Jump to content

Google Redirects, WiFi Disabled and Attempt to Connect to Random IP


elx

Recommended Posts

Hi,

Please reinstall MBAM and see if error still occurs. Post fresh dds logs. What is exact brand and model name of your WLAN adapter?

Still attempting to find out about the model of the WLAN adapter without opening up my computer, but all things considered that's the smallest of my concerns. Reinstalling MBAM seems to have taken care of the error, and google is still functioning properly now. Logs to follow:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385

Run by elx at 14:18:28 on 2011-11-27

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8183.5883 [GMT -5:00]

.

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe

C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\System32\rundll32.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe

C:\OEM\USBDECTION\USBS3S4Detection.exe

C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\DeviceDisplayObjectProvider.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=fx6840&r=17361111z316p0495v1i5k45i1r49n

uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=fx6840&r=17361111z316p0495v1i5k45i1r49n

mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=fx6840&r=17361111z316p0495v1i5k45i1r49n

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\IPSBHO.DLL

BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - C:\ProgramData\Partner\Partner.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r

mRun: [updReg] C:\Windows\UpdReg.EXE

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

StartupFolder: C:\Users\elx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk.disabled

StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Photo Frame.lnk.disabled

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{0DBE69A3-F53C-486B-BD0F-46735CED41F9} : DhcpNameServer = 192.168.0.1

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll

BHO-X64: Symantec NCO BHO - No File

BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\IPSBHO.DLL

BHO-X64: Symantec Intrusion Prevention - No File

BHO-X64: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

mRun-x64: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r

mRun-x64: [updReg] C:\Windows\UpdReg.EXE

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20111114.002\BHDrvx64.sys [2011-11-14 1156216]

R1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys --> C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys [?]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20111124.030\IDSviA64.sys [2011-11-24 488568]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS [?]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS --> C:\Windows\system32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-27 366152]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccsvchst.exe [2011-11-25 126400]

R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-11-17 255744]

R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2010-4-21 243232]

R2 USBS3S4Detection;USBS3S4Detection;C:\OEM\USBDECTION\USBS3S4Detection.exe [2010-4-21 76320]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-21 138360]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-21 135664]

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-11-21 79360]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-11-21 79360]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-21 135664]

S3 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2010-4-21 332272]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2011-11-27 19:17:05 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-11-27 19:16:49 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-11-27 19:16:49 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-11-27 16:42:59 238088 ----a-w- C:\Windows\SysWow64\xactengine3_2.dll

2011-11-27 16:25:12 -------- d-----w- C:\Program Files (x86)\Common Files\Steam

2011-11-27 16:25:09 -------- d-----w- C:\Program Files (x86)\Steam

2011-11-26 21:56:56 -------- d-----w- C:\mbrfix

2011-11-25 16:40:56 593544 ----a-w- C:\Windows\System32\drivers\NISx64\1109000.00C\cchpx64.sys

2011-11-25 16:40:56 505392 ----a-w- C:\Windows\System32\drivers\NISx64\1109000.00C\srtsp64.sys

2011-11-25 16:40:56 451704 ----a-w- C:\Windows\System32\drivers\NISx64\1109000.00C\symtdiv.sys

2011-11-25 16:40:56 433200 ----a-r- C:\Windows\System32\drivers\NISx64\1109000.00C\symds64.sys

2011-11-25 16:40:56 32304 ----a-w- C:\Windows\System32\drivers\NISx64\1109000.00C\srtspx64.sys

2011-11-25 16:40:56 221304 ----a-w- C:\Windows\System32\drivers\NISx64\1109000.00C\symefa64.sys

2011-11-25 16:40:56 150064 ----a-w- C:\Windows\System32\drivers\NISx64\1109000.00C\ironx64.sys

2011-11-25 16:40:49 -------- d-----w- C:\Windows\System32\drivers\NISx64\1109000.00C

2011-11-25 08:21:38 -------- d-sh--w- C:\$RECYCLE.BIN

2011-11-25 06:16:11 98816 ----a-w- C:\Windows\sed.exe

2011-11-25 06:16:11 518144 ----a-w- C:\Windows\SWREG.exe

2011-11-25 06:16:11 256000 ----a-w- C:\Windows\PEV.exe

2011-11-25 06:16:11 208896 ----a-w- C:\Windows\MBR.exe

2011-11-25 06:15:00 -------- d-----w- C:\ComboFix

2011-11-24 08:00:38 -------- d-----w- C:\Program Files (x86)\MSXML 4.0

2011-11-23 08:44:42 -------- d-----w- C:\Windows\SysWow64\Wat

2011-11-23 08:44:41 -------- d-----w- C:\Windows\System32\Wat

2011-11-23 08:22:55 367104 ----a-w- C:\Windows\System32\wcncsvc.dll

2011-11-23 08:22:55 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll

2011-11-23 08:08:58 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll

2011-11-23 08:08:58 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll

2011-11-23 08:08:58 48960 ----a-w- C:\Windows\System32\netfxperf.dll

2011-11-23 08:08:58 444752 ----a-w- C:\Windows\System32\mscoree.dll

2011-11-23 08:08:58 320352 ----a-w- C:\Windows\System32\PresentationHost.exe

2011-11-23 08:08:58 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll

2011-11-23 08:08:58 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe

2011-11-23 08:08:58 1942856 ----a-w- C:\Windows\System32\dfshim.dll

2011-11-23 08:08:58 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll

2011-11-23 08:08:58 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll

2011-11-23 08:00:35 243712 ----a-w- C:\Windows\System32\drivers\ks.sys

2011-11-22 17:24:59 2003968 ----a-w- C:\Windows\System32\msxml6.dll

2011-11-22 17:23:59 1739176 ----a-w- C:\Windows\System32\ntdll.dll

2011-11-22 02:50:37 220672 ----a-w- C:\Windows\System32\wintrust.dll

2011-11-22 02:50:37 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll

2011-11-22 02:50:37 139264 ----a-w- C:\Windows\System32\cabview.dll

2011-11-22 02:50:37 132608 ----a-w- C:\Windows\SysWow64\cabview.dll

2011-11-21 22:46:33 0 ----a-w- C:\Windows\ativpsrm.bin

2011-11-21 22:45:43 3 ----a-w- C:\Windows\System32\PLD_Framework.cmd

2011-11-21 22:41:11 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies

2011-11-21 22:40:31 -------- d-----w- C:\Program Files\Common Files\ATI Technologies

2011-11-21 22:40:12 -------- d-----w- C:\Program Files\ATI

2011-11-21 22:40:11 -------- d-----w- C:\Program Files (x86)\ATI Technologies

2011-11-21 21:25:17 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab

2011-11-21 21:15:52 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2011-11-21 21:15:52 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2011-11-21 20:58:11 -------- d-----w- C:\Users\elx\AppData\Roaming\Malwarebytes

2011-11-21 20:58:02 -------- d-----w- C:\ProgramData\Malwarebytes

2011-11-21 20:34:05 -------- d-----w- C:\ProgramData\Ralink Driver

2011-11-21 20:33:49 -------- d-----w- C:\Users\elx\AppData\Local\CrashDumps

2011-11-21 20:31:52 -------- d-----w- C:\Users\elx\AppData\Local\Google

2011-11-21 20:18:12 -------- d-----w- C:\Users\elx\AppData\Local\ElevatedDiagnostics

2011-11-21 20:14:54 -------- d-----w- C:\Users\elx\AppData\Local\Best_Buy®

2011-11-21 20:08:08 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared

2011-11-21 20:01:20 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll

2011-11-21 20:01:20 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll

2011-11-21 20:01:09 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2011-11-21 20:00:34 -------- d-----w- C:\Program Files (x86)\Microsoft

2011-11-21 20:00:17 -------- d-----w- C:\Program Files (x86)\Windows Live SkyDrive

2011-11-21 19:59:46 74520 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1e20d9121cca888\DSETUP.dll

2011-11-21 19:59:46 484632 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1e20d9121cca888\DXSETUP.exe

2011-11-21 19:59:46 1670936 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1e20d9121cca888\dsetup32.dll

2011-11-21 19:59:31 140066664 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlc2348.tmp

2011-11-21 19:59:27 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live

2011-11-21 19:58:05 -------- d-----w- C:\ProgramData\Best Buy Software Installer

2011-11-21 19:58:05 -------- d-----w- C:\Program Files\Best Buy Software Installer

2011-11-21 19:58:04 -------- dc-h--w- C:\ProgramData\{249B9E04-F0FC-434D-B0D8-12D3EDFF3B77}

2011-11-21 19:58:03 -------- d-----w- C:\Users\elx\AppData\Local\PackageAware

2011-11-21 19:57:04 -------- d-----w- C:\Program Files (x86)\Common Files\CyberLink

2011-11-21 19:56:12 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2011-11-21 19:56:12 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2011-11-21 19:56:12 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll

2011-11-21 19:53:52 -------- d-----w- C:\Program Files\Creative

2011-11-21 19:53:27 -------- d-----w- C:\Program Files (x86)\Creative

2011-11-21 19:53:23 -------- d-----w- C:\Users\elx\AppData\Local\Diagnostics

2011-11-21 19:53:16 -------- d-----w- C:\Users\elx\AppData\Local\ATI

2011-11-21 19:51:54 -------- d-----w- C:\Users\elx\AppData\Local\VirtualStore

.

==================== Find3M ====================

.

2011-11-26 21:56:56 133632 ----a-w- C:\MbrFix64.exe

2011-11-21 19:54:37 466520 ----a-w- C:\Windows\System32\wrap_oal.dll

2011-11-21 19:54:37 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2011-11-21 19:54:37 123480 ----a-w- C:\Windows\System32\OpenAL32.dll

2011-11-21 19:54:37 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

2011-11-21 19:52:43 173104 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-09-29 16:24:44 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-09-29 04:09:30 3141120 ----a-w- C:\Windows\System32\win32k.sys

.

============= FINISH: 14:19:15.68 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 11/21/2011 2:49:10 PM

System Uptime: 11/27/2011 10:52:13 AM (4 hours ago)

.

Motherboard: Gateway | | FX6840

Processor: Intel® Core i7 CPU 860 @ 2.80GHz | CPU 1 | 2660/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 916 GiB total, 865.536 GiB free.

D: is CDROM (UDF)

E: is Removable

F: is Removable

G: is Removable

H: is Removable

I: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}

Description: Microsoft PS/2 Mouse

Device ID: ACPI\PNP0F03\4&DAE4155&0

Manufacturer: Microsoft

Name: Microsoft PS/2 Mouse

PNP Device ID: ACPI\PNP0F03\4&DAE4155&0

Service: i8042prt

.

==== System Restore Points ===================

.

RP5: 11/21/2011 9:50:38 PM - Windows Update

RP6: 11/23/2011 3:00:23 AM - Windows Update

RP7: 11/24/2011 3:00:11 AM - Windows Update

RP8: 11/25/2011 3:00:15 AM - Windows Update

RP9: 11/26/2011 3:00:15 AM - Windows Update

RP10: 11/27/2011 3:00:14 AM - Windows Update

RP11: 11/27/2011 11:24:53 AM - Installed Steam

RP12: 11/27/2011 11:42:03 AM - Installed DirectX

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

2007 Microsoft Office Suite Service Pack 2 (SP2)

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Reader 9.1 MUI

Advertising Center

AMD DnD V1.0.19

Backup Manager Advance

Best Buy Software Installer

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Choice Guard

Compatibility Pack for the 2007 Office system

CyberLink PowerDVD 9

Gateway InfoCentre

Gateway MyBackup

Gateway Recovery Management

Gateway Registration

Gateway ScreenSaver

Gateway Updater

Google Toolbar for Internet Explorer

Google Update Helper

Identity Card

ImagXpress

Junk Mail filter update

Malwarebytes' Anti-Malware version 1.51.2.1300

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Works

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 9 Essentials

Nero ControlCenter

Nero DiscSpeed

Nero DiscSpeed Help

Nero DriveSpeed

Nero DriveSpeed Help

Nero Express Help

Nero InfoTool

Nero InfoTool Help

Nero Installer

Nero Online Upgrade

Nero StartSmart

Nero StartSmart Help

Nero StartSmart OEM

NeroExpress

neroxml

Norton Internet Security

Photo Frame

Ralink RT2860 Wireless LAN Card

Realtek Ethernet Controller Driver For Windows 7

Realtek High Definition Audio Driver

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2553074)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft Office Excel 2007 (KB2553073)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2535818)

Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Spybot - Search & Destroy

Steam

System Requirements Lab CYRI

The Elder Scrolls V: Skyrim

THX TruStudio PC

Update for 2007 Microsoft Office System (KB2284654)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Welcome Center

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

.

==== Event Viewer Messages From Past Week ========

.

11/27/2011 2:15:04 PM, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.

11/27/2011 2:15:04 PM, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.

11/27/2011 11:26:20 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

11/27/2011 11:26:20 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/25/2011 3:20:18 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.0.101 with the system having network hardware address 16-DA-E9-08-46-87. Network operations on this system may be disrupted as a result.

11/25/2011 11:39:09 AM, Error: Tcpip [4199] - The system detected an address conflict for IP address 0.0.0.0 with the system having network hardware address 16-DA-E9-08-46-87. Network operations on this system may be disrupted as a result.

11/25/2011 1:52:51 AM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: A device attached to the system is not functioning.

11/25/2011 1:50:41 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

11/25/2011 1:05:02 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.

11/24/2011 7:40:55 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.0.106 with the system having network hardware address 16-DA-E9-08-46-87. Network operations on this system may be disrupted as a result.

11/23/2011 3:49:00 AM, Error: Service Control Manager [7023] -

11/23/2011 3:46:42 AM, Error: Service Control Manager [7034] - The Intel® Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s).

11/23/2011 3:46:41 AM, Error: Service Control Manager [7034] - The NTI IScheduleSvc service terminated unexpectedly. It has done this 1 time(s).

11/23/2011 3:46:33 AM, Error: Service Control Manager [7034] - The USBS3S4Detection service terminated unexpectedly. It has done this 1 time(s).

11/23/2011 3:46:32 AM, Error: Service Control Manager [7034] - The Updater Service service terminated unexpectedly. It has done this 1 time(s).

11/23/2011 3:46:31 AM, Error: Service Control Manager [7034] - The GRegService service terminated unexpectedly. It has done this 1 time(s).

11/23/2011 3:44:41 AM, Error: Application Popup [877] - There was error [DATABASE OPEN FAILED] processing the driver database.

11/23/2011 3:18:25 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243).

11/23/2011 3:14:48 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft XML Core Services 4.0 Service Pack 2 for x64-based Systems (KB973688).

11/23/2011 3:11:30 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft XML Core Services 4.0 Service Pack 2 for x64-based Systems (KB954430).

11/21/2011 5:38:50 PM, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.

.

==== End Of File ===========================

Link to post
Share on other sites

Hi,

Logs look good. Some programs need updating though. To find out which I recommend to install Secunia PSI (more below in this post).

THESE STEPS ARE VERY IMPORTANT

Let's reset system restore

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

A To disable the System Restore feature:

1. Click on the Start button.

2. Hover over the Computer option, right click on it and then click Properties.

3. On the left hand side, click Advanced Settings.

4. If asked to permit the action, click on Allow.

5. Click on the System Protection tab.

6. Select c: drive and click Configure...

7. Select Turn off protection

8. Press OK.

Repeat steps 6-8 for each hard drive.

B. Reboot.

C Turn ON System Restore.

Follow the steps like you did when disabling system restore but on step 7. select Restore system settings and previous versions of files -option.

Now lets uninstall ComboFix:

  • Click START then RUN
  • Now copy-paste Combofix /uninstall in the runbox and click OK

UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

Make your Internet Explorer more secure

This can be done by following these simple instructions:

From within Internet Explorer click on the Tools menu and then click on Options.

Click once on the Security tab

Click once on the Internet icon so it becomes highlighted.

Click once on the Custom Level button.

Change the Download signed ActiveX controls to Prompt

Change the Download unsigned ActiveX controls to Disable

Change the Initialize and script ActiveX controls not marked as safe to Disable

Change the Installation of desktop items to Prompt

Change the Launching programs and files in an IFRAME to Prompt

Change the Navigate sub-frames across different domains to Prompt

When all these settings have been made, click on the OK button.

If it prompts you as to whether or not you want to save the settings, press the Yes button.

Next press the Apply button and then the OK to exit the Internet Properties page.

Download and run Secunia Personal Software Inspector (PSI) and fix its findings. Leave the program installed so you'll stay alarmed about vulnerable components in future too.

Just a final reminder for you. I am trying to stress these two points.

UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.

Make sure all of your security programs are up to date.

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,

Blade :)

Link to post
Share on other sites

  • 2 weeks later...
  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.