Jump to content

Recommended Posts

I am able to run Anti-Malware PRO, but my computer has an infection which causes PRO to freeze and crash during a scan. The scan is only successful when my computer is in Safe Mode. Am I required to post DDS.txt and Attach.txt again, even though I already posted them in the "General" forum?

Link to post
Share on other sites

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Balters at 15:19:11 on 2012-02-07

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.891 [GMT -6:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\WLTRYSVC.EXE

C:\Windows\System32\bcmwltry.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\aestsrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\STacSV.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.aol.com/?src=aim

uWindow Title = Internet Explorer provided by Dell

uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080415

mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080415

uInternet Settings,ProxyOverride = *.local

mURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_04\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [Aim6]

uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

uRun: [Google Update] "c:\users\balters\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [ECenter] c:\dell\e-center\EULALauncher.exe

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [iAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"

mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe

mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_04\bin\ssv.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{3D88345E-3A63-4B29-8869-1C1859966558} : DhcpNameServer = 192.168.1.1

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-3-18 16184]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]

R1 MpKsld4999a90;MpKsld4999a90;c:\programdata\microsoft\microsoft antimalware\definition updates\{70df0a59-e9a0-45d5-84d0-150f1057ab01}\MpKsld4999a90.sys [2012-2-7 29904]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-4-15 73728]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-19 652360]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-6-21 24652]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-4-15 111616]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-19 20464]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-19 135664]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-19 135664]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]

S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

SUnknown MpKsl04350bd8;MpKsl04350bd8; [x]

SUnknown MpKsl06c8056c;MpKsl06c8056c; [x]

SUnknown MpKsl428e0060;MpKsl428e0060; [x]

SUnknown MpKsl525fe94d;MpKsl525fe94d; [x]

SUnknown MpKsl60811fae;MpKsl60811fae; [x]

SUnknown MpKsl61189f8f;MpKsl61189f8f; [x]

SUnknown MpKsl6f1814ff;MpKsl6f1814ff; [x]

SUnknown MpKsl87b189c4;MpKsl87b189c4; [x]

SUnknown MpKsl955bc488;MpKsl955bc488; [x]

SUnknown MpKsla42bdb5a;MpKsla42bdb5a; [x]

SUnknown MpKsla7d99c54;MpKsla7d99c54; [x]

SUnknown MpKslbf39e89b;MpKslbf39e89b; [x]

SUnknown MpKslc6edb1df;MpKslc6edb1df; [x]

SUnknown MpKslcb0dece8;MpKslcb0dece8; [x]

SUnknown MpKsle2289842;MpKsle2289842; [x]

SUnknown MpKsle3d17709;MpKsle3d17709; [x]

SUnknown MpKsle615ee60;MpKsle615ee60; [x]

SUnknown MpKslf1707be7;MpKslf1707be7; [x]

.

=============== Created Last 30 ================

.

2012-02-07 20:10:35 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{70df0a59-e9a0-45d5-84d0-150f1057ab01}\MpKsld4999a90.sys

2012-02-07 19:59:54 6557240 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{70df0a59-e9a0-45d5-84d0-150f1057ab01}\mpengine.dll

2012-01-23 04:39:05 -------- d-----w- c:\users\balters\appdata\local\{23F4233D-028C-47C4-BF27-42456526306E}

2012-01-23 04:38:41 -------- d-----w- c:\users\balters\appdata\local\{508244FA-551E-43EC-B9E3-B76AC3903476}

2012-01-20 17:32:53 -------- d-----w- c:\program files\iPod

2012-01-20 17:32:46 -------- d-----w- c:\program files\iTunes

2012-01-19 19:43:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-01-19 19:43:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-01-16 22:38:42 72704 ----a-w- c:\windows\system32\secur32.dll

2012-01-16 22:38:42 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-01-16 22:38:42 377344 ----a-w- c:\windows\system32\winhttp.dll

2012-01-16 22:38:42 278528 ----a-w- c:\windows\system32\schannel.dll

2012-01-16 22:38:42 1259008 ----a-w- c:\windows\system32\lsasrv.dll

2012-01-16 22:38:41 9728 ----a-w- c:\windows\system32\lsass.exe

2012-01-16 21:22:38 23552 ----a-w- c:\windows\system32\mciseq.dll

2012-01-16 21:22:38 189952 ----a-w- c:\windows\system32\winmm.dll

2012-01-16 21:22:37 1205064 ----a-w- c:\windows\system32\ntdll.dll

2012-01-16 21:22:35 66560 ----a-w- c:\windows\system32\packager.dll

2012-01-16 21:22:34 376320 ----a-w- c:\windows\system32\winsrv.dll

2012-01-16 21:22:33 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

2012-01-16 21:22:29 497152 ----a-w- c:\windows\system32\qdvd.dll

2012-01-16 21:22:29 1314816 ----a-w- c:\windows\system32\quartz.dll

.

==================== Find3M ====================

.

2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe

2011-12-06 22:09:39 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 15:19:45.01 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume3

Install Date: 4/15/2008 8:10:51 AM

System Uptime: 2/7/2012 1:47:25 PM (2 hours ago)

.

Motherboard: Dell Inc. | | 0U990C

Processor: Intel® Pentium® Dual CPU T2370 @ 1.73GHz | Microprocessor | 1733/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 137 GiB total, 69.989 GiB free.

D: is FIXED (NTFS) - 10 GiB total, 4.375 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP1470: 1/28/2012 1:50:17 PM - Windows Update

RP1471: 1/29/2012 5:21:14 PM - Windows Update

RP1472: 1/31/2012 5:33:33 AM - Windows Update

RP1473: 2/1/2012 6:38:05 AM - Windows Update

RP1474: 2/2/2012 6:48:05 AM - Windows Update

RP1475: 2/3/2012 7:54:41 PM - Windows Update

RP1476: 2/5/2012 5:07:19 AM - Windows Update

RP1477: 2/6/2012 6:00:28 AM - Windows Update

RP1478: 2/7/2012 1:58:40 PM - Windows Update

.

==== Installed Programs ======================

.

Adobe Anchor Service CS3

Adobe Asset Services CS3

Adobe Bridge CS3

Adobe Bridge Start Meeting

Adobe Camera Raw 4.0

Adobe CMaps

Adobe Color - Photoshop Specific

Adobe Color Common Settings

Adobe Color EU Extra Settings

Adobe Color JA Extra Settings

Adobe Color NA Recommended Settings

Adobe Default Language CS3

Adobe Device Central CS3

Adobe ExtendScript Toolkit 2

Adobe Flash Player 11 ActiveX

Adobe Flash Player Plugin

Adobe Fonts All

Adobe Help Viewer CS3

Adobe Linguistics CS3

Adobe PDF Library Files

Adobe Photoshop CS3

Adobe Reader 9.5.0

Adobe Setup

Adobe Stock Photos CS3

Adobe Type Support

Adobe Update Manager CS3

Adobe Version Cue CS3 Client

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS3

AIM 6

AIMTunes

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Ask Toolbar

Auslogics Disk Defrag

Bonjour

Browser Address Error Redirector

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

CLEP Sampler

Compatibility Pack for the 2007 Office system

Conexant HDA D330 MDC V.92 Modem

D3DX10

Dell Driver Download Manager

Dell Getting Started Guide

Dell Support Center

Dell Touchpad

Dell Wireless WLAN Card

Digital Line Detect

GIMP 2.4.6

Google Earth

Google Talk Plugin

Google Update Helper

Google Updater

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Product Detection

Intel® Graphics Media Accelerator Driver

Intel® Matrix Storage Manager

iTunes

Java 6 Update 4

JumpStart 3rd Grade 2001

JumpStart Advanced 3rd Grade

JumpStart Adventure Challenge - 3rd Grade

Junk Mail filter update

Malwarebytes Anti-Malware version 1.60.1.1000

MediaDirect

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Antimalware

Microsoft Application Error Reporting

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Works

MobileMe Control Panel

Modem Diagnostic Tool

Move Media Player

MSVCRT

Music, Photos & Videos Launcher

Mystery of Cleopatra

NetWaiting

NetZeroInstallers

Octoshape add-in for Adobe Flash Player

OGA Notifier 2.0.0048.0

OutlookAddinSetup

PDF Settings

Product Documentation Launcher

QuickSet

QuickTime

REA's TESTware

REA's_TESTware_for_the_CLEP_Analyzing_Literature_Demo

REA's_TESTware_for_the_CLEP_Humanities_Demo

REA's_TESTware_for_the_CLEP_Western_Civilization_1_Demo

REA's_TESTware_for_the_CLEP_Western_Civilization_2_Demo

RealPlayer

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE

Roxio Creator Tools

Roxio Express Labeler 3

Roxio Update Manager

Safari

Scooby-Doo, Jinx At The Sphinx

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Segoe UI

The ClueFinders 4th Grade Adventures

The KMPlayer (remove only)

Unreal Tournament 2004 Demo

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

User's Guides

VideoLAN VLC media player 0.8.6h

Viewpoint Media Player

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Mobile Device Center

WinRAR archiver

.

==== Event Viewer Messages From Past Week ========

.

2/7/2012 1:50:00 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.

2/7/2012 1:50:00 PM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

2/7/2012 1:50:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

2/7/2012 1:49:27 PM, Error: Service Control Manager [7000] - The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error: The system cannot find the file specified.

2/7/2012 1:49:27 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

2/7/2012 1:49:27 PM, Error: Service Control Manager [7000] - The BCM42RLY service failed to start due to the following error: The system cannot find the file specified.

2/6/2012 9:29:12 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.

2/6/2012 9:29:12 AM, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

2/6/2012 8:24:15 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

2/6/2012 8:24:14 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC MpFilter NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6

2/6/2012 8:24:14 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

2/6/2012 8:24:14 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

2/6/2012 8:24:14 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.

2/6/2012 8:24:14 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

2/6/2012 8:24:14 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

2/6/2012 8:24:14 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

2/6/2012 8:24:14 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

2/6/2012 8:24:14 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.

2/6/2012 8:24:14 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

2/6/2012 8:24:14 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

2/6/2012 8:24:14 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

2/6/2012 8:24:14 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

2/6/2012 8:24:14 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

2/6/2012 8:24:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

2/6/2012 8:24:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

2/6/2012 8:23:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

2/6/2012 8:23:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

2/6/2012 8:23:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

2/6/2012 8:23:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2/6/2012 8:23:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

2/6/2012 4:11:42 PM, Error: EventLog [6008] - The previous system shutdown at 3:50:08 PM on 2/6/2012 was unexpected.

2/6/2012 3:44:39 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Eventlog service.

2/6/2012 3:43:18 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.

2/3/2012 7:45:59 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Mobile-based device connectivity service to connect.

2/3/2012 7:45:59 PM, Error: Service Control Manager [7000] - The Windows Mobile-based device connectivity service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

2/3/2012 7:45:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service RapiMgr with arguments "" in order to run the server: {ED081F25-6A77-4C89-B689-C6E15C582EC1}

.

==== End Of File ===========================

Link to post
Share on other sites

Please try this in normal mode:

The latest version of MBAM have a new feature called Chameleon, when used it will attempt to update itself > kill the malware > and run a quick scan.

So if MBAM won't run....try this:

If you have the latest version of MBAM, go to your start menu > Programs > Malwarebytes Anti-malware > Tools > Chameleon > there's 12 renamed files to run MBAM. Click Test Now on any one and it will start the process to block any malware > update itself and run.

If one doesn't work, try another file.

They are also available by going to the system root > program files > Malwarebytes Anti-malware > Chameleon.

MrC

Link to post
Share on other sites

RogueKiller V7.0.4 [02/08/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Normal mode

User: Balters [Admin rights]

Mode: Scan -- Date : 02/09/2012 13:55:16

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 4 ¤¤¤

[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9160821AS +++++

--- User ---

[MBR] 8e20e2251d7a1f1c1f53283b85b4d46a

[bSP] 32913c31cce9e5ae3fbce4a9cd321f11 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 10000 Mo

2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20561920 | Size: 140026 Mo

3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 307337216 | Size: 2559 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Make sure you run ComboFix from your desktop.

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and enter this command exactly as shown: (or Windows key + R to bring up the run box)

"%userprofile%\desktop\combofix.exe"

See if it will run successfully. Stop it after half an hour of no activity.

Please include the C:\ComboFix.txt in your next reply for further review.

MrC

Link to post
Share on other sites

When I hit "Save", I was not given an option to save to my Desktop and instead ComboFix ran from the Downloads folder. I think it started running on its own and I didn't know what else to do, so I let it run. I didn't get a chance to run it in Safe Mode. Should I post the log anyway or try running it again? (I moved it to the desktop when the test completed.)

Link to post
Share on other sites

ComboFix 12-02-11.03 - Balters 02/11/2012 18:39:53.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.759 [GMT -6:00]

Running from: c:\users\Balters\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Adobe\Photoshop.exe

c:\programdata\PCDr\5907\Downloads\82c29976-999d-4c8f-bac9-590e78eef64b.dll

c:\programdata\PCDr\5907\Downloads\8d357f17-07ad-4392-ba06-fb67564c98cd.dll

c:\programdata\PCDr\5907\Downloads\d1f4dc82-bc4c-4916-b37c-3ab9c30ae468.dll

c:\programdata\PCDr\5907\Downloads\f8338de4-40cb-4494-bc70-93db3ab9e32d.dll

c:\programdata\PCDr\5907\Downloads\fa2ff61b-2c58-4071-916b-f881289a3959.dll

c:\windows\system32\BSTIEPrintCtl1.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-01-12 to 2012-02-12 )))))))))))))))))))))))))))))))

.

.

2012-02-12 00:54 . 2012-02-12 00:54 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-02-12 00:12 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7FAE3EFD-B11A-4ACD-A404-C88C5CB1BBCB}\mpengine.dll

2012-02-10 22:41 . 2012-01-17 10:39 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{89747EC9-9A8C-4121-BED5-93A481F57CA4}\mpengine.dll

2012-02-08 18:11 . 2012-02-08 18:41 26224 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-01-20 17:32 . 2012-01-20 17:32 -------- d-----w- c:\program files\iPod

2012-01-20 17:32 . 2012-01-20 17:34 -------- d-----w- c:\program files\iTunes

2012-01-19 19:43 . 2012-02-06 21:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-01-19 19:43 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-01-16 22:38 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-01-16 22:38 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll

2012-01-16 22:38 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll

2012-01-16 22:38 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll

2012-01-16 22:38 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll

2012-01-16 22:38 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe

2012-01-16 21:22 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll

2012-01-16 21:22 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll

2012-01-16 21:22 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll

2012-01-16 21:22 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll

2012-01-16 21:22 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll

2012-01-16 21:22 . 2011-12-01 15:21 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2012-01-16 21:22 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll

2012-01-16 21:22 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-29 11:10 . 2009-10-03 12:41 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-01-06 04:19 . 2011-02-04 12:27 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-12-24 07:04 . 2011-12-24 07:04 161792 ----a-w- c:\windows\system32\msls31.dll

2011-12-24 07:04 . 2011-12-24 07:04 1127424 ----a-w- c:\windows\system32\wininet.dll

2011-12-24 07:04 . 2011-12-24 07:04 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-12-24 07:04 . 2011-12-24 07:04 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-12-24 07:04 . 2011-12-24 07:04 86528 ----a-w- c:\windows\system32\iesysprep.dll

2011-12-24 07:04 . 2011-12-24 07:04 63488 ----a-w- c:\windows\system32\tdc.ocx

2011-12-24 07:04 . 2011-12-24 07:04 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-12-24 07:04 . 2011-12-24 07:04 367104 ----a-w- c:\windows\system32\html.iec

2011-12-24 07:04 . 2011-12-24 07:04 74752 ----a-w- c:\windows\system32\iesetup.dll

2011-12-24 07:04 . 2011-12-24 07:04 23552 ----a-w- c:\windows\system32\licmgr10.dll

2011-12-24 07:04 . 2011-12-24 07:04 152064 ----a-w- c:\windows\system32\wextract.exe

2011-12-24 07:04 . 2011-12-24 07:04 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2011-12-24 07:04 . 2011-12-24 07:04 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-12-24 07:04 . 2011-12-24 07:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-12-24 07:04 . 2011-12-24 07:04 150528 ----a-w- c:\windows\system32\iexpress.exe

2011-12-24 07:04 . 2011-12-24 07:04 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2011-12-24 07:04 . 2011-12-24 07:04 1798144 ----a-w- c:\windows\system32\jscript9.dll

2011-12-24 07:04 . 2011-12-24 07:04 11776 ----a-w- c:\windows\system32\mshta.exe

2011-12-24 07:04 . 2011-12-24 07:04 101888 ----a-w- c:\windows\system32\admparse.dll

2011-12-24 07:04 . 2011-12-24 07:04 35840 ----a-w- c:\windows\system32\imgutil.dll

2011-12-24 07:04 . 2011-12-24 07:04 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-12-06 22:09 . 2011-12-06 22:09 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-23 13:37 . 2011-12-14 20:00 2043904 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"Sidebar"="c:\program files\windows sidebar\sidebar.exe" [2009-04-11 1233920]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-01-18 17920]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-07 159744]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-12 3444736]

"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-4-15 50688]

QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-9-7 1180952]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-09 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-23 18:51]

.

2012-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 03:51]

.

2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 03:51]

.

2012-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-298776191-2851845652-850965172-1000Core.job

- c:\users\Balters\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-20 14:02]

.

2012-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-298776191-2851845652-850965172-1000UA.job

- c:\users\Balters\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-20 14:02]

.

2012-02-11 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:02]

.

2012-02-12 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:02]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.aol.com/?src=aim

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKCU-Run-Aim6 - (no file)

HKCU-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe

HKLM-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe

AddRemove-Scooby-Doo, Jinx At The Sphinx - c:\program files\The Learning Company\Scooby-Doo

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-02-11 18:58

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2012-02-11 19:08:12

ComboFix-quarantined-files.txt 2012-02-12 01:08

.

Pre-Run: 76,871,106,560 bytes free

Post-Run: 76,530,810,880 bytes free

.

- - End Of File - - 97D28C39565DC5A42E1869DE32873B60

Link to post
Share on other sites

Malwarebytes Anti-Malware (PRO) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.12.01

Windows Vista Service Pack 2 x86 NTFS (Safe Mode)

Internet Explorer 9.0.8112.16421

Balters :: BALTERS-PC [administrator]

Protection: Disabled

2/11/2012 8:22:56 PM

mbam-log-2012-02-11 (20-22-56).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | PUP | PUM

Scan options disabled: Heuristics/Shuriken | P2P

Objects scanned: 180551

Time elapsed: 4 minute(s), 11 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.