Jump to content

Infected with AV Security 2012, removed it and now I have internet troubles


12xp12

Recommended Posts

Realized I was infected when AV Security 2012 kept popping up and I was being redirected when trying to use the internet. After seemingly removing it using MBAM, I am now having internet connection issues- I can't connect. I know it is a local problem because the other computers in my household have no such internet issues.

DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_20
Run by Austin at 11:44:47 on 2011-12-11
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2037.1286 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\aestsrv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.dell.com
uURLSearchHooks: H - No File
uURLSearchHooks: iPhone OS 3 Toolbar: {74714d77-1695-4e73-a98e-25cb374f46b4} - c:\program files\iphone_os_3\tbiPho.dll
uURLSearchHooks: RuneScape Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - c:\program files\runescape\prxtbRune.dll
mURLSearchHooks: iPhone OS 3 Toolbar: {74714d77-1695-4e73-a98e-25cb374f46b4} - c:\program files\iphone_os_3\tbiPho.dll
mURLSearchHooks: RuneScape Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - c:\program files\runescape\prxtbRune.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: iPhone OS 3 Toolbar: {74714d77-1695-4e73-a98e-25cb374f46b4} - c:\program files\iphone_os_3\tbiPho.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: RuneScape Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - c:\program files\runescape\prxtbRune.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: iPhone OS 3 Toolbar: {74714d77-1695-4e73-a98e-25cb374f46b4} - c:\program files\iphone_os_3\tbiPho.dll
TB: RuneScape Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - c:\program files\runescape\prxtbRune.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Nvidia Driver] c:\users\austin\appdata\local\temp\nvdeerp.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [*Restore] c:\windows\system32\rstrui.exe /runonce
dRun: [qqyv] rundll32.exe "c:\windows\system32\config\systemprofile\appdata\local\app\qqyv.dll",wmain
dRun: [6B8355C2-4241-377E-B81D-86A41C58378E] "c:\windows\system32\rundll32.exe" "c:\windows\system32\config\systemprofile\appdata\roaming\6B8355C2-4241-377E-B81D-86A41C58378E.avi", start minimized
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10b.exe
StartupFolder: c:\users\austin\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\6b8355~1.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\macros~1.lnk - c:\program files\macro scheduler 12\msched.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
uPolicies-explorer: HideSCAHealth = 1 (0x1)
dPolicies-explorer: HideSCAHealth = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: runescape.com
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} - hxxp://www.srtest.com/srl_bin/sysreqlab_ind.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A506F83E-FB2C-4865-908F-9261C420A9C6} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AA96EF6C-597A-41A2-8492-5FB098BAEE17} : DhcpNameServer = 68.87.71.230 68.87.73.246 192.168.1.1
TCP: Interfaces\{D98F9BD7-B070-4A11-A72B-F30BCF37F85C} : DhcpNameServer = 8.8.8.8 4.2.2.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\austin\appdata\roaming\mozilla\firefox\profiles\ya4zgype.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.runescape.com/
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
.
============= SERVICES / DRIVERS ===============
.
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-8-14 73728]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-8-15 111616]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2010-10-17 124648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9c39acf0ac820;Google Update Service (gupdate1c9c39acf0ac820);c:\program files\google\update\GoogleUpdate.exe [2009-4-22 133104]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-5-18 1153368]
S3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\s.a.d\cyberghost vpn\CGVPNCliService.exe [2011-1-11 2412680]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-4-22 133104]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-12-11 14:34:40 134656 ----a-w- c:\windows\regedit.com
2011-12-05 18:23:55 644368 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2011-12-05 17:16:47 130048 --sha-w- c:\windows\system32\6B8355C2-4241-377E-B81D-86A41C58378E.avi
2011-12-05 17:16:47 130048 --sha-w- c:\programdata\6B8355C2-4241-377E-B81D-86A41C58378E.avi
2011-12-02 07:30:47 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d765da22-bcae-45e1-a6e3-04eff54f0400}\mpengine.dll
2011-11-26 20:55:27 -------- d-----w- c:\users\austin\appdata\roaming\Malwarebytes
2011-11-26 20:55:15 -------- d-----w- c:\programdata\Malwarebytes
2011-11-26 20:55:10 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-26 20:55:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2011-11-21 22:56:24 16384 ----a-w- c:\users\austin\appdata\roaming\cyberpiictures[1].exe
.
============= FINISH: 11:45:46.06 ===============

Attach.txt(I believe this is necessary.)

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 8/14/2008 9:34:12 PM
System Uptime: 12/11/2011 11:31:45 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 0U990C
Processor: Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz | Microprocessor | 1733/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 99 GiB total, 12.973 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.754 GiB free.
E: is CDROM (CDFS)
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: MAC Bridge Miniport
Device ID: ROOT\MS_BRIDGEMP\0000
Manufacturer: Microsoft
Name: MAC Bridge Miniport
PNP Device ID: ROOT\MS_BRIDGEMP\0000
Service: BridgeMP
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: TAP-Win32 Adapter V9
Device ID: ROOT\NET\0001
Manufacturer: TAP-Win32 Provider V9
Name: TAP-Win32 Adapter V9
PNP Device ID: ROOT\NET\0001
Service: tap0901
.
==== System Restore Points ===================
.
RP1778: 12/9/2011 3:00:13 AM - Windows Update
RP1779: 12/9/2011 4:19:18 PM - Scheduled Checkpoint
RP1781: 12/10/2011 5:53:10 PM - Windows Update
RP1782: 12/11/2011 9:13:36 AM - Restore Operation
.
==== Installed Programs ======================
.
µTorrent
2speced 10.6 client
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.0
American Conquest
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Battlefield 1942
Battlefield 2(TM)
CameraHelperMsi
Camtasia Studio 6
Carbonite Online Backup Setup
CCleaner (remove only)
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CodeBlocks
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
CyberGhost VPN
Dell Getting Started Guide
Dell Support Center
Dell Touchpad
Dell Wireless WLAN Card
Digital Line Detect
DivX Setup
DownloadX Free 1.1.1
EDocs
erLT
GameSpy Arcade
GhostMouse 2.0
Google Earth
Google Update Helper
Intel(R) Matrix Storage Manager
InterActual Player
iPhone_OS_3 Toolbar
J2SE Development Kit 5.0 Update 21
J2SE Runtime Environment 5.0 Update 21
Java Auto Updater
Java DB 10.4.2.1
Java(TM) 6 Update 20
Java(TM) SE Development Kit 6 Update 17
Java(TM) SE Runtime Environment 6
JCreator Pro 3.50
Logitech Vid HD
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Macro Scheduler Std
Malwarebytes' Anti-Malware version 1.51.2.1300
MediaDirect
Microangelo Creation
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Modem Diagnostic Tool
Mozilla Firefox (3.0.19)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Music, Photos & Videos Launcher
NetWaiting
No-IP.com DUC (remove only)
Notepad++
OGA Notifier 2.0.0048.0
OpenOffice.org 3.2
OutlookAddinSetup
Product Documentation Launcher
proXPN 2.4.2
Python 3.1 pygame-1.9.1
Python 3.1.2
QuickSet
QuickTime
RuneScape Sandbox 1
RuneScape Toolbar
Sandboxie 3.50
Security Update for CAPICOM (KB931906)
Skype Toolbars
Skype™ 4.2
Spybot - Search & Destroy
StarCraft
Steam
SwiftKit
System Requirements Lab
TeamSpeak 3 Client
Ulead DVD Player
VC80CRTRedist - 8.0.50727.4053
Ventrilo Client
Web Sudoku Deluxe 1.2.2
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinZip 12.1
.
==== Event Viewer Messages From Past Week ========
.
12/9/2011 7:39:49 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate1c9c39acf0ac820) service to connect.
12/9/2011 7:39:49 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate1c9c39acf0ac820) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/9/2011 7:39:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service gupdate1c9c39acf0ac820 with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
12/9/2011 3:30:37 PM, Error: EventLog [6008] - The previous system shutdown at 3:28:42 PM on 12/9/2011 was unexpected.
12/8/2011 7:13:23 PM, Error: EventLog [6008] - The previous system shutdown at 7:11:43 PM on 12/8/2011 was unexpected.
12/8/2011 7:00:43 PM, Error: EventLog [6008] - The previous system shutdown at 6:57:27 PM on 12/8/2011 was unexpected.
12/8/2011 6:28:27 PM, Error: EventLog [6008] - The previous system shutdown at 6:26:48 PM on 12/8/2011 was unexpected.
12/8/2011 5:33:47 PM, Error: EventLog [6008] - The previous system shutdown at 5:59:55 PM on 12/7/2011 was unexpected.
12/6/2011 7:59:29 AM, Error: EventLog [6008] - The previous system shutdown at 7:57:21 AM on 12/6/2011 was unexpected.
12/6/2011 7:41:21 AM, Error: EventLog [6008] - The previous system shutdown at 5:02:30 AM on 12/6/2011 was unexpected.
12/6/2011 3:14:28 AM, Error: EventLog [6008] - The previous system shutdown at 3:12:36 AM on 12/6/2011 was unexpected.
12/6/2011 3:13:11 PM, Error: EventLog [6008] - The previous system shutdown at 9:10:30 AM on 12/6/2011 was unexpected.
12/5/2011 3:21:41 AM, Error: Microsoft-Windows-WMPNSS-Service [14325] - Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80070424'. In Windows Media Player, turn off media sharing, and then turn it back on.
12/5/2011 3:19:42 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
12/5/2011 3:19:42 AM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
12/5/2011 3:19:42 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
12/5/2011 3:19:42 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
12/5/2011 3:19:42 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/5/2011 3:19:11 AM, Error: EventLog [6008] - The previous system shutdown at 3:09:38 AM on 12/5/2011 was unexpected.
12/4/2011 3:05:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070490: Security Update for Windows Vista (KB970710).
12/4/2011 3:01:48 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 970710-37_neutral_PACKAGE from package KB970710(Security Update) into Absent(Absent) state
12/4/2011 3:01:48 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 970710-36_neutral_PACKAGE from package KB970710(Security Update) into Staged(Staged) state
12/4/2011 3:01:48 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 970710-35_neutral_PACKAGE from package KB970710(Security Update) into Staged(Staged) state
12/4/2011 3:01:48 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 970710-33_neutral_PACKAGE from package KB970710(Security Update) into Staged(Staged) state
12/4/2011 3:01:48 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 970710-31_neutral_PACKAGE from package KB970710(Security Update) into Staged(Staged) state
12/4/2011 3:01:48 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 970710-30_neutral_PACKAGE from package KB970710(Security Update) into Staged(Staged) state
12/4/2011 3:01:48 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 970710-29_neutral_PACKAGE from package KB970710(Security Update) into Staged(Staged) state
12/4/2011 3:01:48 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 970710-28_neutral_GDR from package KB970710(Security Update) into Staged(Staged) state
12/4/2011 3:01:48 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 970710-26_neutral_GDR from package KB970710(Security Update) into Staged(Staged) state
12/4/2011 3:01:48 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 970710-25_neutral_LDR from package KB970710(Security Update) into Staged(Staged) state
12/4/2011 3:01:48 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB970710 (Security Update) into Staged(Staged) state
12/4/2011 3:01:48 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB970710 (Security Update) into Install Requested(Install Requested) state
12/4/2011 3:01:44 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070490: Cumulative Update for Media Center for Windows Vista (KB974306).
12/4/2011 3:01:39 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-99_neutral_GDR from package KB974306(Update) into Staged(Staged) state
12/4/2011 3:01:39 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-98_neutral_LDR from package KB974306(Update) into Staged(Staged) state
12/4/2011 3:01:39 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-97_neutral_GDR from package KB974306(Update) into Staged(Staged) state
12/4/2011 3:01:39 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-96_neutral_LDR from package KB974306(Update) into Staged(Staged) state
12/4/2011 3:01:39 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-95_neutral_GDR from package KB974306(Update) into Staged(Staged) state
12/4/2011 3:01:39 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-94_neutral_LDR from package KB974306(Update) into Staged(Staged) state
12/4/2011 3:01:39 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-93_neutral_GDR from package KB974306(Update) into Staged(Staged) state
12/4/2011 3:01:39 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-91_neutral_GDR from package KB974306(Update) into Staged(Staged) state
12/4/2011 3:01:39 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-89_neutral_GDR from package KB974306(Update) into Staged(Staged) state
12/4/2011 3:01:39 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-88_neutral_LDR from package KB974306(Update) into Staged(Staged) state
12/4/2011 3:01:39 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-87_neutral_GDR from package KB974306(Update) into Staged(Staged) state
12/4/2011 3:01:39 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-86_neutral_LDR from package KB974306(Update) into Staged(Staged) state
12/4/2011 3:01:39 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-85_neutral_GDR from package KB974306(Update) into Staged(Staged) state
12/4/2011 3:01:39 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-83_neutral_GDR from package KB974306(Update) into Staged(Staged) state
12/4/2011 3:01:39 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-82_neutral_LDR from package KB974306(Update) into Staged(Staged) state
12/4/2011 3:01:39 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-81_neutral_GDR from package KB974306(Update) into Staged(Staged) state
12/4/2011 3:01:39 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-79_neutral_GDR from package KB974306(Update) into Staged(Staged) state
12/4/2011 3:01:39 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-78_neutral_LDR from package KB974306(Update) into Staged(Staged) state
12/4/2011 3:01:39 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-77_neutral_GDR from package KB974306(Update) into Staged(Staged) state
12/4/2011 3:01:39 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-76_neutral_LDR from package KB974306(Update) into Staged(Staged) state
12/4/2011 3:01:39 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-75_neutral_GDR from package KB974306(Update) into Staged(Staged) state
12/4/2011 3:01:39 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-74_neutral_LDR from package KB974306(Update) into Staged(Staged) state
12/4/2011 3:01:39 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-73_neutral_GDR from package KB974306(Update) into Staged(Staged) state
12/4/2011 3:01:39 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-71_neutral_GDR from package KB974306(Update) into Staged(Staged) state
12/4/2011 3:01:39 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-70_neutral_LDR from package KB974306(Update) into Staged(Staged) state
12/4/2011 3:01:39 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-69_neutral_GDR from package KB974306(Update) into Staged(Staged) state
12/4/2011 3:01:39 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-67_neutral_GDR from package KB974306(Update) into Staged(Staged) state
12/4/2011 3:01:39 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-65_neutral_GDR from package KB974306(Update) into Staged(Staged) state
12/4/2011 3:01:39 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-64_neutral_LDR from package KB974306(Update) into Staged(Staged) state
12/4/2011 3:01:39 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-105_neutral_PACKAGE from package KB974306(Update) into Staged(Staged) state
12/4/2011 3:01:39 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-104_neutral_PACKAGE from package KB974306(Update) into Staged(Staged) state
12/4/2011 3:01:39 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-103_neutral_PACKAGE from package KB974306(Update) into Staged(Staged) state
12/4/2011 3:01:39 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-102_neutral_PACKAGE from package KB974306(Update) into Staged(Staged) state
12/4/2011 3:01:39 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-101_neutral_PACKAGE from package KB974306(Update) into Staged(Staged) state
12/4/2011 3:01:39 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-100_neutral_PACKAGE from package KB974306(Update) into Staged(Staged) state
12/4/2011 3:01:39 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB974306 (Update) into Staged(Staged) state
12/4/2011 3:01:39 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB974306 (Update) into Install Requested(Install Requested) state
12/4/2011 3:01:12 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update (KB951847) x86.
12/4/2011 3:01:06 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070490: Update for Windows Vista (KB972036).
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-98_neutral_PACKAGE from package KB972036(Update) into Absent(Absent) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-97_neutral_PACKAGE from package KB972036(Update) into Absent(Absent) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-96_neutral_PACKAGE from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-95_neutral_PACKAGE from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-92_neutral_PACKAGE from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-9_neutral_LDR from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-89_neutral_PACKAGE from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-88_neutral_PACKAGE from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-87_neutral_PACKAGE from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-86_neutral_GDR from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-85_neutral_LDR from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-84_neutral_GDR from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-83_neutral_LDR from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-82_neutral_GDR from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-81_neutral_LDR from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-80_neutral_GDR from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-8_neutral_GDR from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-79_neutral_LDR from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-78_neutral_GDR from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-77_neutral_LDR from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-76_neutral_GDR from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-75_neutral_LDR from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-74_neutral_GDR from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-73_neutral_LDR from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-72_neutral_GDR from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-71_neutral_LDR from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-7_neutral_LDR from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-6_neutral_GDR from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-53_neutral_PACKAGE from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-52_neutral_PACKAGE from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-51_neutral_PACKAGE from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-50_neutral_GDR from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-5_neutral_LDR from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-49_neutral_LDR from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-48_neutral_GDR from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-47_neutral_LDR from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-46_neutral_GDR from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-45_neutral_LDR from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-44_neutral_GDR from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-43_neutral_LDR from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-42_neutral_GDR from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-41_neutral_LDR from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-40_neutral_GDR from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-4_neutral_GDR from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-39_neutral_LDR from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-38_neutral_GDR from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-37_neutral_LDR from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-36_neutral_GDR from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-35_neutral_LDR from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-3_neutral_LDR from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-2_neutral_GDR from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-18_neutral_PACKAGE from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-17_neutral_PACKAGE from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-16_neutral_GDR from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-15_neutral_LDR from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-14_neutral_GDR from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-13_neutral_LDR from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-12_neutral_GDR from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-11_neutral_LDR from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-10_neutral_GDR from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972036-1_neutral_LDR from package KB972036(Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB972036 (Update) into Uninstall Requested(Uninstall Requested) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB972036 (Update) into Staged(Staged) state
12/4/2011 3:01:00 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB972036 (Update) into Install Requested(Install Requested) state
12/11/2011 11:44:25 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
12/11/2011 11:24:18 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv.dll Error Code: 21
12/11/2011 11:23:53 AM, Error: EventLog [6008] - The previous system shutdown at 11:22:24 AM on 12/11/2011 was unexpected.
12/11/2011 11:16:42 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
12/10/2011 8:42:30 PM, Error: EventLog [6008] - The previous system shutdown at 8:11:10 PM on 12/10/2011 was unexpected.
12/10/2011 7:02:10 PM, Error: EventLog [6008] - The previous system shutdown at 6:59:51 PM on 12/10/2011 was unexpected.
12/10/2011 6:07:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/10/2011 6:07:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/10/2011 6:07:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
12/10/2011 6:07:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
12/10/2011 6:07:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
12/10/2011 6:07:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/10/2011 6:07:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/10/2011 6:05:24 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr Tcpip tdx Wanarpv6
12/10/2011 6:05:24 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/10/2011 6:05:24 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
12/10/2011 6:05:24 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
12/10/2011 6:05:24 PM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/10/2011 6:05:24 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/10/2011 6:05:24 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
12/10/2011 6:05:24 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/10/2011 6:05:24 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/10/2011 6:05:24 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
12/10/2011 6:05:24 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/10/2011 6:05:24 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
12/10/2011 6:05:24 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/10/2011 6:05:24 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/10/2011 6:05:24 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
12/10/2011 6:05:24 PM, Error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/10/2011 3:00:12 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
12/10/2011 3:00:12 AM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/10/2011 3:00:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
12/10/2011 12:00:01 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
12/10/2011 12:00:01 AM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/10/2011 12:00:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
12/10/2011 10:44:30 PM, Error: EventLog [6008] - The previous system shutdown at 10:43:00 PM on 12/10/2011 was unexpected.
12/10/2011 10:41:57 PM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: A socket operation encountered a dead network.
12/10/2011 10:41:55 PM, Error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the HTTP service which failed to start because of the following error: The device does not recognize the command.
12/10/2011 10:40:55 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.
12/10/2011 10:40:32 PM, Error: Service Control Manager [7003] - The TCP/IP NetBIOS Helper service depends the following service: Afd. This service might not be installed.
12/10/2011 10:40:32 PM, Error: Service Control Manager [7003] - The DHCP Client service depends the following service: Afd. This service might not be installed.
12/10/2011 10:40:32 PM, Error: Service Control Manager [7001] - The UPnP Device Host service depends on the HTTP service which failed to start because of the following error: The device does not recognize the command.
12/10/2011 10:40:32 PM, Error: Service Control Manager [7001] - The SSDP Discovery service depends on the HTTP service which failed to start because of the following error: The device does not recognize the command.
12/10/2011 10:40:32 PM, Error: Service Control Manager [7001] - The srv2 service depends on the srvnet service which failed to start because of the following error: The device does not recognize the command.
12/10/2011 10:40:32 PM, Error: Service Control Manager [7001] - The srv service depends on the srv2 service which failed to start because of the following error: The dependency service or group failed to start.
12/10/2011 10:40:32 PM, Error: Service Control Manager [7001] - The Server service depends on the srv service which failed to start because of the following error: The dependency service or group failed to start.
12/10/2011 10:40:32 PM, Error: Service Control Manager [7001] - The Print Spooler service depends on the HTTP service which failed to start because of the following error: The device does not recognize the command.
12/10/2011 10:40:32 PM, Error: Service Control Manager [7001] - The Function Discovery Resource Publication service depends on the HTTP service which failed to start because of the following error: The device does not recognize the command.
12/10/2011 10:40:32 PM, Error: Service Control Manager [7001] - The Function Discovery Provider Host service depends on the HTTP service which failed to start because of the following error: The device does not recognize the command.
12/10/2011 10:40:32 PM, Error: Service Control Manager [7000] - The srvnet service failed to start due to the following error: The device does not recognize the command.
12/10/2011 10:40:32 PM, Error: Service Control Manager [7000] - The HTTP service failed to start due to the following error: The device does not recognize the command.
12/10/2011 10:39:53 PM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 2147952450.
12/10/2011 10:39:00 PM, Error: EventLog [6008] - The previous system shutdown at 10:37:31 PM on 12/10/2011 was unexpected.
.
==== End Of File ===========================

Link to post
Share on other sites

Hello and :welcome:

It looks like a service is missing, that is required for internet connection.

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure "Include All Files" option remains checked.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Link to post
Share on other sites

FFS results

Farbar Service Scanner 
Ran by Austin (administrator) on 11-12-2011 at 12:40:09
Microsoft® Windows Vista™ Home Premium (X86)
********************************************************

Service Check:
==============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
Checking LEGACY_Dhcp: Attention! Unable to open LEGACY_Dhcp\0000 registry key. The key does not exist.
The ServiceDll of Dhcp service is OK.

afd Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open afd registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open afd registry key. The service key does not exist.


File Check:
===========
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
Attention! C:\Windows\system32\Drivers\afd.sys is missing.
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2010-04-16 18:29] - [2010-02-18 06:51] - 0818688 ____A (Microsoft Corporation) 2C1F7005AA3B62721BFDB307BD5F5010

C:\Windows\system32\dnsrslvr.dll => MD5 is legit

Connection Status:
==================
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Yahoo IP is accessible.

**** End of log ****

Link to post
Share on other sites

Hello again, next we need to find a replacement for the afd.sys file, after which we need to recreate both file and registry service.

Please run Farbar Service Scanner.

Type the following in the edit box after "Search:".

afd.sys

Click Search Files button and post the log (FSS.txt) it makes to your reply.

Link to post
Share on other sites

Not much came up. Did I do something wrong?

Farbar Service Scanner 
Ran by Austin (administrator) on 11-12-2011 at 13:11:06
Windows Vista (TM) Home Premium (X86)

************************************************
================== Search: "afd.sys" ===================

====== End Of Search ======

Link to post
Share on other sites

Lets see if a copy is found in system restore.

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

Combofix log

ComboFix 11-12-10.01 - Austin 12/11/2011  13:52:08.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2037.1191 [GMT -5:00]
Running from: F:\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\programdata\6B8355C2-4241-377E-B81D-86A41C58378E.avi
c:\programdata\6B8355C2-4241-377E-B81D-86A41C58378E.ico
c:\programdata\Microsoft\Windows\Start Menu\Programs\Security Defender
c:\programdata\Microsoft\Windows\Start Menu\Programs\Security Defender\Security Defender.lnk
c:\users\Austin\AppData\Roaming\EurekaLog
c:\users\Austin\AppData\Roaming\EurekaLog\CyberGhost\CyberGhost.elf
c:\users\Austin\Documents\~WRL0005.tmp
c:\users\Austin\Documents\~WRL0388.tmp
c:\users\Austin\Documents\~WRL1496.tmp
c:\users\Austin\Documents\~WRL1732.tmp
c:\users\Austin\Documents\~WRL1950.tmp
c:\users\Austin\Documents\~WRL3992.tmp
C:\Win
c:\win\bdoscandel.exe
c:\win\bdoscandellang.ini
c:\win\bfsvc.exe
c:\win\csup.txt
c:\win\eReg.dat
c:\win\explorer.exe
c:\win\f96ac0e5-19d2-42c5-8f68-eb7a99861769.ocx
c:\win\fveupdate.exe
c:\win\GMouse.ini
c:\win\GunzLauncher.INI
c:\win\hegames.ini
c:\win\HelpPane.exe
c:\win\hh.exe
c:\win\HomePremium.xml
c:\win\IsUninst.exe
c:\windows\regedit.com
c:\windows\system32\2d2ca2ce-704a-428c-8cbe-0736b29190aa.dll
c:\windows\System32\config\systemprofile\AppData\Local\App\qqyv.dll
c:\windows\system32\Packet.dll
c:\windows\system32\WanPacket.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-11-11 to 2011-12-11 )))))))))))))))))))))))))))))))
.
.
2011-12-11 19:01 . 2011-12-11 19:01 -------- d-----w- c:\users\Austin\AppData\Local\temp
2011-12-11 19:01 . 2011-12-11 19:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-10 23:28 . 2011-12-10 23:59 -------- d-----w- c:\users\Visitor\AppData\Roaming\uTorrent
2011-12-05 18:23 . 2011-12-05 18:23 644368 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-05 17:16 . 2011-12-05 17:16 130048 --sha-w- c:\windows\system32\6B8355C2-4241-377E-B81D-86A41C58378E.avi
2011-12-02 07:30 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D765DA22-BCAE-45E1-A6E3-04EFF54F0400}\mpengine.dll
2011-11-26 22:21 . 2011-11-26 22:21 -------- d-----w- c:\users\Visitor\AppData\Roaming\Malwarebytes
2011-11-26 20:55 . 2011-11-26 20:55 -------- d-----w- c:\users\Austin\AppData\Roaming\Malwarebytes
2011-11-26 20:55 . 2011-11-26 20:55 -------- d-----w- c:\programdata\Malwarebytes
2011-11-26 20:55 . 2011-11-26 20:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-26 20:55 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-24 23:47 . 2011-11-24 23:48 -------- d-----w- c:\users\Visitor\.idlerc
2011-11-21 01:00 . 2011-11-21 01:00 -------- d-----w- c:\users\Visitor\jagexcache1
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 22:56 . 2011-01-02 05:28 16384 ----a-w- c:\users\Austin\AppData\Roaming\cyberpiictures[1].exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{74714d77-1695-4e73-a98e-25cb374f46b4}"= "c:\program files\iPhone_OS_3\tbiPho.dll" [2009-11-09 2331672]
"{a8864317-e18b-4292-99d9-e6e65ab905d3}"= "c:\program files\RuneScape\prxtbRune.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{74714d77-1695-4e73-a98e-25cb374f46b4}]
.
[HKEY_CLASSES_ROOT\clsid\{a8864317-e18b-4292-99d9-e6e65ab905d3}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74714d77-1695-4e73-a98e-25cb374f46b4}]
2009-11-09 23:38 2331672 ----a-w- c:\program files\iPhone_OS_3\tbiPho.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a8864317-e18b-4292-99d9-e6e65ab905d3}]
2011-03-28 16:22 176936 ----a-w- c:\program files\RuneScape\prxtbRune.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{74714d77-1695-4e73-a98e-25cb374f46b4}"= "c:\program files\iPhone_OS_3\tbiPho.dll" [2009-11-09 2331672]
"{a8864317-e18b-4292-99d9-e6e65ab905d3}"= "c:\program files\RuneScape\prxtbRune.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{74714d77-1695-4e73-a98e-25cb374f46b4}]
.
[HKEY_CLASSES_ROOT\clsid\{a8864317-e18b-4292-99d9-e6e65ab905d3}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{74714D77-1695-4E73-A98E-25CB374F46B4}"= "c:\program files\iPhone_OS_3\tbiPho.dll" [2009-11-09 2331672]
"{A8864317-E18B-4292-99D9-E6E65AB905D3}"= "c:\program files\RuneScape\prxtbRune.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{74714d77-1695-4e73-a98e-25cb374f46b4}]
.
[HKEY_CLASSES_ROOT\clsid\{a8864317-e18b-4292-99d9-e6e65ab905d3}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-08-15 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-09-03 328568]
"Steam"="c:\program files\Steam\Steam.exe" [2011-08-08 1242448]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-10-17 404200]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-12 3444736]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2010-05-27 283792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*Restore"="c:\windows\System32\rstrui.exe" [2008-08-15 313856]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10b.exe" [2009-02-03 240544]
.
c:\users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
6B8355C2-4241-377E-B81D-86A41C58378E.lnk - c:\windows\System32\rundll32.exe [2006-11-2 44544]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-8-14 50688]
Macro Scheduler.lnk - c:\program files\Macro Scheduler 12\msched.exe [2010-2-23 5935408]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-5-12 525640]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ugwel.exe [2010-6-7 167007]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9c39acf0ac820;Google Update Service (gupdate1c9c39acf0ac820);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 133104]
R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2010-12-14 2412680]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 133104]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 PLISp50;PLISp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PLISp50.sys [x]
R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v2.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 22:35]
.
2011-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 22:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: runescape.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\ya4zgype.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.runescape.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
BHO-{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Weather - c:\program files\AWS\WeatherBug\Weather.exe
MSConfigStartUp-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
AddRemove-American Conquest - c:\users\Austin\.gegl-0.0\Best game ever\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-11 14:01
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d4,a4,db,aa,b1,4f,02,44,b8,36,16,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d4,a4,db,aa,b1,4f,02,44,b8,36,16,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1792)
c:\program files\Spybot - Search & Destroy\SDHelper.dll
.
Completion time: 2011-12-11 14:05:31
ComboFix-quarantined-files.txt 2011-12-11 19:05
.
Pre-Run: 15,571,382,272 bytes free
Post-Run: 15,281,688,576 bytes free
.
- - End Of File - - E11E8AD81719C6EE8C630327BA590D37

Link to post
Share on other sites

Hi again,

CF-SCRIPT

-------------

We need to execute a CF-script.

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:


MIA::
c:\windows\system32\drivers\afd.sys

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

Here's the log

ComboFix 11-12-10.01 - Austin 12/11/2011  14:38:35.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2037.1173 [GMT -5:00]
Running from: c:\users\Visitor\Desktop\ComboFix.exe
Command switches used :: c:\users\Visitor\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\afd.sys was missing
Restored copy from - c:\windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys
.
.
((((((((((((((((((((((((( Files Created from 2011-11-11 to 2011-12-11 )))))))))))))))))))))))))))))))
.
.
2011-12-11 19:48 . 2011-12-11 19:48 -------- d-----w- c:\users\Austin\AppData\Local\temp
2011-12-11 19:48 . 2011-12-11 19:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-11 19:48 . 2008-01-19 05:57 273920 ----a-w- c:\windows\system32\drivers\afd.sys
2011-12-10 23:28 . 2011-12-10 23:59 -------- d-----w- c:\users\Visitor\AppData\Roaming\uTorrent
2011-12-05 18:23 . 2011-12-05 18:23 644368 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-05 17:16 . 2011-12-05 17:16 130048 --sha-w- c:\windows\system32\6B8355C2-4241-377E-B81D-86A41C58378E.avi
2011-12-02 07:30 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D765DA22-BCAE-45E1-A6E3-04EFF54F0400}\mpengine.dll
2011-11-26 22:21 . 2011-11-26 22:21 -------- d-----w- c:\users\Visitor\AppData\Roaming\Malwarebytes
2011-11-26 20:55 . 2011-11-26 20:55 -------- d-----w- c:\users\Austin\AppData\Roaming\Malwarebytes
2011-11-26 20:55 . 2011-11-26 20:55 -------- d-----w- c:\programdata\Malwarebytes
2011-11-26 20:55 . 2011-11-26 20:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-26 20:55 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-24 23:47 . 2011-11-24 23:48 -------- d-----w- c:\users\Visitor\.idlerc
2011-11-21 01:00 . 2011-11-21 01:00 -------- d-----w- c:\users\Visitor\jagexcache1
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 22:56 . 2011-01-02 05:28 16384 ----a-w- c:\users\Austin\AppData\Roaming\cyberpiictures[1].exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{74714d77-1695-4e73-a98e-25cb374f46b4}"= "c:\program files\iPhone_OS_3\tbiPho.dll" [2009-11-09 2331672]
"{a8864317-e18b-4292-99d9-e6e65ab905d3}"= "c:\program files\RuneScape\prxtbRune.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{74714d77-1695-4e73-a98e-25cb374f46b4}]
.
[HKEY_CLASSES_ROOT\clsid\{a8864317-e18b-4292-99d9-e6e65ab905d3}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74714d77-1695-4e73-a98e-25cb374f46b4}]
2009-11-09 23:38 2331672 ----a-w- c:\program files\iPhone_OS_3\tbiPho.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a8864317-e18b-4292-99d9-e6e65ab905d3}]
2011-03-28 16:22 176936 ----a-w- c:\program files\RuneScape\prxtbRune.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{74714d77-1695-4e73-a98e-25cb374f46b4}"= "c:\program files\iPhone_OS_3\tbiPho.dll" [2009-11-09 2331672]
"{a8864317-e18b-4292-99d9-e6e65ab905d3}"= "c:\program files\RuneScape\prxtbRune.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{74714d77-1695-4e73-a98e-25cb374f46b4}]
.
[HKEY_CLASSES_ROOT\clsid\{a8864317-e18b-4292-99d9-e6e65ab905d3}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{74714D77-1695-4E73-A98E-25CB374F46B4}"= "c:\program files\iPhone_OS_3\tbiPho.dll" [2009-11-09 2331672]
"{A8864317-E18B-4292-99D9-E6E65AB905D3}"= "c:\program files\RuneScape\prxtbRune.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{74714d77-1695-4e73-a98e-25cb374f46b4}]
.
[HKEY_CLASSES_ROOT\clsid\{a8864317-e18b-4292-99d9-e6e65ab905d3}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-08-15 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-09-03 328568]
"Steam"="c:\program files\Steam\Steam.exe" [2011-08-08 1242448]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-10-17 404200]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-12 3444736]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2010-05-27 283792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*Restore"="c:\windows\System32\rstrui.exe" [2008-08-15 313856]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10b.exe" [2009-02-03 240544]
.
c:\users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
6B8355C2-4241-377E-B81D-86A41C58378E.lnk - c:\windows\System32\rundll32.exe [2006-11-2 44544]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-8-14 50688]
Macro Scheduler.lnk - c:\program files\Macro Scheduler 12\msched.exe [2010-2-23 5935408]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-5-12 525640]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ugwel.exe [2010-6-7 167007]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9c39acf0ac820;Google Update Service (gupdate1c9c39acf0ac820);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 133104]
R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2010-12-14 2412680]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 133104]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 PLISp50;PLISp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PLISp50.sys [x]
R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v2.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 22:35]
.
2011-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 22:35]
.
2011-12-11 c:\windows\Tasks\User_Feed_Synchronization-{11427CF9-34EE-484A-8EA0-361431B3919F}.job
- c:\windows\system32\msfeedssync.exe [2010-07-09 04:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: runescape.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\ya4zgype.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.runescape.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-11 14:48
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d4,a4,db,aa,b1,4f,02,44,b8,36,16,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d4,a4,db,aa,b1,4f,02,44,b8,36,16,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-12-11 14:51:36
ComboFix-quarantined-files.txt 2011-12-11 19:51
ComboFix2.txt 2011-12-11 19:05
.
Pre-Run: 15,404,920,832 bytes free
Post-Run: 15,153,012,736 bytes free
.
- - End Of File - - 01CE9A37DE9AFE9345261606F3F49826

Link to post
Share on other sites

Hi again, after the following fix, please let me know if the internet works.

CF-SCRIPT

-------------

We need to execute a CF-script.

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:


Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD]
"DisplayName"="Ancilliary Function Driver for Winsock"
"Group"="PNP_TDI"
"ImagePath"=hex(2):5C,53,79,73,74,65,6D,52,6F,6F,74,5C,73,79,73,74,65,6D,33,32,5C,64,72,69,76,65,72,73,5C,61,66,64,2E,73,79,73,00,00
"Description"="Ancilliary Function Driver for Winsock"
"ErrorControl"=dword:00000001
"Start"=dword:00000001
"Type"=dword:00000001
"BootFlags"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Parameters]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Enum]
"0"="Root\\LEGACY_AFD\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

Hello again, unfortunately, that fix didn't work. Here's the new log.

ComboFix 11-12-10.01 - Austin 12/11/2011  15:29:31.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2037.1146 [GMT -5:00]
Running from: c:\users\Visitor\Desktop\ComboFix.exe
Command switches used :: c:\users\Visitor\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((( Files Created from 2011-11-11 to 2011-12-11 )))))))))))))))))))))))))))))))
.
.
2011-12-11 20:38 . 2011-12-11 20:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-11 20:38 . 2011-12-11 20:38 -------- d-----w- c:\users\Austin\AppData\Local\temp
2011-12-11 19:48 . 2008-01-19 05:57 273920 ----a-w- c:\windows\system32\drivers\afd.sys
2011-12-10 23:28 . 2011-12-10 23:59 -------- d-----w- c:\users\Visitor\AppData\Roaming\uTorrent
2011-12-05 18:23 . 2011-12-05 18:23 644368 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-05 17:16 . 2011-12-05 17:16 130048 --sha-w- c:\windows\system32\6B8355C2-4241-377E-B81D-86A41C58378E.avi
2011-12-02 07:30 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D765DA22-BCAE-45E1-A6E3-04EFF54F0400}\mpengine.dll
2011-11-26 22:21 . 2011-11-26 22:21 -------- d-----w- c:\users\Visitor\AppData\Roaming\Malwarebytes
2011-11-26 20:55 . 2011-11-26 20:55 -------- d-----w- c:\users\Austin\AppData\Roaming\Malwarebytes
2011-11-26 20:55 . 2011-11-26 20:55 -------- d-----w- c:\programdata\Malwarebytes
2011-11-26 20:55 . 2011-11-26 20:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-26 20:55 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-24 23:47 . 2011-11-24 23:48 -------- d-----w- c:\users\Visitor\.idlerc
2011-11-21 01:00 . 2011-11-21 01:00 -------- d-----w- c:\users\Visitor\jagexcache1
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 22:56 . 2011-01-02 05:28 16384 ----a-w- c:\users\Austin\AppData\Roaming\cyberpiictures[1].exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{74714d77-1695-4e73-a98e-25cb374f46b4}"= "c:\program files\iPhone_OS_3\tbiPho.dll" [2009-11-09 2331672]
"{a8864317-e18b-4292-99d9-e6e65ab905d3}"= "c:\program files\RuneScape\prxtbRune.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{74714d77-1695-4e73-a98e-25cb374f46b4}]
.
[HKEY_CLASSES_ROOT\clsid\{a8864317-e18b-4292-99d9-e6e65ab905d3}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74714d77-1695-4e73-a98e-25cb374f46b4}]
2009-11-09 23:38 2331672 ----a-w- c:\program files\iPhone_OS_3\tbiPho.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a8864317-e18b-4292-99d9-e6e65ab905d3}]
2011-03-28 16:22 176936 ----a-w- c:\program files\RuneScape\prxtbRune.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{74714d77-1695-4e73-a98e-25cb374f46b4}"= "c:\program files\iPhone_OS_3\tbiPho.dll" [2009-11-09 2331672]
"{a8864317-e18b-4292-99d9-e6e65ab905d3}"= "c:\program files\RuneScape\prxtbRune.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{74714d77-1695-4e73-a98e-25cb374f46b4}]
.
[HKEY_CLASSES_ROOT\clsid\{a8864317-e18b-4292-99d9-e6e65ab905d3}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{74714D77-1695-4E73-A98E-25CB374F46B4}"= "c:\program files\iPhone_OS_3\tbiPho.dll" [2009-11-09 2331672]
"{A8864317-E18B-4292-99D9-E6E65AB905D3}"= "c:\program files\RuneScape\prxtbRune.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{74714d77-1695-4e73-a98e-25cb374f46b4}]
.
[HKEY_CLASSES_ROOT\clsid\{a8864317-e18b-4292-99d9-e6e65ab905d3}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-08-15 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-09-03 328568]
"Steam"="c:\program files\Steam\Steam.exe" [2011-08-08 1242448]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-10-17 404200]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-12 3444736]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2010-05-27 283792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*Restore"="c:\windows\System32\rstrui.exe" [2008-08-15 313856]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10b.exe" [2009-02-03 240544]
.
c:\users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
6B8355C2-4241-377E-B81D-86A41C58378E.lnk - c:\windows\System32\rundll32.exe [2006-11-2 44544]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-8-14 50688]
Macro Scheduler.lnk - c:\program files\Macro Scheduler 12\msched.exe [2010-2-23 5935408]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-5-12 525640]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ugwel.exe [2010-6-7 167007]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9c39acf0ac820;Google Update Service (gupdate1c9c39acf0ac820);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 133104]
R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2010-12-14 2412680]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 133104]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 PLISp50;PLISp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PLISp50.sys [x]
R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v2.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 22:35]
.
2011-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 22:35]
.
2011-12-11 c:\windows\Tasks\User_Feed_Synchronization-{26BA7C2D-FD5E-4957-9AC5-93FB4FA32270}.job
- c:\windows\system32\msfeedssync.exe [2010-07-09 04:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: runescape.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\ya4zgype.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.runescape.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d4,a4,db,aa,b1,4f,02,44,b8,36,16,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d4,a4,db,aa,b1,4f,02,44,b8,36,16,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-12-11 15:41:25
ComboFix-quarantined-files.txt 2011-12-11 20:41
ComboFix2.txt 2011-12-11 19:51
ComboFix3.txt 2011-12-11 19:05
.
Pre-Run: 15,302,266,880 bytes free
Post-Run: 15,259,922,432 bytes free
.
- - End Of File - - 4E32155D6912C8F1A06F583BF4160904

Link to post
Share on other sites

The log:

Farbar Service Scanner 
Ran by Visitor on 11-12-2011 at 15:57:46
Windows Vista (TM) Home Premium (X86)
********************************************************

Service Check:
==============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
Checking LEGACY_Dhcp: Attention! Unable to open LEGACY_Dhcp\0000 registry key. The key does not exist.
The ServiceDll of Dhcp service is OK.

Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
Checking LEGACY_Dnscache: Attention! Unable to open LEGACY_Dnscache\0000 registry key. The key does not exist.
The ServiceDll of Dnscache service is OK.

Nsi Service is not running. Checking service configuration:
The start type of Nsi service is OK.
The ImagePath of Nsi service is OK.
Checking LEGACY_Nsi: Attention! Unable to open LEGACY_Nsi\0000 registry key. The key does not exist.
Checking ServiceDll: Attention! Unable to open Nsi registry key. The service key does not exist.

nsiproxy Service is not running. Checking service configuration:
The start type of nsiproxy service is OK.
The ImagePath of nsiproxy service is OK.

tdx Service is not running. Checking service configuration:
The start type of tdx service is OK.
The ImagePath of tdx service is OK.

afd Service is not running. Checking service configuration:
The start type of afd service is OK.
The ImagePath of afd service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.

PlugPlay Service is not running. Checking service configuration:
The start type of PlugPlay service is OK.
The ImagePath of PlugPlay service is OK.
Checking LEGACY_PlugPlay: Attention! Unable to open LEGACY_PlugPlay\0000 registry key. The key does not exist.


File Check:
===========
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2011-12-11 14:48] - [2008-01-19 00:57] - 0273920 ____A (Microsoft Corporation) 763E172A55177E478CB419F88FD0BA03

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2010-04-16 18:29] - [2010-02-18 06:51] - 0818688 ____A (Microsoft Corporation) 2C1F7005AA3B62721BFDB307BD5F5010

C:\Windows\system32\dnsrslvr.dll => MD5 is legit

Connection Status:
==================
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Yahoo IP is accessible.

**** End of log ****

Link to post
Share on other sites

Hi, please run the following, then restart your computer and see if it works.

CF-SCRIPT

-------------

We need to execute a CF-script.

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:


Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\nsi\parameters]
"ServiceDll"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,6e,73,69,73,76,63,2e,64,6c,6c,00
"ServiceDllUnloadOnStop"=dword:00000001



Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

Hi, when I drag the CFScript over to the ComboFix, the window pops up and at the end of the scan a message pops up with "You are infected... attempting to restore C:/Windows/userinit.exe" or something along those lines. The machine then reboots and upon logging on, the combofix window bounces around at lightning speed until I restart the machine once again. Once I turn it back on, I do the same process of dragging over the CFScript and the same crap happens. I'm about to pull my hair out.

Link to post
Share on other sites

Actually, I think I got the log, however, I might be wrong:

ComboFix 11-12-10.01 - Austin 12/11/2011  17:38:59.8.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2037.1158 [GMT -5:00]
Running from: c:\users\Visitor\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-- Previous Run --
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
.
-- Previous Run --
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
.
--------
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
.
--------
.
.
((((((((((((((((((((((((( Files Created from 2011-11-11 to 2011-12-11 )))))))))))))))))))))))))))))))
.
.
2011-12-11 22:49 . 2011-12-11 22:49 -------- d-----w- c:\users\Austin\AppData\Local\temp
2011-12-11 22:49 . 2011-12-11 22:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-11 19:48 . 2008-01-19 05:57 273920 ----a-w- c:\windows\system32\drivers\afd.sys
2011-12-10 23:28 . 2011-12-10 23:59 -------- d-----w- c:\users\Visitor\AppData\Roaming\uTorrent
2011-12-05 18:23 . 2011-12-05 18:23 644368 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-05 17:16 . 2011-12-05 17:16 130048 --sha-w- c:\windows\system32\6B8355C2-4241-377E-B81D-86A41C58378E.avi
2011-12-02 07:30 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D765DA22-BCAE-45E1-A6E3-04EFF54F0400}\mpengine.dll
2011-11-26 22:21 . 2011-11-26 22:21 -------- d-----w- c:\users\Visitor\AppData\Roaming\Malwarebytes
2011-11-26 20:55 . 2011-11-26 20:55 -------- d-----w- c:\users\Austin\AppData\Roaming\Malwarebytes
2011-11-26 20:55 . 2011-11-26 20:55 -------- d-----w- c:\programdata\Malwarebytes
2011-11-26 20:55 . 2011-11-26 20:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-26 20:55 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-24 23:47 . 2011-11-24 23:48 -------- d-----w- c:\users\Visitor\.idlerc
2011-11-21 01:00 . 2011-11-21 01:00 -------- d-----w- c:\users\Visitor\jagexcache1
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 22:56 . 2011-01-02 05:28 16384 ----a-w- c:\users\Austin\AppData\Roaming\cyberpiictures[1].exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{74714d77-1695-4e73-a98e-25cb374f46b4}"= "c:\program files\iPhone_OS_3\tbiPho.dll" [2009-11-09 2331672]
"{a8864317-e18b-4292-99d9-e6e65ab905d3}"= "c:\program files\RuneScape\prxtbRune.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{74714d77-1695-4e73-a98e-25cb374f46b4}]
.
[HKEY_CLASSES_ROOT\clsid\{a8864317-e18b-4292-99d9-e6e65ab905d3}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74714d77-1695-4e73-a98e-25cb374f46b4}]
2009-11-09 23:38 2331672 ----a-w- c:\program files\iPhone_OS_3\tbiPho.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a8864317-e18b-4292-99d9-e6e65ab905d3}]
2011-03-28 16:22 176936 ----a-w- c:\program files\RuneScape\prxtbRune.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{74714d77-1695-4e73-a98e-25cb374f46b4}"= "c:\program files\iPhone_OS_3\tbiPho.dll" [2009-11-09 2331672]
"{a8864317-e18b-4292-99d9-e6e65ab905d3}"= "c:\program files\RuneScape\prxtbRune.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{74714d77-1695-4e73-a98e-25cb374f46b4}]
.
[HKEY_CLASSES_ROOT\clsid\{a8864317-e18b-4292-99d9-e6e65ab905d3}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{74714D77-1695-4E73-A98E-25CB374F46B4}"= "c:\program files\iPhone_OS_3\tbiPho.dll" [2009-11-09 2331672]
"{A8864317-E18B-4292-99D9-E6E65AB905D3}"= "c:\program files\RuneScape\prxtbRune.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{74714d77-1695-4e73-a98e-25cb374f46b4}]
.
[HKEY_CLASSES_ROOT\clsid\{a8864317-e18b-4292-99d9-e6e65ab905d3}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-08-15 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-09-03 328568]
"Steam"="c:\program files\Steam\Steam.exe" [2011-08-08 1242448]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-10-17 404200]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-12 3444736]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2010-05-27 283792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10b.exe" [2009-02-03 240544]
.
c:\users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
6B8355C2-4241-377E-B81D-86A41C58378E.lnk - c:\windows\System32\rundll32.exe [2006-11-2 44544]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-8-14 50688]
Macro Scheduler.lnk - c:\program files\Macro Scheduler 12\msched.exe [2010-2-23 5935408]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-5-12 525640]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ugwel.exe [2010-6-7 167007]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9c39acf0ac820;Google Update Service (gupdate1c9c39acf0ac820);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 133104]
R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2010-12-14 2412680]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 133104]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 PLISp50;PLISp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PLISp50.sys [x]
R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v2.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 22:35]
.
2011-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 22:35]
.
2011-12-11 c:\windows\Tasks\User_Feed_Synchronization-{C9084A4E-D623-488A-BD6F-C77F9EEEE675}.job
- c:\windows\system32\msfeedssync.exe [2010-07-09 04:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: runescape.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\ya4zgype.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.runescape.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-11 17:49
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d4,a4,db,aa,b1,4f,02,44,b8,36,16,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d4,a4,db,aa,b1,4f,02,44,b8,36,16,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-12-11 17:52:54
ComboFix-quarantined-files.txt 2011-12-11 22:52
ComboFix2.txt 2011-12-11 20:41
ComboFix3.txt 2011-12-11 19:51
ComboFix4.txt 2011-12-11 19:05
.
Pre-Run: 15,295,664,128 bytes free
Post-Run: 15,037,489,152 bytes free
.
- - End Of File - - 3359FA97EDB35716C4BE1282DDCAAC03

Link to post
Share on other sites

New log:

ComboFix 11-12-10.01 - Austin 12/12/2011  15:47:20.9.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2037.763 [GMT -5:00]
Running from: F:\ComboFix.exe
Command switches used :: c:\users\Austin\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((( Files Created from 2011-11-12 to 2011-12-12 )))))))))))))))))))))))))))))))
.
.
2011-12-12 20:57 . 2011-12-12 20:57 -------- d-----w- c:\users\Visitor\AppData\Local\temp
2011-12-12 20:57 . 2011-12-12 20:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-11 22:52 . 2011-12-12 20:57 -------- d-----w- c:\users\Austin\AppData\Local\temp
2011-12-11 19:48 . 2008-01-19 05:57 273920 ----a-w- c:\windows\system32\drivers\afd.sys
2011-12-10 23:28 . 2011-12-10 23:59 -------- d-----w- c:\users\Visitor\AppData\Roaming\uTorrent
2011-12-05 18:23 . 2011-12-05 18:23 644368 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-05 17:16 . 2011-12-05 17:16 130048 --sha-w- c:\windows\system32\6B8355C2-4241-377E-B81D-86A41C58378E.avi
2011-12-02 07:30 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D765DA22-BCAE-45E1-A6E3-04EFF54F0400}\mpengine.dll
2011-11-26 22:21 . 2011-11-26 22:21 -------- d-----w- c:\users\Visitor\AppData\Roaming\Malwarebytes
2011-11-26 20:55 . 2011-11-26 20:55 -------- d-----w- c:\users\Austin\AppData\Roaming\Malwarebytes
2011-11-26 20:55 . 2011-11-26 20:55 -------- d-----w- c:\programdata\Malwarebytes
2011-11-26 20:55 . 2011-11-26 20:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-26 20:55 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-24 23:47 . 2011-11-24 23:48 -------- d-----w- c:\users\Visitor\.idlerc
2011-11-21 01:00 . 2011-11-21 01:00 -------- d-----w- c:\users\Visitor\jagexcache1
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 22:56 . 2011-01-02 05:28 16384 ----a-w- c:\users\Austin\AppData\Roaming\cyberpiictures[1].exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{74714d77-1695-4e73-a98e-25cb374f46b4}"= "c:\program files\iPhone_OS_3\tbiPho.dll" [2009-11-09 2331672]
"{a8864317-e18b-4292-99d9-e6e65ab905d3}"= "c:\program files\RuneScape\prxtbRune.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{74714d77-1695-4e73-a98e-25cb374f46b4}]
.
[HKEY_CLASSES_ROOT\clsid\{a8864317-e18b-4292-99d9-e6e65ab905d3}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74714d77-1695-4e73-a98e-25cb374f46b4}]
2009-11-09 23:38 2331672 ----a-w- c:\program files\iPhone_OS_3\tbiPho.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a8864317-e18b-4292-99d9-e6e65ab905d3}]
2011-03-28 16:22 176936 ----a-w- c:\program files\RuneScape\prxtbRune.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{74714d77-1695-4e73-a98e-25cb374f46b4}"= "c:\program files\iPhone_OS_3\tbiPho.dll" [2009-11-09 2331672]
"{a8864317-e18b-4292-99d9-e6e65ab905d3}"= "c:\program files\RuneScape\prxtbRune.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{74714d77-1695-4e73-a98e-25cb374f46b4}]
.
[HKEY_CLASSES_ROOT\clsid\{a8864317-e18b-4292-99d9-e6e65ab905d3}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{74714D77-1695-4E73-A98E-25CB374F46B4}"= "c:\program files\iPhone_OS_3\tbiPho.dll" [2009-11-09 2331672]
"{A8864317-E18B-4292-99D9-E6E65AB905D3}"= "c:\program files\RuneScape\prxtbRune.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{74714d77-1695-4e73-a98e-25cb374f46b4}]
.
[HKEY_CLASSES_ROOT\clsid\{a8864317-e18b-4292-99d9-e6e65ab905d3}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-08-15 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-09-03 328568]
"Steam"="c:\program files\Steam\Steam.exe" [2011-08-08 1242448]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-10-17 404200]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-12 3444736]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2010-05-27 283792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10b.exe" [2009-02-03 240544]
.
c:\users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
6B8355C2-4241-377E-B81D-86A41C58378E.lnk - c:\windows\System32\rundll32.exe [2006-11-2 44544]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-8-14 50688]
Macro Scheduler.lnk - c:\program files\Macro Scheduler 12\msched.exe [2010-2-23 5935408]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-5-12 525640]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ugwel.exe [2010-6-7 167007]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9c39acf0ac820;Google Update Service (gupdate1c9c39acf0ac820);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 133104]
R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2010-12-14 2412680]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 133104]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 PLISp50;PLISp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PLISp50.sys [x]
R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v2.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 22:35]
.
2011-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 22:35]
.
2011-12-12 c:\windows\Tasks\User_Feed_Synchronization-{E589E431-1EB0-4EDD-B880-7EEF902F1B3C}.job
- c:\windows\system32\msfeedssync.exe [2010-07-09 04:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: runescape.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\ya4zgype.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.runescape.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-12 15:57
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d4,a4,db,aa,b1,4f,02,44,b8,36,16,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d4,a4,db,aa,b1,4f,02,44,b8,36,16,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-12-12 16:06:49
ComboFix-quarantined-files.txt 2011-12-12 21:06
ComboFix2.txt 2011-12-11 22:52
ComboFix3.txt 2011-12-11 20:41
ComboFix4.txt 2011-12-11 19:51
ComboFix5.txt 2011-12-12 20:45
.
Pre-Run: 15,552,008,192 bytes free
Post-Run: 15,401,758,720 bytes free
.
- - End Of File - - 7E43A61A72804997480899E508CE9502

Link to post
Share on other sites

Try the following: click Start > All Programs > Accessories, right click Command prompt and select Run as Administrator.

At the command prompt type netsh winsock reset and press enter.

When done, restart your computer and let me know if the problem is fixed.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.