Jump to content

Google search results redirect


Recommended Posts

As the title states, whenever my boss uses his laptop to google something, the results end up redirecting to spam sites. I've tried everything I've found online and am getting pretty desperate.

Already ran MBAM, found one minor problem that I believe to be unrelated, but it has been fixed. Here is the MBAM log:

============ mbam-log-2012-08-21 (10-58-15).txt ==============

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.21.08

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

Mike Brigham :: MIKEBRIGHAM-PC [administrator]

8/21/2012 10:58:15 AM

mbam-log-2012-08-21 (10-58-15).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 193905

Time elapsed: 12 minute(s), 16 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\Mike Brigham\Desktop\.url (Malware.Trace) -> Quarantined and deleted successfully.

(end)

================= dds.txt ============================

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Mike Brigham at 11:20:50 on 2012-08-21

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2743.1513 [GMT -4:00]

.

AV: ZoneAlarm Security Suite Antivirus *Enabled/Updated* {E9467272-859A-F159-FA9E-55E7E32D7A25}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: ZoneAlarm Security Suite Anti-Spyware *Enabled/Updated* {52279396-A3A0-FED7-C02E-6E9598AA3098}

FW: ZoneAlarm Security Suite Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\CheckPoint\ZAForceField\ForceField.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\dell\DBRM\Reminder\DbrmTrayicon.exe

C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\mantispm.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe

C:\Windows\notepad.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://builtup.net/

uURLSearchHooks: H - No File

uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\client server security agent\bho\1009\TmIEPlg.dll

BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll

BHO: DigitalPersona Fingerprint Software Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - c:\program files\digitalpersona\bin\DpOtsPluginIe8.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll

TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {3CE45C4F-BFFF-4988-9A3C-A75C1F491319} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Ytsxvyp] c:\users\mike brigham\appdata\roaming\wshrmw.exe

uRun: [WRYX] c:\users\mike brigham\appdata\roaming\query3.exe

uRun: [Jkemjlnqe] c:\users\mike brigham\appdata\roaming\perfi009X.exe

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [Google Update] "c:\users\mike brigham\appdata\local\google\update\GoogleUpdate.exe" /c

mRun: [DBRMTray] c:\dell\dbrm\reminder\DbrmTrayIcon.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [iSW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRunOnce: [DBRMTray] c:\dell\dbrm\reminder\TrayApp.exe

mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll

Trusted Zone: aol.com\television

Trusted Zone: aol.com\tvlistings

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.3.1

TCP: Interfaces\{46F318D8-E9F2-4438-8DA0-3C412C1027D2} : DhcpNameServer = 192.168.3.1

TCP: Interfaces\{46F318D8-E9F2-4438-8DA0-3C412C1027D2}\245796C647025507 : DhcpNameServer = 192.168.0.1 68.87.73.246 68.87.71.230

TCP: Interfaces\{46F318D8-E9F2-4438-8DA0-3C412C1027D2}\C696E6B6379737 : DhcpNameServer = 75.75.75.75 75.75.76.76

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -

Notify: igfxcui - igfxdev.dll

LSA: Notification Packages = scecli DPPWDFLT

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2012-8-20 383368]

R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2012-8-20 342168]

R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2012-8-20 909728]

R0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\drivers\stdcfltn.sys [2010-12-30 17648]

R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-10-14 11352]

R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2012-8-20 203120]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]

R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools\pc tools security\bdt\BDTUpdateService.exe [2012-8-20 575448]

R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-7-25 27016]

R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-7-25 493184]

R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-11-25 47104]

R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-11-25 49152]

R2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-11-25 38400]

R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2010-12-30 43888]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-12-30 143968]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-11-25 125696]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-12-31 105576]

R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [2012-8-20 70768]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-11-25 277536]

S2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-10-26 1153368]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-19 250056]

S3 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_f39a6924a795ad94\AEstSrv.exe [2010-11-25 81920]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-12-30 29472]

S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2010-12-30 134144]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2009-7-13 45568]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools\pc tools security\pctsAuxs.exe [2012-8-20 402368]

S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools\pc tools security\pctsSvc.exe [2012-8-20 1118680]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 45568]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-1 52224]

S3 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2010-12-30 2320920]

S3 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-6-3 1664304]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-2-4 1343400]

.

=============== Created Last 30 ================

.

2012-08-21 14:46:20 -------- d-----w- c:\users\mike brigham\appdata\roaming\Malwarebytes

2012-08-21 14:46:04 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-21 14:46:04 -------- d-----w- c:\programdata\Malwarebytes

2012-08-21 14:46:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-08-20 20:01:49 767960 ----a-w- c:\windows\BDTSupport.dll

2012-08-20 20:01:49 70768 ----a-w- c:\windows\system32\drivers\PCTBD.sys

2012-08-20 20:01:48 2267096 ----a-w- c:\windows\PCTBDCore.dll

2012-08-20 20:01:48 1689560 ----a-w- c:\windows\PCTBDRes.dll

2012-08-20 20:01:48 149464 ----a-w- c:\windows\SGDetectionTool.dll

2012-08-20 20:01:13 254944 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2012-08-20 20:01:13 107896 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys

2012-08-20 20:01:07 17880 ----a-w- c:\windows\system32\drivers\pctBTFix.sys

2012-08-20 20:01:03 70568 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2012-08-20 20:00:55 -------- d-----w- c:\program files\PC Tools

2012-08-20 19:57:09 909728 ----a-w- c:\windows\system32\drivers\pctEFA.sys

2012-08-20 19:57:09 342168 ----a-w- c:\windows\system32\drivers\pctDS.sys

2012-08-20 19:57:07 383368 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2012-08-20 19:57:07 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2012-08-20 19:57:05 203120 ----a-w- c:\windows\system32\drivers\PCTSD.sys

2012-08-20 19:57:05 -------- d-----w- c:\program files\common files\PC Tools

2012-08-20 19:56:50 -------- d-----w- c:\users\mike brigham\appdata\roaming\TestApp

2012-08-20 19:56:50 -------- d-----w- c:\programdata\PC Tools

2012-08-16 07:02:33 393728 ----a-w- c:\windows\system32\drivers\bthport.sys

2012-08-15 13:19:28 2345984 ----a-w- c:\windows\system32\win32k.sys

2012-08-15 13:19:27 400896 ----a-w- c:\windows\system32\srcore.dll

2012-08-15 13:19:16 492032 ----a-w- c:\windows\system32\win32spl.dll

2012-08-15 13:19:16 317440 ----a-w- c:\windows\system32\spoolsv.exe

2012-08-15 13:19:12 41984 ----a-w- c:\windows\system32\browcli.dll

2012-08-15 13:19:12 102912 ----a-w- c:\windows\system32\browser.dll

2012-08-15 13:19:10 769024 ----a-w- c:\windows\system32\localspl.dll

2012-07-27 20:51:30 184248 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

.

==================== Find3M ====================

.

2012-08-15 13:27:25 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-15 13:27:25 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-07 00:59:42 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2012-06-06 05:05:52 1390080 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- c:\windows\system32\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- c:\windows\system32\cdosys.dll

2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 19:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 19:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 04:45:04 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 04:45:03 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 04:40:59 369336 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-02 04:40:39 225280 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- c:\windows\system32\ncrypt.dll

.

============= FINISH: 11:22:30.02 ===============

=============== attach.txt ==============================

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 2/3/2011 11:25:25 AM

System Uptime: 8/21/2012 6:20:50 AM (5 hours ago)

.

Motherboard: Dell Inc. | | 07VWR8

Processor: Intel® Core i5 CPU M 560 @ 2.67GHz | CPU 1 | 2661/533mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 451 GiB total, 409.154 GiB free.

D: is CDROM (UDF)

E: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP123: 7/10/2012 10:01:52 AM - Scheduled Checkpoint

RP124: 7/12/2012 3:00:50 AM - Windows Update

RP125: 7/19/2012 9:54:14 AM - Scheduled Checkpoint

RP126: 7/26/2012 10:09:16 AM - Scheduled Checkpoint

RP127: 8/3/2012 9:47:44 AM - Scheduled Checkpoint

RP128: 8/11/2012 2:48:30 PM - Scheduled Checkpoint

RP129: 8/16/2012 3:00:33 AM - Windows Update

RP130: 8/20/2012 3:08:58 PM - Windows Modules Installer

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

AccelerometerP11

Adobe AIR

Adobe Download Manager

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.4)

Advanced Audio FX Engine

Apple Application Support

Apple Software Update

Bing Bar

Browser Guard 4.0

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Dell Backup and Recovery Manager

Dell Edoc Viewer

Dell Touchpad

Dell Webcam Central

DigitalPersona Personal 4.01

DW WLAN Card Utility

Garmin HomePort

Garmin USB Drivers

Google Chrome

Intel® Management Engine Components

Java Auto Updater

Java 6 Update 31

Junk Mail filter update

Live! Cam Avatar Creator

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office 2010

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Standard 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MSVCRT

Netscape Communicator 4.51

NVIDIA Drivers

PC Tools Spyware Doctor 9.0

QuickSet32

QuickTime

RealPlayer 5.0

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE 10.3

Roxio Creator Tools

Roxio Express Labeler 3

Roxio Update Manager

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Spybot - Search & Destroy

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687400) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Validity Sensors DDK

VC 9.0 Runtime

WIDCOMM Bluetooth Software

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

ZoneAlarm Antivirus

ZoneAlarm Firewall

ZoneAlarm Internet Security Suite

ZoneAlarm Security

ZoneAlarm Toolbar

.

==== Event Viewer Messages From Past Week ========

.

8/21/2012 9:05:21 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer BUILT-UP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{46F318D8-E9F2-4438-8DA0-3C412C102. The master browser is stopping or an election is being forced.

8/21/2012 11:20:21 AM, Error: PCTCore [280] -

8/21/2012 10:44:25 AM, Error: Service Control Manager [7034] - The TrueVector Internet Monitor service terminated unexpectedly. It has done this 1 time(s).

8/20/2012 9:39:49 AM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

8/20/2012 3:15:14 PM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.

8/19/2012 1:58:42 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.

8/16/2012 3:23:48 AM, Error: Service Control Manager [7023] - The Diagnostic Service Host service terminated with the following error: The requested control is not valid for this service.

8/15/2012 9:54:14 PM, Error: Service Control Manager [7022] - The Diagnostic Service Host service hung on starting.

.

==== End Of File ===========================

Any help would be greatly appreciated. Thanks.

Link to post
Share on other sites

Hello tonyb983 and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

I see you are running Teatimer.

I suggest you to disable it because it can interfere with the changes you'll make on your system.

When everything is done and your log is clean again, you can enable it again.

If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

How to disable TeaTimer <== click me for instructions.

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.

Then run ResetTeaTimer.exe.

This will only take a few seconds.

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 3

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • aswMBR log
  • a new fresh DDS log

Link to post
Share on other sites

Thanks for the quick reply, here's what I got:

---------------------

MBAM LOG

---------------------

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.21.08

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

Mike Brigham :: MIKEBRIGHAM-PC [administrator]

8/21/2012 11:42:59 AM

mbam-log-2012-08-21 (11-42-59).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 194329

Time elapsed: 11 minute(s), 14 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

------------------

aswMBR

------------------

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-08-21 11:56:15

-----------------------------

11:56:15.043 OS Version: Windows 6.1.7601 Service Pack 1

11:56:15.043 Number of processors: 4 586 0x2505

11:56:15.043 ComputerName: MIKEBRIGHAM-PC UserName: Mike Brigham

11:56:16.541 Initialize success

11:57:15.281 AVAST engine download error: 0

11:57:26.373 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

11:57:26.373 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3

11:57:26.388 Disk 0 MBR read successfully

11:57:26.404 Disk 0 MBR scan

11:57:26.404 Disk 0 Windows VISTA default MBR code

11:57:26.404 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63

11:57:26.419 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920

11:57:26.435 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461899 MB offset 30801920

11:57:26.451 Disk 0 scanning sectors +976771120

11:57:26.513 Disk 0 scanning C:\Windows\system32\drivers

11:57:31.942 Service scanning

11:57:43.689 Modules scanning

11:57:52.050 Disk 0 trace - called modules:

11:57:52.066 ntkrnlpa.exe CLASSPNP.SYS disk.sys stdcfltn.sys PCTCore.sys ACPI.sys halmacpi.dll iaStor.sys

11:57:52.066 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88674488]

11:57:52.066 3 CLASSPNP.SYS[8bf7e59e] -> nt!IofCallDriver -> [0x88674b28]

11:57:52.081 5 stdcfltn.sys[8b9f6896] -> nt!IofCallDriver -> [0x88674020]

11:57:52.081 7 PCTCore.sys[8b27c82d] -> nt!IofCallDriver -> [0x86aaa908]

11:57:52.081 9 ACPI.sys[8ae8f3d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86a48028]

11:57:52.097 Scan finished successfully

11:58:19.896 Disk 0 MBR has been saved successfully to "E:\logs\2\MBR.dat"

11:58:19.896 The log file has been saved successfully to "E:\logs\2\aswMBR.txt"

---------------------

dds.txt

---------------------

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Mike Brigham at 11:58:39 on 2012-08-21

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2743.1759 [GMT -4:00]

.

AV: ZoneAlarm Security Suite Antivirus *Enabled/Updated* {E9467272-859A-F159-FA9E-55E7E32D7A25}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: ZoneAlarm Security Suite Anti-Spyware *Enabled/Updated* {52279396-A3A0-FED7-C02E-6E9598AA3098}

FW: ZoneAlarm Security Suite Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Program Files\CheckPoint\ZAForceField\ForceField.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\dell\DBRM\Reminder\DbrmTrayicon.exe

C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\mantispm.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://builtup.net/

uURLSearchHooks: H - No File

uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\client server security agent\bho\1009\TmIEPlg.dll

BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll

BHO: DigitalPersona Fingerprint Software Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - c:\program files\digitalpersona\bin\DpOtsPluginIe8.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll

TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {3CE45C4F-BFFF-4988-9A3C-A75C1F491319} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Ytsxvyp] c:\users\mike brigham\appdata\roaming\wshrmw.exe

uRun: [WRYX] c:\users\mike brigham\appdata\roaming\query3.exe

uRun: [Jkemjlnqe] c:\users\mike brigham\appdata\roaming\perfi009X.exe

uRun: [Google Update] "c:\users\mike brigham\appdata\local\google\update\GoogleUpdate.exe" /c

mRun: [DBRMTray] c:\dell\dbrm\reminder\DbrmTrayIcon.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [iSW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRunOnce: [DBRMTray] c:\dell\dbrm\reminder\TrayApp.exe

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL

LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll

Trusted Zone: aol.com\television

Trusted Zone: aol.com\tvlistings

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.3.1

TCP: Interfaces\{46F318D8-E9F2-4438-8DA0-3C412C1027D2} : DhcpNameServer = 192.168.3.1

TCP: Interfaces\{46F318D8-E9F2-4438-8DA0-3C412C1027D2}\245796C647025507 : DhcpNameServer = 192.168.0.1 68.87.73.246 68.87.71.230

TCP: Interfaces\{46F318D8-E9F2-4438-8DA0-3C412C1027D2}\C696E6B6379737 : DhcpNameServer = 75.75.75.75 75.75.76.76

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -

Notify: igfxcui - igfxdev.dll

LSA: Notification Packages = scecli DPPWDFLT

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2012-8-20 383368]

R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2012-8-20 342168]

R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2012-8-20 909728]

R0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\drivers\stdcfltn.sys [2010-12-30 17648]

R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-10-14 11352]

R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2012-8-20 203120]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]

R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools\pc tools security\bdt\BDTUpdateService.exe [2012-8-20 575448]

R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-7-25 27016]

R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-7-25 493184]

R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-11-25 47104]

R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-11-25 49152]

R2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-11-25 38400]

R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2010-12-30 43888]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-12-30 143968]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-11-25 125696]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-12-31 105576]

R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [2012-8-20 70768]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-11-25 277536]

S2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-10-26 1153368]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-19 250056]

S3 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_f39a6924a795ad94\AEstSrv.exe [2010-11-25 81920]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-12-30 29472]

S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2010-12-30 134144]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2009-7-13 45568]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools\pc tools security\pctsAuxs.exe [2012-8-20 402368]

S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools\pc tools security\pctsSvc.exe [2012-8-20 1118680]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 45568]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-1 52224]

S3 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2010-12-30 2320920]

S3 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-6-3 1664304]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-2-4 1343400]

.

=============== Created Last 30 ================

.

2012-08-21 14:46:20 -------- d-----w- c:\users\mike brigham\appdata\roaming\Malwarebytes

2012-08-21 14:46:04 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-21 14:46:04 -------- d-----w- c:\programdata\Malwarebytes

2012-08-21 14:46:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-08-20 20:01:49 767960 ----a-w- c:\windows\BDTSupport.dll

2012-08-20 20:01:49 70768 ----a-w- c:\windows\system32\drivers\PCTBD.sys

2012-08-20 20:01:48 2267096 ----a-w- c:\windows\PCTBDCore.dll

2012-08-20 20:01:48 1689560 ----a-w- c:\windows\PCTBDRes.dll

2012-08-20 20:01:48 149464 ----a-w- c:\windows\SGDetectionTool.dll

2012-08-20 20:01:13 254944 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2012-08-20 20:01:13 107896 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys

2012-08-20 20:01:07 17880 ----a-w- c:\windows\system32\drivers\pctBTFix.sys

2012-08-20 20:01:03 70568 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2012-08-20 20:00:55 -------- d-----w- c:\program files\PC Tools

2012-08-20 19:57:09 909728 ----a-w- c:\windows\system32\drivers\pctEFA.sys

2012-08-20 19:57:09 342168 ----a-w- c:\windows\system32\drivers\pctDS.sys

2012-08-20 19:57:07 383368 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2012-08-20 19:57:07 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2012-08-20 19:57:05 203120 ----a-w- c:\windows\system32\drivers\PCTSD.sys

2012-08-20 19:57:05 -------- d-----w- c:\program files\common files\PC Tools

2012-08-20 19:56:50 -------- d-----w- c:\users\mike brigham\appdata\roaming\TestApp

2012-08-20 19:56:50 -------- d-----w- c:\programdata\PC Tools

2012-08-16 07:02:33 393728 ----a-w- c:\windows\system32\drivers\bthport.sys

2012-08-15 13:19:28 2345984 ----a-w- c:\windows\system32\win32k.sys

2012-08-15 13:19:27 400896 ----a-w- c:\windows\system32\srcore.dll

2012-08-15 13:19:16 492032 ----a-w- c:\windows\system32\win32spl.dll

2012-08-15 13:19:16 317440 ----a-w- c:\windows\system32\spoolsv.exe

2012-08-15 13:19:12 41984 ----a-w- c:\windows\system32\browcli.dll

2012-08-15 13:19:12 102912 ----a-w- c:\windows\system32\browser.dll

2012-08-15 13:19:10 769024 ----a-w- c:\windows\system32\localspl.dll

2012-07-27 20:51:30 184248 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

.

==================== Find3M ====================

.

2012-08-15 13:27:25 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-15 13:27:25 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-07 00:59:42 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2012-06-06 05:05:52 1390080 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- c:\windows\system32\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- c:\windows\system32\cdosys.dll

2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 19:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 19:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 04:45:04 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 04:45:03 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 04:40:59 369336 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-02 04:40:39 225280 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- c:\windows\system32\ncrypt.dll

.

============= FINISH: 11:59:56.18 ===============

----------------------

attach.txt

----------------------

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 2/3/2011 11:25:25 AM

System Uptime: 8/21/2012 11:38:06 AM (0 hours ago)

.

Motherboard: Dell Inc. | | 07VWR8

Processor: Intel® Core i5 CPU M 560 @ 2.67GHz | CPU 1 | 2661/533mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 451 GiB total, 409.167 GiB free.

D: is CDROM (UDF)

E: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP123: 7/10/2012 10:01:52 AM - Scheduled Checkpoint

RP124: 7/12/2012 3:00:50 AM - Windows Update

RP125: 7/19/2012 9:54:14 AM - Scheduled Checkpoint

RP126: 7/26/2012 10:09:16 AM - Scheduled Checkpoint

RP127: 8/3/2012 9:47:44 AM - Scheduled Checkpoint

RP128: 8/11/2012 2:48:30 PM - Scheduled Checkpoint

RP129: 8/16/2012 3:00:33 AM - Windows Update

RP130: 8/20/2012 3:08:58 PM - Windows Modules Installer

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

AccelerometerP11

Adobe AIR

Adobe Download Manager

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.4)

Advanced Audio FX Engine

Apple Application Support

Apple Software Update

Bing Bar

Browser Guard 4.0

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Dell Backup and Recovery Manager

Dell Edoc Viewer

Dell Touchpad

Dell Webcam Central

DigitalPersona Personal 4.01

DW WLAN Card Utility

Garmin HomePort

Garmin USB Drivers

Google Chrome

Intel® Management Engine Components

Java Auto Updater

Java 6 Update 31

Junk Mail filter update

Live! Cam Avatar Creator

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office 2010

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Standard 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MSVCRT

Netscape Communicator 4.51

NVIDIA Drivers

PC Tools Spyware Doctor 9.0

QuickSet32

QuickTime

RealPlayer 5.0

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE 10.3

Roxio Creator Tools

Roxio Express Labeler 3

Roxio Update Manager

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Spybot - Search & Destroy

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687400) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Validity Sensors DDK

VC 9.0 Runtime

WIDCOMM Bluetooth Software

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

ZoneAlarm Antivirus

ZoneAlarm Firewall

ZoneAlarm Internet Security Suite

ZoneAlarm Security

ZoneAlarm Toolbar

.

==== Event Viewer Messages From Past Week ========

.

8/21/2012 9:05:21 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer BUILT-UP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{46F318D8-E9F2-4438-8DA0-3C412C102. The master browser is stopping or an election is being forced.

8/21/2012 11:38:34 AM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.

8/21/2012 11:20:21 AM, Error: PCTCore [280] -

8/21/2012 10:44:25 AM, Error: Service Control Manager [7034] - The TrueVector Internet Monitor service terminated unexpectedly. It has done this 1 time(s).

8/20/2012 9:39:49 AM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

8/19/2012 1:58:42 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.

8/16/2012 3:23:48 AM, Error: Service Control Manager [7023] - The Diagnostic Service Host service terminated with the following error: The requested control is not valid for this service.

8/15/2012 9:54:14 PM, Error: Service Control Manager [7022] - The Diagnostic Service Host service hung on starting.

.

==== End Of File ===========================

Link to post
Share on other sites

Thanks!

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

ComboFix 12-08-20.02 - Mike Brigham 08/21/2012 12:14:03.1.4 - x86

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2743.1777 [GMT -4:00]

Running from: c:\users\Mike Brigham\Desktop\ComboFix.exe

AV: ZoneAlarm Security Suite Antivirus *Enabled/Updated* {E9467272-859A-F159-FA9E-55E7E32D7A25}

FW: ZoneAlarm Security Suite Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: ZoneAlarm Security Suite Anti-Spyware *Enabled/Updated* {52279396-A3A0-FED7-C02E-6E9598AA3098}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Mike Brigham\Desktop\Internet Explorer.lnk

c:\windows\expl.dat

c:\windows\system32\drivers\npf.sys

c:\windows\system32\svch.dat

c:\windows\system32\winl.dat

.

Infected copy of c:\windows\system32\winlogon.exe was found and disinfected

Restored copy from - c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe

.

c:\windows\system32\svchost.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

.

Infected copy of c:\windows\explorer.exe was found and disinfected

Restored copy from - c:\combofix\HarddiskVolumeShadowCopy8_!Windows!winsxs!x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373!explorer.exe

.

Infected copy of c:\windows\system32\svchost.exe was found and disinfected

Restored copy from - c:\combofix\HarddiskVolumeShadowCopy7_!Windows!System32!svchost.exe

Infected copy of c:\windows\system32\winlogon.exe was found and disinfected

Restored copy from - c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe

Infected copy of c:\windows\explorer.exe was found and disinfected

Restored copy from - c:\combofix\HarddiskVolumeShadowCopy8_!Windows!winsxs!x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373!explorer.exe

.

((((((((((((((((((((((((( Files Created from 2012-07-21 to 2012-08-21 )))))))))))))))))))))))))))))))

.

.

2012-08-21 16:20 . 2012-08-21 16:20 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-21 14:46 . 2012-08-21 14:46 -------- d-----w- c:\users\Mike Brigham\AppData\Roaming\Malwarebytes

2012-08-21 14:46 . 2012-08-21 14:46 -------- d-----w- c:\programdata\Malwarebytes

2012-08-21 14:46 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-21 14:46 . 2012-08-21 14:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-08-20 20:01 . 2012-06-22 15:39 70768 ----a-w- c:\windows\system32\drivers\PCTBD.sys

2012-08-20 20:01 . 2012-06-22 15:38 767960 ----a-w- c:\windows\BDTSupport.dll

2012-08-20 19:57 . 2012-06-22 19:34 203120 ----a-w- c:\windows\system32\drivers\PCTSD.sys

2012-08-20 19:56 . 2012-08-20 20:01 -------- d-----w- c:\programdata\PC Tools

2012-08-20 19:56 . 2012-08-20 19:56 -------- d-----w- c:\users\Mike Brigham\AppData\Roaming\TestApp

2012-08-16 07:02 . 2012-07-06 19:23 393728 ----a-w- c:\windows\system32\drivers\bthport.sys

2012-08-15 13:19 . 2012-07-18 17:47 2345984 ----a-w- c:\windows\system32\win32k.sys

2012-08-15 13:19 . 2012-05-05 07:46 400896 ----a-w- c:\windows\system32\srcore.dll

2012-08-15 13:19 . 2012-02-11 05:43 492032 ----a-w- c:\windows\system32\win32spl.dll

2012-08-15 13:19 . 2012-02-11 05:37 317440 ----a-w- c:\windows\system32\spoolsv.exe

2012-08-15 13:19 . 2012-07-04 21:14 41984 ----a-w- c:\windows\system32\browcli.dll

2012-08-15 13:19 . 2012-07-04 21:14 102912 ----a-w- c:\windows\system32\browser.dll

2012-08-15 13:19 . 2012-05-14 04:33 769024 ----a-w- c:\windows\system32\localspl.dll

2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-15 13:27 . 2012-05-19 15:53 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-15 13:27 . 2011-07-21 03:03 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-22 14:43 . 2012-08-20 20:01 3488 ----a-w- c:\windows\UDB.zip

2012-06-22 14:43 . 2012-08-20 20:01 131 ----a-w- c:\windows\IDB.zip

2012-06-07 00:59 . 2012-06-07 00:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2012-06-06 05:05 . 2012-07-11 12:43 1390080 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 05:05 . 2012-07-11 12:43 1236992 ----a-w- c:\windows\system32\msxml3.dll

2012-06-06 05:03 . 2012-07-11 12:43 805376 ----a-w- c:\windows\system32\cdosys.dll

2012-06-02 22:19 . 2012-06-25 12:58 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-25 12:58 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-25 12:58 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-25 12:58 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:19 . 2012-06-25 12:58 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:12 . 2012-06-25 12:58 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:12 . 2012-06-25 12:58 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 19:19 . 2012-06-25 12:58 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 19:12 . 2012-06-25 12:58 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 04:45 . 2012-07-11 12:43 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 04:45 . 2012-07-11 12:43 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 04:40 . 2012-07-11 12:43 369336 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-02 04:40 . 2012-07-11 12:43 225280 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 04:39 . 2012-07-11 12:43 219136 ----a-w- c:\windows\system32\ncrypt.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2010-05-20 206336]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-10-26 73360]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-05-20 421888]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"DBRMTray"="c:\dell\DBRM\Reminder\TrayApp.exe" [2010-02-04 7168]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli DPPWDFLT

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

backup=c:\windows\pss\Bluetooth.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2012-07-27 20:51 35768 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]

2010-12-31 03:08 5249024 ----a-w- c:\program files\Dell\DW WLAN Card\WLTRAY.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2009-07-14 01:14 8704 ----a-w- c:\windows\System32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DBRMTray]

2010-05-20 14:39 206336 ----a-w- c:\dell\DBRM\Reminder\DbrmTrayicon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central]

2009-06-24 22:21 409744 ------w- c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DpAgent]

2009-05-12 23:50 842816 ----a-w- c:\program files\DigitalPersona\Bin\DpAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeFallProtection]

2010-10-01 15:48 727664 ----a-w- c:\program files\STMicroelectronics\AccelerometerP11\FF_Protection.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2010-08-26 09:15 171032 ----a-w- c:\windows\System32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2010-08-26 09:15 136216 ----a-w- c:\windows\System32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2010-05-24 23:19 13838952 ----a-w- c:\windows\System32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2010-08-26 09:15 170520 ----a-w- c:\windows\System32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickSet]

2010-01-15 16:26 3873648 ----a-w- c:\program files\Dell\QuickSet\quickset.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2010-01-08 02:45 1602856 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]

2010-04-07 10:35 495708 ----a-w- c:\program files\IDT\WDM\sttray.exe

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

R3 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [x]

R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [x]

R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD.sys [x]

R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools\PC Tools Security\pctsAuxs.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

R3 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [x]

S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [x]

S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [x]

S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]

S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]

S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]

S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]

S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [x]

S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [x]

S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [x]

S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [x]

S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [x]

S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [x]

S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [x]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]

S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-21 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-19 13:27]

.

2012-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3418139999-3408910341-3212262846-1000Core.job

- c:\users\Mike Brigham\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-20 19:07]

.

2012-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3418139999-3408910341-3212262846-1000UA.job

- c:\users\Mike Brigham\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-20 19:07]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://builtup.net/

IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

Trusted Zone: aol.com\television

Trusted Zone: aol.com\tvlistings

TCP: DhcpNameServer = 192.168.3.1

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{3ce45c4f-bfff-4988-9a3c-a75c1f491319} - (no file)

Toolbar-Locked - (no file)

WebBrowser-{3CE45C4F-BFFF-4988-9A3C-A75C1F491319} - (no file)

HKCU-Run-Ytsxvyp - c:\users\Mike Brigham\AppData\Roaming\wshrmw.exe

HKCU-Run-WRYX - c:\users\Mike Brigham\AppData\Roaming\query3.exe

HKCU-Run-Jkemjlnqe - c:\users\Mike Brigham\AppData\Roaming\perfi009X.exe

HKLM-Run-ISW - (no file)

AddRemove-RealAudio Player 5.0 - c:\windows\RAUNINST.exe Software\Progressive Networks\RealAudio Player\5.0

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,

89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b

"{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}"=hex:51,66,7a,6c,4c,1d,38,12,8b,c7,39,

ea,82,fe,a8,0b,f7,bf,ff,e1,a6,74,f5,13

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{1CA1377B-DC1D-4A52-9585-6E06050FAC53}"=hex:51,66,7a,6c,4c,1d,38,12,15,34,b2,

18,2f,92,3c,0f,ea,93,2d,46,00,51,e8,47

"{395610AE-C624-4F58-B89E-23733EA00F9A}"=hex:51,66,7a,6c,4c,1d,38,12,c0,13,45,

3d,16,88,36,0a,c7,88,60,33,3b,fe,4b,8e

"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,

57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}"=hex:51,66,7a,6c,4c,1d,38,12,ac,35,59,

8e,07,4b,42,08,c2,2b,0a,2c,b2,b0,92,f7

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,

d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,

fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,

b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:6b,7c,3e,b6,08,7f,cd,01

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2f,47,d8,9f,7e,e8,05,45,95,5a,e2,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2f,47,d8,9f,7e,e8,05,45,95,5a,e2,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'lsass.exe'(708)

c:\windows\system32\DPPWDFLT.DLL

.

- - - - - - - > 'Explorer.exe'(976)

c:\program files\CheckPoint\ZoneAlarm\MailFrontier\mlfhook.dll

c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\windows\system32\nvvsvc.exe

c:\windows\system32\WLANExt.exe

c:\windows\system32\conhost.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\conhost.exe

c:\windows\system32\sppsvc.exe

c:\\?\c:\windows\system32\wbem\WMIADAP.EXE

.

**************************************************************************

.

Completion time: 2012-08-21 12:28:57 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-21 16:28

.

Pre-Run: 439,008,223,232 bytes free

Post-Run: 439,168,409,600 bytes free

.

- - End Of File - - 530B14317882DEFAFCF7EC451188185B

Link to post
Share on other sites

I would like to perform an additional scan:

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.