Sirefef.E, Sirefef.Y, Waprox.gen!a

raiseyrlevels · May 4, 2012

MSE is going absolutely nuts right now. I got fooled by a fake Flash Player installer and have been getting attacked like crazy for several hours. I got a message saying that "Windows suffered a critical error and would restart in one minute" and after the restart my Windows Firewall and MSE services were missing. I reinstalled MSE and since then it's lit up with threats. I have yet to reinstall the firewall service.

Here are my logs; I tried looking for a way to remove this virus but have had no luck, so I'm humbly turning to the pros.

Thanks for your time.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.2.0

Run by Zachary at 7:13:05 on 2012-05-04

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3948.1577 [GMT -4:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Launch Manager\dsiwmis.exe

C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files (x86)\Launch Manager\LMutilps32.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

C:\Windows\SysWOW64\vmnat.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\SysWOW64\vmnetdhcp.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\Dwm.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe

C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Users\Zachary\AppData\Local\Programs\Google\MusicManager\MusicManager.exe

C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\splwow64.exe

C:\Program Files (x86)\AIM95\aim.exe

C:\Users\Zachary\AppData\Roaming\KB00243481.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Program Files (x86)\Ask.com\Updater\Updater.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Launch Manager\LMworker.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\rundll32.exe

C:\Users\Zachary\AppData\Local\Temp\Rar$EXa0.345\gmer.exe

C:\Windows\regedit.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW

mDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW

mStart Page = hxxp://www.bing.com/?pc=MAGW

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

uRun: [best Buy pc app] C:\Users\Zachary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [Google Update] "C:\Users\Zachary\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [MusicManager] "C:\Users\Zachary\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [AIM ®] C:\Program Files (x86)\AIM95\aim.exe -cnetwait.odl

uRun: [KB00243481.exe] "C:\Users\Zachary\AppData\Roaming\KB00243481.exe"

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [backupManagerTray] "C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe" -h -k

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"

mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [<NO NAME>]

mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

StartupFolder: C:\Users\Zachary\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE

StartupFolder: C:\Users\Zachary\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~2\AIM95\aim.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

LSP: %SystemRoot%\system32\vsocklib.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{B36A3937-2948-4696-91B8-ED2CA79D61EC} : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{B36A3937-2948-4696-91B8-ED2CA79D61EC}\24162697C6F6E6F5548545 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{B36A3937-2948-4696-91B8-ED2CA79D61EC}\5465F402334402646454142453 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{B36A3937-2948-4696-91B8-ED2CA79D61EC}\76F676F696E666C696768647 : DhcpNameServer = 172.19.134.2

TCP: Interfaces\{B36A3937-2948-4696-91B8-ED2CA79D61EC}\C414E4F49414F564255454F575946494 : DhcpNameServer = 172.16.136.1 205.152.132.23 205.152.37.23

TCP: Interfaces\{B36A3937-2948-4696-91B8-ED2CA79D61EC}\E4544574541425F5548545 : DhcpNameServer = 192.168.1.250

TCP: Interfaces\{F56A7E26-3F9F-4B0C-AC06-B7D306F265AE} : DhcpNameServer = 209.18.47.61 209.18.47.62

Handler: navnet - {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - C:\Program Files (x86)\NavNetApp\ComUtilities.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO-X64: Ask Toolbar BHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [backupManagerTray] "C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe" -h -k

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

mRun-x64: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"

mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [(Default)]

mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

IE-X64: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~2\AIM95\aim.exe

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Zachary\AppData\Roaming\Mozilla\Firefox\Profiles\w7glm9ho.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\BYOND\bin\npbyond.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npbyond.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll

FF - plugin: C:\Users\Zachary\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Users\Zachary\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Users\Zachary\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Zachary\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-5-13 352336]

R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2011-7-17 873064]

R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2011-1-17 39528]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-8-15 2329480]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-5-13 13336]

R2 Live Updater Service;Live Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2011-5-13 244624]

R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [2011-2-15 257344]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-7-17 2656280]

R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-21 846448]

R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\system32\DRIVERS\b57xdbd.sys --> C:\Windows\system32\DRIVERS\b57xdbd.sys [?]

R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\system32\DRIVERS\b57xdmp.sys --> C:\Windows\system32\DRIVERS\b57xdmp.sys [?]

R3 bScsiMSa;bScsiMSa;C:\Windows\system32\DRIVERS\bScsiMSa.sys --> C:\Windows\system32\DRIVERS\bScsiMSa.sys [?]

R3 bScsiSDa;bScsiSDa;C:\Windows\system32\DRIVERS\bScsiSDa.sys --> C:\Windows\system32\DRIVERS\bScsiSDa.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 iwdbus;IWD Bus Enumerator;C:\Windows\system32\DRIVERS\iwdbus.sys --> C:\Windows\system32\DRIVERS\iwdbus.sys [?]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys --> C:\Windows\system32\DRIVERS\ManyCam_x64.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S1 henudttg;henudttg;\??\C:\Windows\system32\drivers\henudttg.sys --> C:\Windows\system32\drivers\henudttg.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-24 257696]

S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2012-4-15 21712]

S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\system32\drivers\intelaud.sys --> C:\Windows\system32\drivers\intelaud.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 129976]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-5-2 340240]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-10-8 150016]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-05-04 10:34:59 50000 ----a-w- C:\Windows\System32\drivers\henudttg.sys

2012-05-04 10:17:56 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6C427677-180E-4E5E-A143-9DC9430C6C01}\offreg.dll

2012-05-04 10:17:12 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BFA22828-EB89-4BA1-99C0-BCD47A9DFAD2}\gapaengine.dll

2012-05-04 10:17:09 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6C427677-180E-4E5E-A143-9DC9430C6C01}\mpengine.dll

2012-05-04 10:12:31 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2012-05-04 10:12:30 -------- d-----w- C:\Program Files\Microsoft Security Client

2012-05-04 10:12:17 -------- d-----w- C:\eb13faf051446bf4bf9056a3

2012-05-04 10:06:34 -------- d-----w- C:\Users\Zachary\AppData\Local\{CDB43283-8B1F-47CD-BC0D-3598D2A8C61C}

2012-05-04 09:19:35 -------- d-sh--w- C:\Windows\System32\%APPDATA%

2012-05-04 09:18:10 -------- d--h--w- C:\Users\Zachary\AppData\Roaming\905180E8

2012-05-04 09:18:09 66560 --sha-w- C:\Users\Zachary\AppData\Roaming\KB00243481.exe

2012-05-04 09:13:24 -------- d-----w- C:\Users\Zachary\AppData\Local\Moniker

2012-05-03 09:09:16 -------- d-----w- C:\Users\Zachary\AppData\Local\{6A34FD75-D9E9-4BC7-A661-4800D7D8061A}

2012-05-03 09:09:04 -------- d-----w- C:\Users\Zachary\AppData\Local\{0F5F7537-5E4A-4E17-99F1-10EDC4A90448}

2012-04-26 05:11:53 -------- d-----w- C:\Users\Zachary\AppData\Local\{AE1F5305-7FA1-415F-9DB5-FCBE9EED884A}

2012-04-26 05:11:37 -------- d-----w- C:\Users\Zachary\AppData\Local\{5534216B-2BD4-4EE3-9FEF-03E503B09F82}

2012-04-26 05:07:25 -------- d-----w- C:\Program Files\Microsoft Xbox 360 Accessories

2012-04-25 18:05:24 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service

2012-04-25 18:05:23 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe

2012-04-25 18:05:23 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe

2012-04-25 17:42:11 -------- d-----w- C:\Users\Zachary\AppData\Local\Navnet_Solutions

2012-04-25 17:39:35 -------- d-----w- C:\Users\Zachary\AppData\Roaming\NavNet Solutions

2012-04-25 17:39:35 -------- d-----w- C:\Program Files (x86)\NavNetApp

2012-04-25 06:56:14 -------- d-----w- C:\ProgramData\SEGA Corporation

2012-04-25 06:38:59 24920 ----a-w- C:\Windows\System32\X3DAudio1_6.dll

2012-04-25 06:36:01 733184 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll

2012-04-25 06:36:01 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll

2012-04-25 06:36:01 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe

2012-04-25 06:36:01 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll

2012-04-25 06:36:01 172032 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll

2012-04-25 06:35:57 303236 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll

2012-04-25 06:35:57 180356 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll

2012-04-24 16:55:07 8766112 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-04-24 16:34:59 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-04-24 16:34:45 -------- d-----w- C:\Users\Zachary\AppData\Local\{40D798BD-D654-4DAA-83E0-717E993DB022}

2012-04-24 16:34:32 -------- d-----w- C:\Users\Zachary\AppData\Local\{F9C5B0F1-C89A-4D57-9608-72C9756AA1EB}

2012-04-23 06:05:18 -------- d-----w- C:\Users\Zachary\AppData\Local\SCE

2012-04-20 10:24:16 -------- d-----w- C:\Users\Zachary\AppData\Roaming\Mount&Blade With Fire and Sword

2012-04-20 07:37:20 -------- d-----w- C:\Users\Zachary\AppData\Roaming\Mount&Blade

2012-04-19 22:20:07 -------- d-----w- C:\Users\Zachary\AppData\Roaming\MoreTerra

2012-04-18 14:37:48 -------- d-----w- C:\Users\Zachary\AppData\Local\{B3A330FD-D057-4CD9-8EF5-FE2F530C9D29}

2012-04-17 23:28:01 -------- d-----w- C:\Users\Zachary\AppData\Local\{06110815-0ABA-45D2-921D-002741484491}

2012-04-17 22:06:39 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_4.dll

2012-04-17 22:06:39 528216 ----a-w- C:\Windows\SysWow64\XAudio2_6.dll

2012-04-17 22:06:39 238936 ----a-w- C:\Windows\SysWow64\xactengine3_6.dll

2012-04-17 22:06:39 22360 ----a-w- C:\Windows\SysWow64\X3DAudio1_7.dll

2012-04-17 22:06:38 81768 ----a-w- C:\Windows\SysWow64\xinput1_3.dll

2012-04-17 22:06:38 4178264 ----a-w- C:\Windows\SysWow64\D3DX9_41.dll

2012-04-17 22:06:37 3495784 ----a-w- C:\Windows\SysWow64\d3dx9_33.dll

2012-04-17 22:06:19 -------- d-----w- C:\Program Files (x86)\Microsoft XNA

2012-04-16 01:55:32 -------- d-----w- C:\Users\Zachary\AppData\Roaming\Mount&Blade Warband

2012-04-16 01:55:07 -------- d-----w- C:\Users\Zachary\AppData\Roaming\Sandbox

2012-04-15 20:49:02 21712 ----a-w- C:\Windows\SysWow64\drivers\DrvAgent64.SYS

2012-04-15 20:49:02 -------- d-----w- C:\Users\Zachary\AppData\Local\eSupport.com

2012-04-14 18:30:08 -------- d-----w- C:\Program Files\Firaxis Games

2012-04-14 18:25:52 -------- d-----w- C:\Program Files (x86)\Firaxis Games

2012-04-14 15:09:23 -------- d-----w- C:\MPS

2012-04-14 15:07:35 -------- d-----w- C:\Users\Zachary\AppData\Local\DOSBox

2012-04-14 13:59:51 -------- d-----w- C:\Program Files (x86)\DOSBox-0.74

2012-04-13 22:08:29 -------- d-----w- C:\Program Files (x86)\Viewpoint

2012-04-13 22:08:28 58938 ----a-w- C:\Windows\SysWow64\temp.000

2012-04-13 22:08:28 278581 ----a-w- C:\Windows\SysWow64\temp.001

2012-04-13 22:08:27 -------- d-----w- C:\Program Files (x86)\AIM95

2012-04-13 17:54:08 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab

2012-04-13 12:17:11 -------- d-----w- C:\Users\Zachary\AppData\Local\{281E19C1-BBE6-4AB9-9D4D-37A5BC1A07F5}

2012-04-13 07:00:51 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-04-13 07:00:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2012-04-13 07:00:50 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-04-13 07:00:49 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-04-13 07:00:46 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-04-13 07:00:46 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-04-13 07:00:46 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-04-06 00:11:35 -------- d-----w- C:\Program Files\iPod

2012-04-06 00:11:34 -------- d-----w- C:\Program Files\iTunes

.

==================== Find3M ====================

.

2012-05-04 09:15:28 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-03-21 00:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys

2012-03-21 00:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys

2012-03-08 05:39:14 637848 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2012-03-08 05:39:14 567184 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll

2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll

2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-02-15 15:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys

2012-02-15 15:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll

2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

.

============= FINISH: 7:13:44.78 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 10/3/2011 4:00:39 PM

System Uptime: 5/4/2012 6:04:17 AM (1 hours ago)

.

Motherboard: Gateway | | SJV50_HR

Processor: Intel® Core i5-2410M CPU @ 2.30GHz | CPU1 | 2277/1333mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 451 GiB total, 286.081 GiB free.

D: is CDROM ()

E: is CDROM (UDF)

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP62: 4/25/2012 2:36:41 AM - Installed DirectX

RP63: 4/25/2012 2:39:24 AM - Installed Alpha Protocol

RP64: 4/26/2012 1:06:43 AM - Installed DirectX

RP65: 4/28/2012 5:48:39 AM - Windows Update

RP66: 5/1/2012 3:00:11 AM - Windows Update

RP67: 5/4/2012 6:08:49 AM - Installed Microsoft Fix it 50687

RP68: 5/4/2012 6:16:42 AM - Windows Update

.

==== Installed Programs ======================

.

Acrobat.com

Adobe AIR

Adobe Reader 9.1 MUI

Adobe Shockwave Player 11.6

Alpha Protocol

AnalogX AutoTune

AOL® Instant Messenger

Apple Application Support

Apple Software Update

Ask Toolbar

Ask Toolbar Updater

Backup Manager V3

Battlelog Web Plugins

Best Buy pc app

Build Your Own Net Dream (remove only)

Counter-Strike

Counter-Strike: Source

CyberLink PowerDVD 10

D3DX10

DAEMON Tools Lite

DivX Setup

Dungeons of Dredmor

ERUNT 1.1j

ESN Sonar

Gadwin PrintScreen

Galerie de photos Windows Live

GameRanger

Gateway MyBackup

Gateway Power Management

Gateway Recovery Management

Gateway Registration

Gateway ScreenSaver

Gateway Social Networks

Gateway Updater

Google Chrome

Google Talk Plugin

Gyazo 1.0

HomeMedia

Identity Card

Intel PROSet Wireless

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology

Intel® WiDi

Java Auto Updater

Java 6 Update 22

Java 6 Update 29

Java 7 Update 2

Junk Mail filter update

Launch Manager

League of Legends

LogMeIn Hamachi

ManyCam 2.6.65 (remove only)

Mesh Runtime

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft XNA Framework Redistributable 4.0

Minecraft Cracked

mIRC

Mount & Blade

Mount & Blade: Warband

Mount & Blade: With Fire and Sword

Mozilla Firefox 12.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

Mumble 1.2.3

Music Manager

NavNet

NVIDIA PhysX

OpenOffice.org 3.3

Origin

Pando Media Booster

Planetside

PS3 Media Server

Realtek High Definition Audio Driver

Replay Video Capture

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Sid Meier's Alpha Centauri

Sid Meier's Alpha Centauri 2000/XP Compatibility Update

Skype™ 5.8

SoulSeek 157 NS 13e

Steam

swMSM

System Requirements Lab CYRI

Terraria

The Ship

tools-linux

tools-winPre2k

Unity Web Player

VC80CRTRedist - 8.0.50727.6195

Video Web Camera

Viewpoint Media Player (Remove Only)

Virtual DJ Pro Full - Atomix Productions

Visual Studio 2008 x64 Redistributables

VMware Player

Welcome Center

Windows Live

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

.

==== Event Viewer Messages From Past Week ========

.

5/4/2012 7:09:04 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

5/4/2012 7:09:04 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

5/4/2012 6:04:53 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

5/4/2012 6:04:45 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

5/4/2012 6:04:45 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

5/2/2012 11:54:00 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer TYY996-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{96610693-9CD5-4F77-ABA5-1E83D56E42B5}. The master browser is stopping or an election is being forced.

4/29/2012 6:19:00 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

4/29/2012 5:19:45 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user HAL4000\Zachary SID (S-1-5-21-2619721687-1630364876-2003526140-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

4/27/2012 7:34:07 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Hamachi2Svc service.

4/27/2012 2:22:23 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

.

==== End Of File ===========================

LDTate · May 4, 2012

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
[*]Then click Finish.
[*]If an update is found, it will download and install the latest version.
[*]Once the program has loaded, select Perform quick scan, then click Scan.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Be sure that everything is checked, and click Remove Selected.
[*]When completed, a log will open in Notepad and if required the program will ask you to reboot to remove locked files.

Post the scan results using Copy/Paste

raiseyrlevels · May 4, 2012

thanks for the response. here's the log.

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.05.04.02

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Zachary :: HAL4000 [administrator]

Protection: Enabled

5/4/2012 8:32:02 AM

mbam-log-2012-05-04 (08-39-34).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 221232

Time elapsed: 5 minute(s), 18 second(s)

Memory Processes Detected: 1

C:\Users\Zachary\AppData\Roaming\KB00243481.exe (Trojan.Agent.Gen) -> 3896 -> No action taken.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|KB00243481.exe (Trojan.Agent.Gen) -> Data: "C:\Users\Zachary\AppData\Roaming\KB00243481.exe" -> No action taken.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\Zachary\AppData\Roaming\KB00243481.exe (Trojan.Agent.Gen) -> No action taken.

(end)

LDTate · May 4, 2012

Did you remove what was found?

raiseyrlevels · May 4, 2012

Did you remove what was found?

yes, and restarted.

LDTate · May 4, 2012

Lets see what else we have.

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
Double click on ComboFix.exe & follow the prompts.
Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
Note: If you have XP SP3, use the XP SP2 package.
If Vista or Windows 7, skip the Recovery Console part
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

raiseyrlevels · May 4, 2012

alright, finished. as far as how my computer is behaving, other than MSE blowing up before and the initial MSE & windows firewall service disappearing act, not much out of the ordinary other than a general slowdown and firefox acting wonky. also, after using combofix, I have to run everything as administrator since this is popping up:

anyway, here's the log.

ComboFix 12-05-03.03 - Zachary 05/04/2012 9:04.1.4 - x64

Running from: c:\users\Zachary\Desktop\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\Roaming

.

((((((((((((((((((((((((( Files Created from 2012-04-04 to 2012-05-04 )))))))))))))))))))))))))))))))

.

2012-05-04 13:10 . 2012-05-04 13:10 -------- d-----w- c:\users\Mcx1-HAL4000\AppData\Local\temp

2012-05-04 13:10 . 2012-05-04 13:10 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-04 12:30 . 2012-05-04 12:30 -------- d-----w- c:\users\Zachary\AppData\Roaming\Malwarebytes

2012-05-04 12:30 . 2012-05-04 12:30 -------- d-----w- c:\programdata\Malwarebytes

2012-05-04 12:30 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-04 12:30 . 2012-05-04 12:30 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-05-04 10:33 . 2012-05-04 10:33 -------- d-----w- c:\program files (x86)\ERUNT

2012-05-04 10:17 . 2012-05-04 10:16 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BFA22828-EB89-4BA1-99C0-BCD47A9DFAD2}\gapaengine.dll

2012-05-04 10:17 . 2012-04-13 05:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6C427677-180E-4E5E-A143-9DC9430C6C01}\mpengine.dll

2012-05-04 10:12 . 2012-05-04 10:12 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2012-05-04 10:12 . 2012-05-04 10:12 -------- d-----w- c:\program files\Microsoft Security Client

2012-05-04 09:19 . 2012-05-04 09:19 -------- d-sh--w- c:\windows\system32\%APPDATA%

2012-05-04 09:18 . 2012-05-04 12:37 -------- d--h--w- c:\users\Zachary\AppData\Roaming\905180E8

2012-05-04 09:13 . 2012-05-04 10:27 -------- d-----w- c:\users\Zachary\AppData\Local\Moniker

2012-04-26 05:07 . 2012-04-26 05:07 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories

2012-04-25 18:05 . 2012-04-25 18:05 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2012-04-25 18:05 . 2012-04-25 18:05 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe

2012-04-25 18:05 . 2012-04-25 18:05 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe

2012-04-25 17:42 . 2012-04-25 17:42 -------- d-----w- c:\users\Zachary\AppData\Local\Navnet_Solutions

2012-04-25 17:39 . 2012-04-26 20:40 -------- d-----w- c:\users\Zachary\AppData\Roaming\NavNet Solutions

2012-04-25 17:39 . 2012-04-25 17:39 -------- d-----w- c:\program files (x86)\NavNetApp

2012-04-25 06:56 . 2012-04-25 06:56 -------- d-----w- c:\programdata\SEGA Corporation

2012-04-25 06:38 . 2009-03-16 18:18 24920 ----a-w- c:\windows\system32\X3DAudio1_6.dll

2012-04-25 06:36 . 2004-07-16 04:20 733184 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll

2012-04-25 06:36 . 2004-07-16 04:20 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll

2012-04-25 06:36 . 2004-07-16 04:19 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll

2012-04-25 06:36 . 2004-07-16 04:18 172032 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll

2012-04-25 06:36 . 2004-07-16 04:18 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe

2012-04-25 06:35 . 2012-04-25 06:35 303236 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll

2012-04-25 06:35 . 2012-04-25 06:35 180356 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll

2012-04-24 16:55 . 2012-04-24 16:55 8766112 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-04-24 16:34 . 2012-05-04 09:15 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-04-23 06:05 . 2012-04-23 06:05 -------- d-----w- c:\users\Zachary\AppData\Local\SCE

2012-04-23 06:05 . 2012-04-23 06:05 -------- d-----w- c:\users\Public\Sony Online Entertainment

2012-04-20 10:24 . 2012-05-04 11:30 -------- d-----w- c:\users\Zachary\AppData\Roaming\Mount&Blade With Fire and Sword

2012-04-20 07:37 . 2012-04-20 07:54 -------- d-----w- c:\users\Zachary\AppData\Roaming\Mount&Blade

2012-04-19 22:20 . 2012-04-20 00:21 -------- d-----w- c:\users\Zachary\AppData\Roaming\MoreTerra

2012-04-17 22:06 . 2010-02-04 14:01 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_4.dll

2012-04-17 22:06 . 2010-02-04 14:01 528216 ----a-w- c:\windows\SysWow64\XAudio2_6.dll

2012-04-17 22:06 . 2010-02-04 14:01 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll

2012-04-17 22:06 . 2010-02-04 14:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll

2012-04-17 22:06 . 2009-03-09 19:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll

2012-04-17 22:06 . 2007-04-04 22:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll

2012-04-17 22:06 . 2007-03-12 20:42 3495784 ----a-w- c:\windows\SysWow64\d3dx9_33.dll

2012-04-17 22:06 . 2012-04-17 22:06 -------- d-----w- c:\program files (x86)\Microsoft XNA

2012-04-17 22:01 . 2012-04-17 22:01 -------- d-----w- c:\program files (x86)\Microsoft.NET

2012-04-16 01:55 . 2012-04-21 01:25 -------- d-----w- c:\users\Zachary\AppData\Roaming\Mount&Blade Warband

2012-04-16 01:55 . 2012-04-16 01:55 -------- d-----w- c:\users\Zachary\AppData\Roaming\Sandbox

2012-04-15 20:49 . 2012-04-15 20:50 -------- d-----w- c:\users\Zachary\AppData\Local\eSupport.com

2012-04-15 20:49 . 2012-04-15 20:49 21712 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS

2012-04-14 18:30 . 2012-04-14 18:30 -------- d-----w- c:\program files\Firaxis Games

2012-04-14 18:25 . 2012-04-14 18:25 -------- d-----w- c:\program files (x86)\Firaxis Games

2012-04-14 15:09 . 2012-04-14 15:09 -------- d-----w- C:\MPS

2012-04-14 15:07 . 2012-04-14 15:07 -------- d-----w- c:\users\Zachary\AppData\Local\DOSBox

2012-04-14 13:59 . 2012-04-14 13:59 -------- d-----w- c:\program files (x86)\DOSBox-0.74

2012-04-13 22:09 . 2012-04-13 22:09 -------- d-----w- c:\users\Zachary\AppData\Roaming\Aim

2012-04-13 22:08 . 2012-04-13 22:08 -------- d-----w- c:\program files (x86)\Viewpoint

2012-04-13 22:08 . 2001-11-19 18:58 278581 ----a-w- c:\windows\SysWow64\temp.001

2012-04-13 22:08 . 2001-11-19 18:58 58938 ----a-w- c:\windows\SysWow64\temp.000

2012-04-13 22:08 . 2012-04-13 22:09 -------- d-----w- c:\program files (x86)\AIM95

2012-04-13 17:54 . 2012-04-13 17:54 -------- d-----w- c:\program files (x86)\SystemRequirementsLab

2012-04-13 17:54 . 2012-04-13 17:54 -------- d-----w- c:\users\Zachary\AppData\Roaming\SystemRequirementsLab

2012-04-13 07:00 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-13 07:00 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-13 07:00 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-04-13 07:00 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-04-13 07:00 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-04-13 07:00 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-13 07:00 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-04-06 00:11 . 2012-04-06 00:11 -------- d-----w- c:\program files\iPod

2012-04-06 00:11 . 2012-04-06 00:11 -------- d-----w- c:\program files\iTunes

2012-04-06 00:09 . 2012-04-06 00:09 -------- d-----w- c:\program files\Common Files\Apple

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-04 09:15 . 2011-10-04 07:38 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-03-21 00:44 . 2012-03-21 00:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2012-03-21 00:44 . 2012-03-21 00:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-03-08 05:39 . 2012-03-08 05:39 637848 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-03-08 05:39 . 2011-10-29 11:36 567184 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-02-17 06:38 . 2012-03-13 20:37 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-17 05:34 . 2012-03-13 20:37 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58 . 2012-03-13 20:37 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:57 . 2012-03-13 20:37 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-15 15:01 . 2012-02-15 15:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys

2012-02-15 15:01 . 2012-02-15 15:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll

2012-02-10 06:36 . 2012-03-14 02:29 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-02-10 05:38 . 2012-03-14 02:29 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2012-01-03 21:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]

"MusicManager"="c:\users\Zachary\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-02-21 13320704]

"Gadwin PrintScreen"="c:\program files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe" [2011-05-03 487424]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-03-27 1242448]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17151624]

"AIM ®"="c:\program files (x86)\AIM95\aim.exe" [2002-07-26 57344]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]

"BackupManagerTray"="c:\program files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe" [2011-02-15 290112]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]

"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-03-14 1081424]

"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\users\Zachary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-2-25 15776]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer3"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R1 henudttg;henudttg;c:\windows\system32\drivers\henudttg.sys [x]

R1 onrnmzzs;onrnmzzs;c:\windows\system32\drivers\onrnmzzs.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]

R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2012-04-15 21712]

R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-10-08 150016]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-03-14 352336]

S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2011-02-23 873064]

S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [2011-01-18 39528]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]

S2 Live Updater Service;Live Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2011-04-22 244624]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [2011-02-15 257344]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]

S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-22 846448]

S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys [x]

S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys [x]

S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys [x]

S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [x]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]

S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - IPNAT

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-04 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 09:15]

.

2012-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2619721687-1630364876-2003526140-1001Core.job

- c:\users\Zachary\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-11 18:56]

.

2012-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2619721687-1630364876-2003526140-1001UA.job

- c:\users\Zachary\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-11 18:56]

.

--------- x86-64 -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-09 168216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-09 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-09 416024]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-10 11785832]

"Power Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2011-02-23 1796200]

"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://www.bing.com/?pc=MAGW

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

LSP: %SystemRoot%\system32\vsocklib.dll

FF - ProfilePath - c:\users\Zachary\AppData\Roaming\Mozilla\Firefox\Profiles\w7glm9ho.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,

d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:a6,e5,f6,d7,d9,29,cd,01

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Launch Manager\LMutilps32.exe

c:\windows\SysWOW64\vmnat.exe

c:\windows\SysWOW64\vmnetdhcp.exe

c:\program files (x86)\VMware\VMware Player\vmware-authd.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\Ask.com\UpdateTask.exe

.

**************************************************************************

.

Completion time: 2012-05-04 09:16:20 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-04 13:16

.

Pre-Run: 323,516,084,224 bytes free

Post-Run: 323,993,968,640 bytes free

.

- - End Of File - - 250925DD80934337345C65945C8BE822

LDTate · May 4, 2012

Next time you do a Java update, make sure you remove the "check" that adds the junk like Ask Toolbar

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

File::
c:\windows\SysWow64\temp.001
c:\windows\SysWow64\temp.000
c:\windows\system32\drivers\henudttg.sys
c:\windows\system32\drivers\onrnmzzs.sys

Folder::
c:\program files (x86)\Ask.com


ClearJavaCache::

Driver::
henudttg
onrnmzzs

Registry::
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

raiseyrlevels · May 4, 2012

I can't drop CFScript.txt onto ComboFix.exe due to the registry issue I mentioned in my previous post. I tried setting ComboFix.exe to Run as Administrator to no avail.

LDTate · May 4, 2012

Reboot and try it again

raiseyrlevels · May 4, 2012

Bingo. Here's the log. Seems to be running well, the only oddity is "ePower Tray" failing at startup, and the still missing Windows Firewall service.

ComboFix 12-05-03.03 - Zachary 05/04/2012 9:51.2.4 - x64

Running from: c:\users\Zachary\Desktop\ComboFix.exe

Command switches used :: c:\users\Zachary\Desktop\CFScript.txt

* Created a new restore point

.

FILE ::

"c:\windows\system32\drivers\henudttg.sys"

"c:\windows\system32\drivers\onrnmzzs.sys"

"c:\windows\SysWow64\temp.000"

"c:\windows\SysWow64\temp.001"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files (x86)\Ask.com

c:\program files (x86)\Ask.com\assets\oobe\b.png

c:\program files (x86)\Ask.com\assets\oobe\bl.png

c:\program files (x86)\Ask.com\assets\oobe\br.png

c:\program files (x86)\Ask.com\assets\oobe\l.png

c:\program files (x86)\Ask.com\assets\oobe\pointer.png

c:\program files (x86)\Ask.com\assets\oobe\r.png

c:\program files (x86)\Ask.com\assets\oobe\t.png

c:\program files (x86)\Ask.com\assets\oobe\tl.png

c:\program files (x86)\Ask.com\assets\oobe\tr.png

c:\program files (x86)\Ask.com\cobrand.ico

c:\program files (x86)\Ask.com\config.xml

c:\program files (x86)\Ask.com\favicon.ico

c:\program files (x86)\Ask.com\fv_221b.ico

c:\program files (x86)\Ask.com\GenericAskToolbar.dll

c:\program files (x86)\Ask.com\mupcfg.xml

c:\program files (x86)\Ask.com\precache.exe

c:\program files (x86)\Ask.com\SaUpdate.exe

c:\program files (x86)\Ask.com\Updater\config.xml

c:\program files (x86)\Ask.com\Updater\Updater.exe

c:\program files (x86)\Ask.com\UpdateTask.exe

c:\windows\SysWow64\temp.000

c:\windows\SysWow64\temp.001

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_henudttg

-------\Service_onrnmzzs

.

((((((((((((((((((((((((( Files Created from 2012-04-04 to 2012-05-04 )))))))))))))))))))))))))))))))

.

2012-05-04 13:59 . 2012-05-04 13:59 -------- d-----w- c:\users\Mcx1-HAL4000\AppData\Local\temp

2012-05-04 13:59 . 2012-05-04 13:59 -------- d-----w- c:\users\Default\AppData\Local\temp