46 739840 ----a-w- c:\windows\system32\d2d1.dll 2011-03-21 01:41:46 1076736 ----a-w- c:\windows\system32\DWrite.dll 2011-03-21 01:14:33 -------- d-----w- c:\program files\Microsoft IntelliPoint 2011-03-21 01:03:55 27676 ----a-w- c:\progra~2\SPL8610.tmp 2011-03-21 00:54:51 27676 ----a-w- c:\progra~2\SPLEBC4.tmp 2011-03-21 00:30:40 -------- d-----w- c:\users\standard\appdata\local\Adobe 2011-03-20 01:40:04 850944 ----a-w- c:\windows\system32\sbe.dll 2011-03-20 01:40:04 642048 ----a-w- c:\windows\system32\CPFilters.dll 2011-03-20 01:40:04 534528 ----a-w- c:\windows\system32\EncDec.dll 2011-03-20 01:40:04 199680 ----a-w- c:\windows\system32\mpg2splt.ax 2011-03-19 23:39:34 3947965 ----a-w- c:\progra~2\SPL7770.tmp 2011-03-19 22:48:48 3947965 ----a-w- c:\progra~2\SPL9DF3.tmp 2011-03-19 22:46:28 9723731 ----a-w- c:\progra~2\SPL4989.tmp 2011-03-15 03:56:18 101976 ----a-w- c:\windows\system32\drivers\aswFW.sys 2011-03-15 03:56:05 192728 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2011-03-15 03:56:04 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-03-15 03:56:04 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-03-15 03:55:42 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys 2011-03-15 03:55:34 -------- d-----w- c:\program files\AVAST Software 2011-03-15 03:55:34 -------- d-----w- c:\progra~2\AVAST Software 2011-03-15 03:22:44 -------- d-----w- c:\windows\LMI8EC8.tmp 2011-03-15 02:24:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-03-15 02:24:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-03-15 01:36:03 -------- d-----w- c:\windows\LMI42D9.tmp 2011-03-14 20:56:09 -------- d-----w- C:\$WINDOWS.~BT 2011-03-10 14:17:05 1279660 ----a-w- c:\progra~2\SPL9125.tmp 2011-03-10 05:30:39 -------- d-----w- c:\program files\iTunes 2011-03-10 05:30:39 -------- d-----w- c:\program files\iPod 2011-03-10 05:21:12 -------- d-----w- c:\program files\Bonjour 2011-03-06 19:36:48 -------- d-----w- c:\program files\Yontoo Layers Client . ==================== Find3M ==================== . 2011-03-22 05:29:21 152576 ----a-w- c:\windows\system32\msclmd.dll 2011-02-23 15:04:21 40648 ----a-w- c:\windows\avastSS.scr 2011-02-03 01:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-01-07 22:56:12 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll 2011-01-07 07:46:34 870912 ----a-w- c:\windows\system32\XpsPrint.dll 2011-01-07 07:46:34 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-01-07 07:45:57 34304 ----a-w- c:\windows\system32\atmlib.dll 2011-01-07 06:01:22 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-01-07 05:43:36 294400 ----a-w- c:\windows\system32\atmfd.dll 2011-01-05 05:55:55 428032 ----a-w- c:\windows\system32\vbscript.dll 2011-01-05 03:51:01 2330624 ----a-w- c:\windows\system32\win32k.sys . ============= FINISH: 13:22:06.50 ===============
  3. ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255) # OnlineScanner.ocx=1.0.0.6425 # api_version=3.0.2 # EOSSerial=c670697067ec2a47b89647e2f44a5b95 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-03-24 11:35:06 # local_time=2011-03-24 04:35:06 (-0700, US Mountain Standard Time) # country="United States" # lang=9 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=768 16777215 100 0 0 0 0 0 # compatibility_mode=5893 16776573 100 94 0 52552305 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=138968 # found=3 # cleaned=3 # scan_time=2192 C:\Users\standard\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003d5 Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\standard\Downloads\registrybooster (1).exe Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\standard\Downloads\registrybooster.exe Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C Security Check Log Results of screen317's Security Check version 0.99.10 Windows 7 Service Pack 1 (UAC is disabled!) Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! avast! Internet Security Panda Internet Security 2011 WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: CCleaner Java 6 Update 17 Out of date Java installed! Adobe Flash Player 10.2.152.32 Adobe Reader 9.4.1 Out of date Adobe Reader installed! ```````````````````````````````` Process Check: objlist.exe by Laurent AVAST Software Avast AvastSvc.exe AVAST Software Avast afwServ.exe AVAST Software Avast AvastUI.exe ``````````End of Log```````````` Thanks
  4. I had a rootkit removed and then encountered a that my internet searches were being redirected. That seems better but I still have glitches with my computer I could use help with. The latest issue is that whenever I try to print I get the following: The Interactive Services Detection Icon appears (never had before the virus attack). I get the following error message: Microsoft Visual C++ Debug Library C:\windows\system32\spoolsv.exe I welcome suggestions.
  5. ComboFix 11-03-19.06 - standard 03/21/2011 8:14.1.8 - x86 Here is the ComboFix Log. I also ran the WINDOWS scan they had on the website (have that log in case you want me to post it). DDS log is after the ComboFix Log. Thanks Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3062.1733 [GMT -7:00] Running from: c:\users\standard\Downloads\ComboFix.exe AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} FW: avast! Internet Security *Enabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47} SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Drop Down Deals c:\program files\Drop Down Deals\YontooIEClient.dll c:\program files\OfferBox c:\programdata\Tarma Installer c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico c:\users\standard\AppData\Local\{6105902F-EF52-4458-B1F1-BAB9585D3CF0} c:\users\standard\AppData\Local\{6105902F-EF52-4458-B1F1-BAB9585D3CF0}\chrome.manifest c:\users\standard\AppData\Local\{6105902F-EF52-4458-B1F1-BAB9585D3CF0}\chrome\content\_cfg.js c:\users\standard\AppData\Local\{6105902F-EF52-4458-B1F1-BAB9585D3CF0}\chrome\content\overlay.xul c:\users\standard\AppData\Local\{6105902F-EF52-4458-B1F1-BAB9585D3CF0}\install.rdf c:\users\standard\AppData\Roaming\OfferBox c:\users\standard\AppData\Roaming\OfferBox\config.dat c:\users\standard\AppData\Roaming\OfferBox\config.xml c:\users\standard\Documents\reg.reg . . ((((((((((((((((((((((((( Files Created from 2011-02-21 to 2011-03-21 ))))))))))))))))))))))))))))))) . . 2011-03-21 15:02 . 2011-03-21 15:02 -------- d-----w- c:\users\standard\AppData\Roaming\Uniblue 2011-03-21 15:02 . 2011-03-21 15:02 -------- dc-h--w- c:\programdata\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4} 2011-03-21 15:01 . 2011-03-21 15:01 -------- d-----w- c:\program files\Uniblue 2011-03-21 15:01 . 2011-03-21 15:01 -------- d-----w- c:\users\standard\AppData\Local\PackageAware 2011-03-21 02:05 . 2011-03-21 02:05 -------- d-----w- c:\program files\Lexmark 1300 Series 2011-03-21 02:05 . 2007-05-17 21:09 286720 ----a-w- c:\windows\system32\LXDCinst.dll 2011-03-21 02:05 . 2007-05-17 20:54 323584 ----a-w- c:\windows\system32\LXDChcp.dll 2011-03-21 01:51 . 2011-03-21 01:51 -------- d-----w- c:\windows\system32\SPReview 2011-03-21 01:50 . 2011-03-21 01:50 -------- d-----w- c:\windows\system32\EventProviders 2011-03-21 01:41 . 2011-02-19 05:33 802304 ----a-w- c:\windows\system32\FntCache.dll 2011-03-21 01:41 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\system32\DWrite.dll 2011-03-21 01:41 . 2011-02-19 05:32 739840 ----a-w- c:\windows\system32\d2d1.dll 2011-03-21 01:34 . 2007-01-18 13:18 103936 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lxdcdrpp.dll 2011-03-21 01:14 . 2011-03-21 01:14 -------- d-----w- c:\program files\Microsoft IntelliPoint 2011-03-21 01:03 . 2011-03-21 01:03 27676 ----a-w- c:\programdata\SPL8610.tmp 2011-03-21 00:54 . 2011-03-21 00:54 27676 ----a-w- c:\programdata\SPLEBC4.tmp 2011-03-21 00:30 . 2011-03-21 00:30 -------- d-----w- c:\users\standard\AppData\Local\Adobe 2011-03-20 01:40 . 2010-12-23 05:28 850432 ----a-w- c:\windows\system32\sbe.dll 2011-03-20 01:40 . 2010-12-23 05:28 642048 ----a-w- c:\windows\system32\CPFilters.dll 2011-03-20 01:40 . 2010-12-23 05:28 534528 ----a-w- c:\windows\system32\EncDec.dll 2011-03-20 01:40 . 2010-12-23 05:24 199680 ----a-w- c:\windows\system32\mpg2splt.ax 2011-03-20 01:40 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\system32\mstscax.dll 2011-03-20 01:40 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\system32\mstsc.exe 2011-03-19 23:39 . 2011-03-19 23:39 3947965 ----a-w- c:\programdata\SPL7770.tmp 2011-03-19 22:48 . 2011-03-19 22:48 3947965 ----a-w- c:\programdata\SPL9DF3.tmp 2011-03-19 22:46 . 2011-03-19 22:46 9723731 ----a-w- c:\programdata\SPL4989.tmp 2011-03-19 10:44 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{28340A80-2633-4A47-A4B3-A5D9A0E3053C}\mpengine.dll 2011-03-15 03:56 . 2011-02-23 14:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-03-15 03:56 . 2011-02-23 14:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-03-15 03:56 . 2011-02-23 14:57 101976 ----a-w- c:\windows\system32\drivers\aswFW.sys 2011-03-15 03:56 . 2011-02-23 14:56 192728 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2011-03-15 03:56 . 2011-02-23 14:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-03-15 03:56 . 2011-02-23 14:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-03-15 03:56 . 2011-02-23 14:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-03-15 03:56 . 2011-02-23 14:55 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-03-15 03:55 . 2011-02-23 13:34 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys 2011-03-15 03:55 . 2011-02-23 15:04 190016 ----a-w- c:\windows\system32\aswBoot.exe 2011-03-15 03:55 . 2011-03-15 03:55 -------- d-----w- c:\programdata\AVAST Software 2011-03-15 03:55 . 2011-03-15 03:55 -------- d-----w- c:\program files\AVAST Software 2011-03-15 03:22 . 2011-03-16 13:47 -------- d-----w- c:\windows\LMI8EC8.tmp 2011-03-15 02:24 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-03-15 02:24 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-03-15 01:36 . 2011-03-15 03:58 -------- d-----w- c:\windows\LMI42D9.tmp 2011-03-14 20:56 . 2011-03-14 20:56 -------- d-----w- C:\$WINDOWS.~BT 2011-03-10 14:17 . 2011-03-10 14:17 1279660 ----a-w- c:\programdata\SPL9125.tmp 2011-03-10 05:30 . 2011-03-10 05:31 -------- d-----w- c:\program files\iTunes 2011-03-10 05:30 . 2011-03-10 05:30 -------- d-----w- c:\program files\iPod 2011-03-10 05:21 . 2011-03-10 05:21 -------- d-----w- c:\program files\Bonjour 2011-03-08 05:25 . 2011-03-08 05:25 -------- d-----w- c:\users\Default\AppData\Roaming\Apple Computer 2011-03-06 19:36 . 2011-03-06 19:36 -------- d-----w- c:\program files\Yontoo Layers Client 2011-02-23 10:00 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll 2011-02-22 23:19 . 2011-01-07 07:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll 2011-02-22 23:19 . 2011-01-07 07:31 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-02-19 23:35 . 2011-03-06 16:50 0 ----a-w- c:\users\standard\AppData\Local\Okenuyod.bin . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-23 15:04 . 2010-12-27 22:04 40648 ----a-w- c:\windows\avastSS.scr 2011-02-03 05:45 . 2011-02-09 01:39 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2011-02-03 00:11 . 2009-10-30 18:58 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-01-07 22:56 . 2011-01-07 22:56 40800 ----a-w- c:\windows\system32\drivers\point32.sys 2011-01-07 22:56 . 2011-01-07 22:56 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll 2011-01-07 07:27 . 2011-02-09 01:39 34304 ----a-w- c:\windows\system32\atmlib.dll 2011-01-07 05:33 . 2011-02-09 01:39 294400 ----a-w- c:\windows\system32\atmfd.dll 2011-01-05 05:37 . 2011-02-09 01:39 428032 ----a-w- c:\windows\system32\vbscript.dll 2011-01-05 03:37 . 2011-02-09 01:39 2329088 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-02-23 15:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\users\standard\AppData\Local\Google\Update\GoogleUpdate.exe" [2011-03-20 136176] "RegistryBooster"="c:\program files\Uniblue\RegistryBooster\launcher.exe" [2011-01-21 67456] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "P17RunE"="P17RunE.dll" [2008-03-28 14848] "P17Helper"="SPIRun.dll" [2006-07-03 10752] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 1797488] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-21 06:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-09-23 11:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2010-09-22 07:28 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-03-07 22:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] 2010-11-20 00:38 1242448 ----a-w- c:\program files\Steam\steam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-12-19 04:53 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel] 2007-03-01 00:50 180224 ------w- c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 45736] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-10-30 79360] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-04 1343400] S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2011-02-23 12112] S0 aswNdis2;avast! Firewall Core Firewall Service; [x] S1 aswFW;avast! TDI Firewall driver; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-02-23 53592] S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2011-02-23 121000] S2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe [2007-05-25 537520] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-09-27 240232] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776] . . Contents of the 'Scheduled Tasks' folder . 2011-03-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3875254957-3642004176-2087085084-1000Core.job - c:\users\standard\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 02:17] . 2011-03-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3875254957-3642004176-2087085084-1000UA.job - c:\users\standard\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 02:17] . 2011-03-21 c:\windows\Tasks\RegistryBooster.job - c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-01-21 14:19] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = <local>;*.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: intuit.com\ttlc . - - - - ORPHANS REMOVED - - - - . BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\Drop Down Deals\YontooIEClient.dll MSConfigStartUp-lxdcamon - c:\program files\Lexmark 1300 Series\lxdcamon.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-03-21 08:20:02 ComboFix-quarantined-files.txt 2011-03-21 15:20 . Pre-Run: 925,946,929,152 bytes free Post-Run: 925,894,725,632 bytes free . - - End Of File - - 3C7C441F62592BF9A7033ED3D031B8EE Here is the DDS log . DDS (Ver_11-03-05.01) - NTFSx86 Run by standard at 8:22:42.28 on Mon 03/21/2011 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3062.1675 [GMT -7:00] . AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: avast! Internet Security *Enabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\Creative\Shared Files\CTAudSvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\AVAST Software\Avast\afwServ.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\system32\lxdccoms.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\WUDFHost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\mmc.exe C:\Windows\System32\spoolsv.exe C:\Users\standard\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\standard\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe C:\Windows\system32\taskeng.exe C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe C:\Users\standard\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\system32\ctfmon.exe C:\Windows\system32\notepad.exe C:\Windows\explorer.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\standard\Downloads\dds (2).scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = <local>;*.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll uRun: [Google Update] "c:\users\standard\appdata\local\google\update\GoogleUpdate.exe" /c uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000 mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry mRun: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL Trusted Zone: intuit.com\ttlc DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab . ============= SERVICES / DRIVERS =============== . R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2011-3-14 12112] R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2011-3-14 192728] R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2011-3-14 101976] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-14 371544] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-14 301528] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-14 19544] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-3-14 53592] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-14 42184] R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2011-3-14 121000] R2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe -service --> c:\windows\system32\lxdccoms.exe -service [?] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-9-27 240232] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-10-30 79360] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-3 1343400] . =============== Created Last 30 ================ . 2011-03-21 15:20:06 -------- d-sh--w- C:\$RECYCLE.BIN 2011-03-21 15:14:45 -------- d-----w- c:\users\standard\appdata\local\Apple 2011-03-21 15:13:34 98816 ----a-w- c:\windows\sed.exe 2011-03-21 15:13:34 89088 ----a-w- c:\windows\MBR.exe 2011-03-21 15:13:34 256512 ----a-w- c:\windows\PEV.exe 2011-03-21 15:13:34 161792 ----a-w- c:\windows\SWREG.exe 2011-03-21 15:02:04 -------- d-----w- c:\users\standard\appdata\roaming\Uniblue 2011-03-21 15:02:00 -------- dc-h--w- c:\progra~2\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4} 2011-03-21 15:01:59 -------- d-----w- c:\program files\Uniblue 2011-03-21 15:01:36 -------- d-----w- c:\users\standard\appdata\local\PackageAware 2011-03-21 02:05:44 323584 ----a-w- c:\windows\system32\LXDChcp.dll 2011-03-21 02:05:44 286720 ----a-w- c:\windows\system32\LXDCinst.dll 2011-03-21 02:05:44 -------- d-----w- c:\program files\Lexmark 1300 Series 2011-03-21 01:51:05 -------- d-----w- c:\windows\system32\SPReview 2011-03-21 01:50:39 -------- d-----w- c:\windows\system32\EventProviders 2011-03-21 01:41:46 802304 ----a-w- c:\windows\system32\FntCache.dll 2011-03-21 01:41:46 739840 ----a-w- c:\windows\system32\d2d1.dll 2011-03-21 01:41:46 1074176 ----a-w- c:\windows\system32\DWrite.dll 2011-03-21 01:34:34 103936 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\lxdcdrpp.dll 2011-03-21 01:14:33 -------- d-----w- c:\program files\Microsoft IntelliPoint 2011-03-21 01:03:55 27676 ----a-w- c:\progra~2\SPL8610.tmp 2011-03-21 00:54:51 27676 ----a-w- c:\progra~2\SPLEBC4.tmp 2011-03-21 00:30:40 -------- d-----w- c:\users\standard\appdata\local\Adobe 2011-03-20 01:40:04 850432 ----a-w- c:\windows\system32\sbe.dll 2011-03-20 01:40:04 642048 ----a-w- c:\windows\system32\CPFilters.dll 2011-03-20 01:40:04 534528 ----a-w- c:\windows\system32\EncDec.dll 2011-03-20 01:40:04 2690560 ----a-w- c:\windows\system32\mstscax.dll 2011-03-20 01:40:04 199680 ----a-w- c:\windows\system32\mpg2splt.ax 2011-03-20 01:40:03 1034240 ----a-w- c:\windows\system32\mstsc.exe 2011-03-19 23:39:34 3947965 ----a-w- c:\progra~2\SPL7770.tmp 2011-03-19 22:48:48 3947965 ----a-w- c:\progra~2\SPL9DF3.tmp 2011-03-19 22:46:28 9723731 ----a-w- c:\progra~2\SPL4989.tmp 2011-03-19 10:44:27 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{28340a80-2633-4a47-a4b3-a5d9a0e3053c}\mpengine.dll 2011-03-15 03:56:18 101976 ----a-w- c:\windows\system32\drivers\aswFW.sys 2011-03-15 03:56:05 192728 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2011-03-15 03:56:04 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-03-15 03:56:04 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-03-15 03:55:42 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys 2011-03-15 03:55:34 -------- d-----w- c:\program files\AVAST Software 2011-03-15 03:55:34 -------- d-----w- c:\progra~2\AVAST Software 2011-03-15 03:22:44 -------- d-----w- c:\windows\LMI8EC8.tmp 2011-03-15 02:24:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-03-15 02:24:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-03-15 01:36:03 -------- d-----w- c:\windows\LMI42D9.tmp 2011-03-14 20:56:09 -------- d-----w- C:\$WINDOWS.~BT 2011-03-10 14:17:05 1279660 ----a-w- c:\progra~2\SPL9125.tmp 2011-03-10 05:30:39 -------- d-----w- c:\program files\iTunes 2011-03-10 05:30:39 -------- d-----w- c:\program files\iPod 2011-03-10 05:21:12 -------- d-----w- c:\program files\Bonjour 2011-03-06 19:36:48 -------- d-----w- c:\program files\Yontoo Layers Client 2011-02-23 10:00:27 276992 ----a-w- c:\windows\system32\wcncsvc.dll 2011-02-22 23:19:12 442880 ----a-w- c:\windows\system32\XpsPrint.dll 2011-02-22 23:19:12 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-02-19 23:35:46 0 ----a-w- c:\users\standard\appdata\local\Okenuyod.bin . ==================== Find3M ==================== . 2011-02-23 15:04:21 40648 ----a-w- c:\windows\avastSS.scr 2011-02-03 00:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-01-07 22:56:12 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll 2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll 2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll 2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll 2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys . ============= FINISH: 8:22:55.36 ===============
  6. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6111 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 3/20/2011 8:34:51 AM mbam-log-2011-03-20 (08-34-51).txt Scan type: Full scan (C:\|) Objects scanned: 259130 Time elapsed: 21 minute(s), 39 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS LOGS C:\Windows\system32\UI0Detect.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\UI0Detect.exe C:\Users\standard\Downloads\aswMBR (1).exe C:\Users\standard\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\standard\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchProtocolHost.exe C:\Users\standard\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\standard\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\AVAST Software\Avast\setup\avast.setup C:\Users\standard\Downloads\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = <local>;*.local mWinlogon: Userinit=userinit.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\drop down deals\YontooIEClient.dll TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll uRun: [Google Update] "c:\users\standard\appdata\local\google\update\GoogleUpdate.exe" /c mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry mRun: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL Trusted Zone: intuit.com\ttlc DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab . ============= SERVICES / DRIVERS =============== . R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2011-3-14 12112] R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2011-3-14 192728] R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2011-3-14 101976] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-14 371544] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-14 301528] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-14 19544] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-3-14 53592] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-14 42184] R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2011-3-14 121000] R2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe -service --> c:\windows\system32\lxdccoms.exe -service [?] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-9-27 240232] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 lxdcCATSCustConnectService;lxdcCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdcserv.exe [2007-5-25 99248] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-10-30 79360] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-3 1343400] . =============== Created Last 30 ================ . . ==================== Find3M ==================== . . ============= FINISH: 8:43:37.75 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_11-03-05.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 11/3/2009 5:49:33 PM System Uptime: 3/19/2011 4:39:07 PM (16 hours ago) . Motherboard: ASUSTeK Computer INC. | | P6T Processor: Intel® Core i7 CPU 920 @ 2.67GHz | LGA1366 | 2668/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 931 GiB total, 862.951 GiB free. D: is CDROM () E: is Removable F: is Removable G: is Removable H: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP239: 3/20/2011 12:03:21 AM - Scheduled Checkpoint RP240: 3/20/2011 3:00:15 AM - Windows Update . ==== Installed Programs ====================== . . 2007 Microsoft Office system Activation Assistant for the 2007 Microsoft Office suites Adams Personal Legal Forms and Agreements CD Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9.4.1 Apple Application Support Apple Mobile Device Support Apple Software Update avast! Internet Security Bonjour CCleaner Creative Audio Control Panel Creative Software AutoUpdate Creative Sound Blaster Properties Defraggler Facebook Plug-In Furcadia Google Chrome iSEEK AnswerWorks English Runtime iTunes Java 6 Update 17 Lexmark 1300 Series MapleStory Microsoft .NET Framework 4 Client Profile Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional Hybrid 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 MobileMe Control Panel Nexon Game Manager NVIDIA Drivers NVIDIA PhysX NVIDIA Stereoscopic 3D Driver OGA Notifier 2.0.0048.0 Panda Internet Security 2011 QuickTime Roblox Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2289158) Security Update for 2007 Microsoft Office System (KB2344875) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for Microsoft Office Access 2007 (KB979440) Security Update for Microsoft Office Excel 2007 (KB2345035) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB982158) Security Update for Microsoft Office PowerPoint Viewer (KB2413381) Security Update for Microsoft Office Publisher 2007 (KB2284697) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) Shutterfly Express Uploader Sid Meier's Civilization V Steam TurboTax 2009 TurboTax 2009 waziper TurboTax 2009 WinPerFedFormset TurboTax 2009 WinPerReleaseEngine TurboTax 2009 WinPerTaxSupport TurboTax 2009 wrapper Unity Web Player Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Outlook 2007 (KB2412171) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update for Outlook 2007 Junk Email Filter (KB2508979) Windows Media Player Firefox Plugin Wizard101 WolfQuest World of Warcraft . ==== Event Viewer Messages From Past Week ======== . 3/19/2011 9:30:59 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 3/19/2011 8:31:08 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 3/19/2011 8:29:44 AM, Error: Service Control Manager [7030] - The LogMeIn Rescue (5c82b248-da45-4d3c-a904-78deb1961380) service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 3/19/2011 4:39:29 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxdcCATSCustConnectService service to connect. 3/19/2011 4:39:29 PM, Error: Service Control Manager [7000] - The lxdcCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/19/2011 4:38:13 PM, Error: Service Control Manager [7016] - The NVIDIA Display Driver Service service has reported an invalid current state 32. 3/19/2011 3:48:52 PM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s). 3/19/2011 3:48:36 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xa4f3384c, 0x00000000, 0x83a3cce0, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031911-26956-01. 3/19/2011 3:43:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 3/19/2011 12:39:35 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 3/19/2011 12:39:35 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 3/19/2011 12:39:35 AM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 3/19/2011 12:39:35 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 3/18/2011 6:09:33 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 3/18/2011 6:07:45 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 3/18/2011 6:07:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 3/18/2011 6:07:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 3/18/2011 6:07:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 3/18/2011 6:07:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 3/18/2011 6:07:33 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi discache spldr Wanarpv6 3/18/2011 6:07:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B} 3/18/2011 6:07:31 PM, Error: Service Control Manager [7001] - The Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 3/18/2011 6:07:29 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xffffff6f, 0x00000000, 0x83a6bab4, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031811-22854-01. 3/18/2011 6:07:28 PM, Error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start. 3/18/2011 5:14:21 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running. 3/18/2011 5:14:21 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running. 3/18/2011 5:13:21 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running. 3/18/2011 5:12:21 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/18/2011 5:12:21 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/18/2011 5:12:21 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/18/2011 5:12:21 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 3/18/2011 5:12:21 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/18/2011 5:12:21 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/18/2011 5:12:21 PM, Error: Service Control Manager [7031] - The Remote Desktop Configuration service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/18/2011 5:12:21 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 3/18/2011 5:12:21 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 3/18/2011 5:12:21 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 3/18/2011 5:12:21 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 3/18/2011 5:12:21 PM, Error: Service Control Manager [7031] - The Certificate Propagation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 3/16/2011 7:32:09 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service. 3/16/2011 7:32:09 AM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/16/2011 2:32:42 PM, Error: Service Control Manager [7022] - The Server service hung on starting. 3/16/2011 2:32:42 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state. 3/16/2011 2:12:31 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 3/16/2011 12:09:43 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Winmgmt service. 3/16/2011 12:09:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820} 3/16/2011 11:28:50 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CertPropSvc service. 3/16/2011 11:28:50 AM, Error: Service Control Manager [7000] - The Certificate Propagation service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/16/2011 11:28:20 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EapHost service. 3/16/2011 11:28:20 AM, Error: Service Control Manager [7000] - The Extensible Authentication Protocol service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/16/2011 11:27:50 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the gpsvc service. 3/16/2011 11:27:50 AM, Error: Service Control Manager [7000] - The Group Policy Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/16/2011 11:27:20 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service. 3/16/2011 11:27:20 AM, Error: Service Control Manager [7000] - The IKE and AuthIP IPsec Keying Modules service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/16/2011 11:26:50 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Windows Management Instrumentation service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion. 3/16/2011 11:26:20 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ProfSvc service. 3/16/2011 11:26:20 AM, Error: Service Control Manager [7000] - The User Profile Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/16/2011 11:25:20 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service. 3/16/2011 11:25:20 AM, Error: Service Control Manager [7000] - The System Event Notification Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/16/2011 11:23:00 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service. 3/16/2011 11:23:00 AM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/16/2011 11:22:30 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service. 3/16/2011 11:22:30 AM, Error: Service Control Manager [7000] - The Task Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/16/2011 11:22:00 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service. 3/16/2011 11:22:00 AM, Error: Service Control Manager [7000] - The Windows Update service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/16/2011 11:21:30 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Themes service. 3/16/2011 11:21:30 AM, Error: Service Control Manager [7000] - The Themes service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/16/2011 11:21:00 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SessionEnv service. 3/16/2011 11:21:00 AM, Error: Service Control Manager [7000] - The Remote Desktop Configuration service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/16/2011 11:18:38 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/16/2011 1:46:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 3/15/2011 6:26:55 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The system cannot find the path specified. 3/15/2011 2:22:58 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 3/15/2011 1:14:14 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service. 3/15/2011 1:14:14 AM, Error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/15/2011 1:09:22 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/14/2011 8:53:31 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x821023e1, 0x8bd97b50, 0x8bd97730). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031411-20529-01. 3/14/2011 8:22:45 PM, Error: Service Control Manager [7030] - The LogMeIn Rescue (0b68c1be-1e52-4769-8001-81e67dba988a) service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 3/14/2011 7:29:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064} 3/14/2011 7:28:57 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0x80e7f9f4, 0x00000000, 0x8aa48ce0, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031411-19203-01. 3/14/2011 7:14:58 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x8aa73ab4, 0x8be1bb70, 0x8be1b750). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031411-18470-01. 3/14/2011 7:08:28 PM, Error: Service Control Manager [7001] - The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion. 3/14/2011 7:04:55 PM, Error: Service Control Manager [7001] - The WLAN AutoConfig service depends on the Extensible Authentication Protocol service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion. 3/14/2011 7:04:25 PM, Error: Service Control Manager [7022] - The User Profile Service service hung on starting. 3/14/2011 6:36:05 PM, Error: Service Control Manager [7030] - The LogMeIn Rescue (470d587c-d2ca-4ae1-9c60-cb4c4c81c843) service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 3/14/2011 5:58:27 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x00000003, 0x86ec9250, 0x86ec93bc, 0x822400e0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031411-17706-01. 3/14/2011 4:51:59 PM, Error: Service Control Manager [7030] - The LogMeIn Rescue (523b942e-d652-4cb1-bf38-15b372ac9e4b) service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 3/14/2011 4:41:28 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x8aa78ad3, 0x8d81bb70, 0x8d81b750). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031411-22791-01. 3/14/2011 3:43:59 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2. 3/14/2011 3:32:43 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x8aa55ad3, 0x8d81fb70, 0x8d81f750). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031411-19936-01. 3/14/2011 2:08:17 PM, Error: Microsoft-Windows-WMPNSS-Service [14356] - A media delivery engine with ID '0x80070057' was not initialized because RegisterDelegate() encountered error ''. Restart your computer, and then restart the WMPNetworkSvc service. 3/14/2011 2:08:17 PM, Error: Microsoft-Windows-WMPNSS-Service [14348] - A new media server was not initialized due to error '0x80070057'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, in Windows Media Player, turn off media sharing, and then turn it back on. 3/14/2011 2:08:17 PM, Error: Microsoft-Windows-WMPNSS-Service [14323] - Service 'WMPNetworkSvc' did not start correctly because MFCreateWMPMDEOpCenter encountered error '0xc00d36b0'. If possible, reinstall Windows Media Player. 3/14/2011 2:08:16 PM, Error: Service Control Manager [7023] - The Software Protection service terminated with the following error: The system cannot find the file specified. 3/14/2011 2:06:11 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswFW aswSnx aswTdi spldr 3/14/2011 2:05:58 PM, Error: Service Control Manager [7000] - The Link-Layer Topology Discovery Responder service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode. 3/14/2011 2:05:58 PM, Error: Service Control Manager [7000] - The Link-Layer Topology Discovery Mapper I/O Driver service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode. . ==== End Of File ===========================
  7. I am trying to get rid of whatever is making my searches redirected. So far, I uninstalled firefox and installed google chrome. Below are the logs. aswMBR version 0.9.4 Copyright© 2011 AVAST Software Run date: 2011-03-19 20:12:33 ----------------------------- 20:12:33.104 OS Version: Windows 6.1.7600 20:12:33.104 Number of processors: 8 586 0x1A05 20:12:33.104 ComputerName: STANDARD-PC UserName: standard 20:12:36.131 Initialize success 20:12:38.081 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 20:12:38.096 Disk 0 Vendor: Intel___ 1.0. Size: 953867MB BusType: 8 20:12:38.096 Disk 0 MBR read successfully 20:12:38.096 Disk 0 MBR scan 20:12:38.096 Disk 0 scanning sectors +1953517568 20:12:38.128 Disk 0 scanning C:\Windows\system32\drivers 20:12:41.263 Service scanning 20:12:42.355 Disk 0 trace - called modules: 20:12:42.355 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStorV.sys halmacpi.dll 20:12:42.371 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x871fc530] 20:12:42.371 3 CLASSPNP.SYS[8bc8559e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x866d3028] 20:12:42.371 Scan finished successfully Any suggestions would be appreciated. Thanks
  8. Ran Malwarebytes (please note that it was not detecting the MBR infection before. It was coming up as a suspicious file in Avast but it wouldn't get rid of it) Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6107 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 3/19/2011 5:03:26 PM mbam-log-2011-03-19 (17-03-26).txt Scan type: Full scan (C:\|) Objects scanned: 258372 Time elapsed: 23 minute(s), 40 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  9. Followed your instructions. Here is the log ersion 0.9.4 Copyright© 2011 AVAST Software Run date: 2011-03-19 16:32:24 ----------------------------- 16:32:24.072 OS Version: Windows 6.1.7600 16:32:24.072 Number of processors: 8 586 0x1A05 16:32:24.072 ComputerName: STANDARD-PC UserName: standard 16:32:26.614 Initialize success 16:32:28.393 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\iaStor0 16:32:28.408 Disk 0 Vendor: Intel___ 1.0. Size: 953867MB BusType: 8 16:32:28.408 Device \Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskVolume01.0.00__#4&19feaa6c&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found 16:32:28.408 Disk 0 MBR read successfully 16:32:28.408 Disk 0 MBR scan 16:32:28.408 Disk 0 TDL4@MBR code has been found 16:32:28.408 Disk 0 MBR hidden 16:32:28.408 Disk 0 MBR [TDL4] **ROOTKIT** 16:32:28.408 Disk 0 trace - called modules: 16:32:28.424 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8761d439]<< 16:32:28.424 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x875fc580] 16:32:28.424 3 CLASSPNP.SYS[8bbb959e] -> nt!IofCallDriver -> [0x86ad22b8] 16:32:28.424 \Driver\iaStorV[0x87600cc0] -> IRP_MJ_CREATE -> 0x8761d439 16:32:28.424 Scan finished successfully 16:32:31.466 Disk 0 fixing MBR 16:32:41.918 Disk 0 MBR restored successfully 16:32:41.918 Infection fixed successfully - please reboot ASAP
  10. I ran the asw MBR and this is what I got...BTW thanks for your help aswMBR version 0.9.4 Copyright© 2011 AVAST Software Run date: 2011-03-19 16:20:27 ----------------------------- 16:20:27.961 OS Version: Windows 6.1.7600 16:20:27.961 Number of processors: 8 586 0x1A05 16:20:27.961 ComputerName: STANDARD-PC UserName: standard 16:20:30.457 Initialize success 16:20:41.237 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\iaStor0 16:20:41.237 Disk 0 Vendor: Intel___ 1.0. Size: 953867MB BusType: 8 16:20:41.237 Device \Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskVolume01.0.00__#4&19feaa6c&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found 16:20:41.237 Disk 0 MBR read successfully 16:20:41.252 Disk 0 MBR scan 16:20:41.252 Disk 0 TDL4@MBR code has been found 16:20:41.252 Disk 0 MBR hidden 16:20:41.252 Disk 0 MBR [TDL4] **ROOTKIT** 16:20:41.252 Disk 0 trace - called modules: 16:20:41.252 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8761d439]<< 16:20:41.252 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x875fc580] 16:20:41.268 3 CLASSPNP.SYS[8bbb959e] -> nt!IofCallDriver -> [0x86ad22b8] 16:20:41.268 \Driver\iaStorV[0x87600cc0] -> IRP_MJ_CREATE -> 0x8761d439 16:20:41.268 Scan finished successfully aswMBR version 0.9.4 Copyright© 2011 AVAST Software Run date: 2011-03-19 16:20:27 ----------------------------- 16:20:27.961 OS Version: Windows 6.1.7600 16:20:27.961 Number of processors: 8 586 0x1A05 16:20:27.961 ComputerName: STANDARD-PC UserName: standard 16:20:30.457 Initialize success 16:20:41.237 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\iaStor0 16:20:41.237 Disk 0 Vendor: Intel___ 1.0. Size: 953867MB BusType: 8 16:20:41.237 Device \Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskVolume01.0.00__#4&19feaa6c&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found 16:20:41.237 Disk 0 MBR read successfully 16:20:41.252 Disk 0 MBR scan 16:20:41.252 Disk 0 TDL4@MBR code has been found 16:20:41.252 Disk 0 MBR hidden 16:20:41.252 Disk 0 MBR [TDL4] **ROOTKIT** 16:20:41.252 Disk 0 trace - called modules: 16:20:41.252 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8761d439]<< 16:20:41.252 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x875fc580] 16:20:41.268 3 CLASSPNP.SYS[8bbb959e] -> nt!IofCallDriver -> [0x86ad22b8] 16:20:41.268 \Driver\iaStorV[0x87600cc0] -> IRP_MJ_CREATE -> 0x8761d439 16:20:41.268 Scan finished successfully
  11. My computer recently became infected with mbr physicaldrive0 and I would appreciate help removing it. I am not sure how to run the logs I've seen on these forums but I am a quick learner. Any assistance is appreciated
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.