Am I still infected?

brent58 · November 26, 2012

Hi there,

I installed malwarebytes pro a few days ago to "beef up" the security on my pc and ran a scan. It detected an infection in one of my windows image backups (on my external drive) which is subsequently removed. A day or so later I tried to boot up my pc and it went into windows recovery mode. My only option was to restore from the most recent backup which I did and everything seemed ok. I then had to re-install malwarebytes and ran it again. This time it found "Affiliate.Downloader" in my recycle bin which it quarantined.

My pc is now appears to be running fine but I noticed I have an empty directory in my documents folder called "NativeFus_Log" which I think looks suspicious? It got me wondering if I am still infected and so I would greatly appreciate it if someone could check over the dds logs for me and confirm if everything is ok.

Many thanks,

Brent

dds.txt

attach.txt

Maurice Naggar · November 26, 2012

Hello Brent58 and welcome to MalwareBytes forums.

Did you insure your Antivirus is fully up-to-date and then have you run a full system scan with it?

If not, do so now.

Copy and Paste the contents of the most recent MBAM scan directly into the main-body of next reply.

Do NOT attach any logs. Always Copy & Paste the contents.

Plus also copy & paste the DDS.txt + Attach.txt into a new reply (directly into a reply box).

brent58 · November 26, 2012

Hi Maurice, thanks for the reply,

I can confirm that I have run a antivirus scan on all drives using up to date version and definitions (ms security essentials) and here are the logs you asked for.

Many Thanks,

Brent

MBAM Log

Malwarebytes Anti-Malware (PRO) 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.26.09

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Brent :: BRENT-PC [administrator]

Protection: Enabled

26/11/2012 21:00:32

mbam-log-2012-11-26 (21-00-32).txt

Scan type: Full scan (C:\|D:\|F:\|)

Scan options disabled: P2P

Objects scanned: 564853

Time elapsed: 1 hour(s), 23 minute(s), 59 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

DDS.TXT

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2

Run by Brent at 23:56:05 on 2012-11-26

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4087.1563 [GMT 0:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

AV: Prevx 3.0 *Enabled/Updated* {85194EF3-9578-0A22-9A51-A9FE4DD90287}

SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Prevx 3.0 *Enabled/Updated* {3E78AF17-B342-05AC-A0E1-928C365E483A}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe

C:\Program Files\Prevx\prevx.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\lxbycoms.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Windows\system32\svchost.exe -k imgsvc

c:\Program Files\Microsoft Security Client\NisSrv.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Prevx\prevx.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe

C:\Users\Brent\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe

C:\Users\Brent\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe

C:\Users\Brent\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files (x86)\ (x86)\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\ASUS\TurboV\TurboV.exe

C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe

C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\7 Sticky Notes\7StickyNotes.exe

C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Users\Brent\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.bing.com/

uSearch Bar = hxxp://www.google.com/ie

uSearch Page = hxxp://www.google.com

uDefault_Page_URL = hxxp://nmd.msn.com

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: NuSphere ToolBar: {0F62D223-9206-4EA3-9EA8-D0F3C7C82ACA} - C:\Program Files (x86)\NuSphere\PhpED\NuSphereIEBar.dll

TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll

EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [Xmarks] C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe -q

uRun: [Google Update] "C:\Users\Brent\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

uRun: [spotify Web Helper] "C:\Users\Brent\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

mRun: [RemoteControl] "C:\Program Files (x86)\ (x86)\CyberLink\PowerDVD\PDVDServ.exe"

mRun: [LanguageShortcut] "C:\Program Files (x86)\ (x86)\CyberLink\PowerDVD\Language\Language.exe"

mRun: [TurboV] "C:\Program Files\ASUS\TurboV\TurboV.exe" -b

mRun: [QFan Help] "C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe"

mRun: [Cpu Level Up help] "C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe"

mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\Users\Brent\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\7STICK~1.LNK - C:\Program Files (x86)\7 Sticky Notes\7StickyNotes.exe

StartupFolder: C:\Users\Brent\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

StartupFolder: C:\Users\Brent\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: LastPass - C:\Users\Brent\AppData\LocalLow\LastPass\context.html?cmd=lastpass

IE: LastPass Fill Forms - C:\Users\Brent\AppData\LocalLow\LastPass\context.html?cmd=fillforms

IE: NuSphere PhpED :: Debug this page - C:\Program Files (x86)\NuSphere\PhpED\NuSphereIEBar.dll/1000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: NameServer = 194.168.4.100 194.168.8.100

TCP: Interfaces\{1E9B5501-FAF4-4F16-BFD6-E5E57C397426} : DHCPNameServer = 194.168.4.100 194.168.8.100

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-TB: NuSphere ToolBar: {0F62D223-9206-4EA3-9EA8-D0F3C7C82ACA} - C:\Program Files (x86)\NuSphere\PhpED\NuSphereIEBar64.dll

x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll

x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Brent\AppData\Roaming\Mozilla\Firefox\Profiles\uvtvei7p.default\

FF - component: C:\Users\Brent\AppData\Roaming\Mozilla\Firefox\Profiles\uvtvei7p.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll

FF - plugin: C:\Users\Brent\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2012-11-06 10:40; {966762eb-7132-4081-ac70-20d20161ad96}; C:\Users\Brent\AppData\Roaming\Mozilla\Firefox\Profiles\uvtvei7p.default\extensions\{966762eb-7132-4081-ac70-20d20161ad96}.xpi

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-9-26 55024]

R0 pxscan;pxscan;C:\Windows\System32\drivers\pxscan.sys [2012-6-25 36384]

R1 pxrts;pxrts;C:\Windows\System32\drivers\pxrts.sys [2012-6-25 65736]

R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-6-17 202752]

R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-9-23 90112]

R2 CSIScanner;CSIScanner;C:\Program Files\Prevx\prevx.exe [2012-6-25 6746280]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-24 399432]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-24 676936]

R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 128456]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-24 25928]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]

R3 pxkbf;pxkbf;C:\Windows\System32\drivers\pxkbf.sys [2012-6-25 24024]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2010-6-17 1235968]

R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]

S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2011-5-13 146920]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-6-25 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-25 1255736]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]

.

=============== Created Last 30 ================

.

2012-11-26 08:52:17 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EBE5217C-4056-4345-B531-EF18DD584F5F}\mpengine.dll

2012-11-25 02:05:43 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-11-24 14:34:19 -------- d-----w- C:\Users\Brent\AppData\Roaming\Malwarebytes

2012-11-24 14:34:01 -------- d-----w- C:\ProgramData\Malwarebytes

2012-11-24 14:33:59 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-11-24 14:33:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-11-17 00:55:17 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui

2012-11-17 00:55:16 9728 ----a-w- C:\Windows\System32\Wdfres.dll

2012-11-17 00:55:16 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys

2012-11-17 00:55:16 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys

2012-11-17 00:46:44 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys

2012-11-17 00:46:44 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys

2012-11-17 00:46:43 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll

2012-11-17 00:46:43 744448 ----a-w- C:\Windows\System32\WUDFx.dll

2012-11-17 00:46:43 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll

2012-11-17 00:46:43 229888 ----a-w- C:\Windows\System32\WUDFHost.exe

2012-11-17 00:46:43 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll

2012-11-15 14:14:21 1917416 ----a-w- C:\Windows\System32\WdfCoInstaller01005.dll

2012-11-15 14:14:21 1917416 ----a-w- C:\Windows\System32\drivers\WdfCoInstaller01005.dll

2012-11-15 13:43:04 27632 ----a-w- C:\Windows\SysWow64\Ctl3dv2.dll

2012-11-13 10:20:26 -------- d-----w- C:\ProgramData\eBay

2012-11-13 10:20:26 -------- d-----w- C:\Program Files (x86)\eBay

2012-11-11 20:03:12 -------- d-----w- C:\Users\Brent\AppData\Roaming\OpenOffice.org

2012-11-11 20:01:22 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3

2012-11-08 15:24:02 -------- d-----w- C:\Program Files (x86)\LinkChecker

2012-11-07 14:21:17 14825544 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe

2012-11-06 15:30:57 56832 ----a-w- C:\Windows\SysWow64\Iyvu9_32.dll

2012-11-06 15:30:57 391168 ----a-w- C:\Windows\SysWow64\i263_32.drv

2012-11-06 15:30:57 27648 ----a-w- C:\Windows\SysWow64\ir50_lcs.dll

2012-11-06 15:30:57 143872 ----a-w- C:\Windows\SysWow64\iacenc.dll

2012-11-06 15:30:45 305152 ----a-w- C:\Windows\IsUninst.exe

.

==================== Find3M ====================

.

2012-11-15 08:59:56 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-11-15 08:59:56 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-10-29 12:10:02 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll

2012-10-19 09:17:46 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2012-10-19 09:17:43 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-10-19 09:17:43 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys

2012-10-09 19:11:10 49152 ----a-r- C:\Windows\SysWow64\inetwh32.dll

2012-10-09 19:11:10 1044480 ----a-r- C:\Windows\SysWow64\roboex32.dll

2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll

2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll

2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll

2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll

2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll

2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll

2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll

2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll

2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll

2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll

2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll

2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll

2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys

2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll

2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll

2012-09-25 11:36:58 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll

2012-09-25 11:36:57 916456 ----a-w- C:\Windows\System32\deployJava1.dll

2012-09-25 11:36:57 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll

2012-09-19 09:02:14 1589248 ----a-w- C:\Windows\SysWow64\libmysql_d.dll

2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2012-08-30 21:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys

2012-08-30 21:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys

2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

.

============= FINISH: 23:56:38.14 ===============

ATTACH.TXT

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 24/09/2010 09:27:12

System Uptime: 26/11/2012 11:37:17 (12 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P7P55 LX

Processor: Intel® Core i5 CPU 760 @ 2.80GHz | LGA1156 | 1988/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 922 GiB total, 855.377 GiB free.

D: is FIXED (NTFS) - 931 GiB total, 674.629 GiB free.

E: is CDROM ()

F: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP115: 24/11/2012 14:17:23 - Windows Update

RP116: 25/11/2012 19:00:20 - Windows Backup

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

7-Zip 9.20 (x64 edition)

7 Sticky Notes

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop Elements 8.0

Adobe Reader X (10.1.4)

AI Suite

Akeeba eXtract Wizard 3.3

Akeeba SiteDiff 3.1

Artisteer 3

Artisteer 4

ASAP Utilities

ATI AVIVO64 Codecs

ATI Catalyst Install Manager

Beyond Compare Version 3.3.5

calibre

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center HydraVision Full

Catalyst Control Center Localization All

ccc-core-static

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help English

CCC Help Japanese

CCC Help Korean

CCC Help Thai

CloudBerry Explorer for Amazon S3 3.5

CSE HTML Validator Lite v6.52

DHTML Editing Component

Dropbox

DVD Suite

EPU-4 Engine

FastStone Photo Resizer 3.0

FileZilla Client 3.5.3

FreeCommander 2009.02b

Google Chrome

Google Drive

Google Update Helper

HeidiSQL 7.0.0.4053

Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)

HP Deskjet 3050 J610 series Basic Device Software

HP Deskjet 3050 J610 series Help

HP Photo Creations

HP Update

IcoFX 1.6.4

Intel A/V Codecs V2.0

Java 7 Update 7 (64-bit)

Java 7 Update 9

Java Auto Updater

Java SE Development Kit 7 Update 7 (64-bit)

LabelPrint

LastPass(uninstall only)

Lexmark P910 Series

LinkChecker 8.1

Malwarebytes Anti-Malware version 1.65.1.1000

MediaShow

Microsoft .NET Framework 4 Client Profile

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft_VC100_CRT_SP1_x64

Microsoft_VC100_CRT_SP1_x86

Mozilla Embedded Browser version 3.5

Mozilla Firefox 16.0.2 (x86 en-US)

Mozilla Maintenance Service

MSVC80_x64_v2

MSVC80_x86_v2

MSVC90_x64

MSVC90_x86

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MyFreeCodec

NetBeans IDE 7.2

Nokia Connectivity Cable Driver

Nokia Suite

Notepad++

NuSphere PhpED version 5.9.5

OpenOffice.org 3.4.1

OutWit Hub 2.1.4.22 (x86 en-US)

PC Connectivity Solution

PhotoNow! 1.0

php-4.4.9 for NuSphere PhpED

php-5.2.13 for NuSphere PhpED

php-5.3.2 for NuSphere PhpED

Php Documentor version 1.4.2 for NuSphere PhpED

Picasa 3

Platform

Polystyle 2.0zo (trial) for NuSphere PhpED

Power2Go 5.0

PowerBackup

PowerDirector Express

PowerDVD

PowerDVD Copy

PowerProducer

Prevx

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition

Skype Click to Call

Skype™ 5.10

SpeedFan (remove only)

Spelling Dictionaries Support For Adobe Reader 9

Spotify

SQLyog 8.61

Turbo Lister 2

TurboV

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VIA Platform Device Manager

WampServer 2.2

Windows Driver Package - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0)

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Xmarks for IE

.

==== Event Viewer Messages From Past Week ========

.

26/11/2012 14:45:39, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DHCP Client service, but this action failed with the following error: An instance of the service is already running.

26/11/2012 14:44:39, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the HomeGroup Provider service, but this action failed with the following error: An instance of the service is already running.

26/11/2012 14:43:39, Error: Service Control Manager [7031] - The Windows Event Log service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

26/11/2012 14:43:39, Error: Service Control Manager [7031] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

26/11/2012 14:43:39, Error: Service Control Manager [7031] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

26/11/2012 14:43:39, Error: Service Control Manager [7031] - The Security Center service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

26/11/2012 14:43:39, Error: Service Control Manager [7031] - The HomeGroup Provider service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

26/11/2012 14:43:39, Error: Service Control Manager [7031] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

26/11/2012 12:09:33, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

26/11/2012 11:35:43, Error: Service Control Manager [7000] - The CSIScanner service failed to start due to the following error: The pipe has been ended.

26/11/2012 11:35:33, Error: Service Control Manager [7031] - The CSIScanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

26/11/2012 00:21:37, Error: Service Control Manager [7000] - The CSIScanner service failed to start due to the following error: The system cannot find the path specified.

24/11/2012 14:32:22, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.

24/11/2012 14:16:45, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

24/11/2012 14:16:45, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

24/11/2012 14:16:45, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

24/11/2012 14:16:30, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

24/11/2012 14:16:30, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

24/11/2012 14:14:54, Error: volmgr [46] - Crash dump initialization failed!

.

==== End Of File ===========================

Maurice Naggar · November 27, 2012

Use Control Panel >> Programs and Features and Uninstall Java 7 Update 7 (64-bit).

It is obsolete and a security risk. You already have Java 7 update 9.

Several of the Windows services are showing problems. Do as much as you can of the following.

Windows services

This will be a batch-fix .

Press the Windows-key on keyboard.
In the box, type notepad and press Enter.

Highlight the contents of the following codebox, and copy and paste that text into NOTEPAD.

@Echo off
sc stop wuauserv
sc stop bits
sc config dcomlaunch start= auto
sc config nsi start= auto
sc config dhcp start= auto
sc config rpcss start= auto
sc config winmgmt start= auto
sc config wscsvc start= delayed-auto
sc config bits start= delayed-auto
sc config wuauserv start= delayed-auto
sc config sdrsvc start= manual
sc config vss start= auto
sc config eventlog start= auto
sc config bfe start= auto
sc config eventsystem start= auto
sc start sdrsvc
sc start vss
sc start rpcss
sc start eventsystem
sc start bfe
sc start bits
sc start wuauserv
shutdown -r -t 1
del %0

Select File -> Save AS.
Press the Desktop button on the left side of the save dialog.
In the box, type in Fix.bat.
Press .
Close Notepad.
Right click Fix.bat on your desktop, and choose .
Press Yes if prompted by User Account Control.

This procedure will do its tasks and then it will Restart Windows.

Step 2

Check for missing or disabled Windows services, by doing the following, and post detailed results when done !!

From Start button, (or Win-key +R) and in the searcht-box type in MSCONFIG and press OK or Enter.

On Vista or Windows 7, press Windows-key on keybooard, and type in MSCONFIG

You should see the General tab. Click the General tab. It should have Normal startup selected (in the radio-box=selection)

IF it does not, then you click on Normal startup.

Click on Services tab. To get it's display of services.

Keep a written list of any changes from my list of services below. That way you and I have a reference document.

Look at the bottom line Hide all Microsoft services

IF and only IF its is checkmarked, then un-check it.

the list of servies may be shown in non-alphabetical order, so ....

Look at the heading titled "Service". Click on it as needed so the list is sorted and top of list starts with the "A" services.

You can toggle as needed to get the desired order.

IF any of below services are NOT shown, don't panic & do not stop, just write down the info for me and proceed with the others !

Then using the scroll-bar scroll down the list

Look for Background Intelligent Transfer Service. Is it shown? Is it checked? If not, click on that checkbox to checkmark.

Look for Base Filtering Engine. Is it shown? Is it checked? If not, click on that checkbox to checkmark.

Look for COM+ Event System. Is it shown? Is it checked? If not, click on that checkbox to checkmark.

Look for COM+ System Application. Is it shown? Is it checked? If not, click on that checkbox to checkmark.

Look for Cryptographic Services. Is it shown? Is it checked? If not, click on that checkbox to checkmark.

Look for Ipsec Policy Agent. Is it shown? Is it checked? If not, click on that checkbox to checkmark.

Look for Remote Procedure Call (RPC) Locator. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

Look for RPC Endpoint Mapper. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

Look for Windows Firewall. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

Look for Windows Installer. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

Look for Windows Management Instrumentation. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

Look for Windows Update. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

When done, press the Apply button, and the OK button.

You're likely to be prompted to Restart Windows, do so.

If not prompted, you do a Logoff and Restart of Windows.

Then report back here with details.

If any of the services are not shown, just let me know which.

Step 3

You will want to print out or copy these instructions to Notepad for offline reference!

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.

Using Internet Explorer browser only, go to ESET Online Scanner website:

http://www.eset.com/onlinescan/

Accept the Terms of Use and press Start button;
Approve the install of the required ActiveX Control, then follow on-screen instructions;
Enable (check) the Remove found threats option, and run the scan.
After the scan completes, the Details tab in the Results window will display what was found and removed.
- A logfile is created and located at C:\Program Files (x86)\Eset\EsetOnlineScanner\log.txt.
Look at contents of this file using Notepad.
The Frequently Asked Questions for ESET Online Scanner can be viewed here
http://go.eset.com/us/online-scanner/faq
- It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
  (And the prompt re-enabling when finished.)
- If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
- Do not use the system while the scan is running. Once the full scan is underway, go take a long break

Re-enable the antivirus program.

Reply with copy of the Eset scan log

brent58 · November 27, 2012

Hi Maurice, here are the results....

Java 7 Update 7 (64 bit) - Removed

Step 1
When running the fix.bat file it flashed up "not authorised" in the command window during the run. It was too quick to see what it was referring to but it completed ok and re-booted the pc.
Step 2
Background Intelligent Transfer Service. >> OK
Base Filtering Engine >> OK
COM+ Event System >> OK
COM+ System Application >> OK but STOPPED
Cryptographic Services >> OK
Ipsec Policy Agent >> OK
Remote Procedure Call (RPC) Locator >> OK but STOPPED
RPC Endpoint Mapper >> OK
Windows Firewall >> OK
Windows Installer >> OK but STOPPED
Windows Management Instrumentation >> OK
Windows Update >> OK
Step 3 - esat scan log
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=339f79a65b80264689a755599fb4c72d
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-27 01:06:56
# local_time=2012-11-27 01:06:56 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 13398196 106481850 0 0
# compatibility_mode=8192 67108863 100 0 3853 3853 0 0
# scanned=376580
# found=8
# cleaned=8
# scan_time=4816
C:\WebDev\MyWebSites\#Group1\UK2 - Client - DiscountInternetDirectory\cube-cart\CubeCart_3.0.20\upload\includes\boxes\siteDocs.inc.php PHP/Obfuscated.F application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WebDev\MyWebSites\#Group1\UK2 - Client - DiscountInternetDirectory\cube-cart\CubeCart_3.0.20\upload\language\nl\lang.inc.php PHP/Obfuscated.F application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WebDev\MyWebSites\StudentDiscountNetwork - 123-reg\my backups\public_html\estelles_mod_store_cat_desc.php PHP/Obfuscated.F application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WebDev\MyWebSites\StudentDiscountNetwork - 123-reg\my backups\public_html\estelles_mod_store_character_limit.php PHP/Obfuscated.F application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WebDev\MyWebSites\StudentDiscountNetwork - 123-reg\my backups\public_html\admin\products\ppqd_lock.php PHP/Obfuscated.F application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WebDev\MyWebSites\StudentDiscountNetwork - 123-reg\original-backups\studentd\studentd\yorkstudentdiscounts\estelles_mod_store_cat_desc.php PHP/Obfuscated.F application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WebDev\MyWebSites\StudentDiscountNetwork - 123-reg\original-backups\studentd\studentd\yorkstudentdiscounts\estelles_mod_store_character_limit.php PHP/Obfuscated.F application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WebDev\MyWebSites\StudentDiscountNetwork - 123-reg\original-backups\studentd\studentd\yorkstudentdiscounts\admin\products\ppqd_lock.php PHP/Obfuscated.F application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Maurice Naggar · November 27, 2012

Download Dr.Web CureIt to the desktop.

Turn OFF your antivirus program.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, chose the Complete Scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look and see if you can click the following icon next to the files found:
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer to allow files that were in use to be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Re-Enable your antivirus program when all done.

brent58 · November 28, 2012

Results of DrWeb - 1 infection found.

DrWeb.csv

PDAurora.dll;C:\Program Files (x86)\ (x86)\CyberLink\PowerDirector Express;BackDoor.Siggen.49659;Deleted.;

Do you want to see the CureIt.txt file as well ?

Many thanks,

Brent

Maurice Naggar · November 28, 2012

No, I do not need the Cure-It text.

Let me know if you have hardware or programs you do use from CyberLink.

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member brent58 only. If you are a casual viewer, do NOT try this on your system!

If you are not brent58 and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop and select "Run as Administrator".

A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh :excl:

Reply & Copy & Paste contents of the C:\Combofix.txt log and tell me, How is the system now ?

Re-enable your antivirus program.

brent58 · November 29, 2012

Hi Maurice, here are the results.....

I have Cyberlink DVD Suite software installed on my machine but have never used it as far as I can recall.

I had a small problem with running ComboFix as it asked that Prevx anti-virus be disabled before starting. However, I was unable to find any way to do that... I think the instructions in the link you provided are maybe out of date and I could find no way of disabling it. In the end I re-booted my pc to prevent Combofix from running, un-installed Prevx and re-booted again. I was then able to run combofix without any problems and the log is shown below.

I will not re-install prevx until you let me know it is ok to do so.

Apart from that, everything seems to be working ok.

Many Thanks,

Brent

ComboFix 12-11-29.01 - Brent 29/11/2012 9:28.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4087.2830 [GMT 0:00]

Running from: c:\users\Brent\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\SysWow64\muzapp.exe

.

((((((((((((((((((((((((( Files Created from 2012-10-28 to 2012-11-29 )))))))))))))))))))))))))))))))

.

2012-11-29 09:35 . 2012-11-29 09:35 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-29 09:11 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2EDD2076-6627-4AEF-8120-E8049B63EA38}\mpengine.dll

2012-11-29 08:39 . 2012-11-29 08:38 972264 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EAEB4E82-5A0C-4119-86E5-6F9D45CB957D}\gapaengine.dll

2012-11-28 18:26 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-11-28 09:54 . 2012-11-28 10:12 -------- d-----w- c:\users\Brent\DoctorWeb

2012-11-27 11:42 . 2012-11-27 11:42 -------- d-----w- c:\program files (x86)\ESET

2012-11-24 14:34 . 2012-11-24 14:34 -------- d-----w- c:\users\Brent\AppData\Roaming\Malwarebytes

2012-11-24 14:34 . 2012-11-24 14:34 -------- d-----w- c:\programdata\Malwarebytes

2012-11-24 14:33 . 2012-11-24 14:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-11-24 14:33 . 2012-09-29 19:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-17 00:55 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2012-11-17 00:55 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-11-17 00:55 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-11-17 00:55 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-11-17 00:46 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-11-17 00:46 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-11-17 00:46 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2012-11-17 00:46 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-11-17 00:46 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll

2012-11-17 00:46 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-11-17 00:46 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-11-15 14:14 . 2012-06-27 08:37 1917416 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll

2012-11-15 14:14 . 2012-06-27 08:37 1917416 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01005.dll

2012-11-15 13:43 . 1997-04-22 01:00 27632 ----a-w- c:\windows\SysWow64\Ctl3dv2.dll

2012-11-13 10:20 . 2012-11-13 10:20 -------- d-----w- c:\programdata\eBay

2012-11-13 10:20 . 2012-11-13 10:20 -------- d-----w- c:\program files (x86)\eBay

2012-11-11 20:03 . 2012-11-11 20:03 -------- d-----w- c:\users\Brent\AppData\Roaming\OpenOffice.org

2012-11-11 20:01 . 2012-11-11 20:01 -------- d-----w- c:\program files (x86)\OpenOffice.org 3

2012-11-08 15:24 . 2012-11-08 15:24 -------- d-----w- c:\program files (x86)\LinkChecker

2012-11-07 14:21 . 2012-11-07 14:21 14825544 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe

2012-11-06 15:30 . 1998-02-13 14:30 143872 ----a-w- c:\windows\SysWow64\iacenc.dll

2012-11-06 15:30 . 1997-11-06 12:53 27648 ----a-w- c:\windows\SysWow64\ir50_lcs.dll

2012-11-06 15:30 . 1997-08-27 09:53 391168 ----a-w- c:\windows\SysWow64\i263_32.drv

2012-11-06 15:30 . 1997-06-13 08:56 56832 ----a-w- c:\windows\SysWow64\Iyvu9_32.dll

2012-11-06 15:30 . 1998-07-30 12:51 305152 ----a-w- c:\windows\IsUninst.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-17 00:47 . 2010-09-25 09:48 66395536 ----a-w- c:\windows\system32\MRT.exe

2012-11-15 08:59 . 2012-06-24 16:29 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-11-15 08:59 . 2012-06-24 16:29 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-29 12:10 . 2012-10-10 15:43 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll

2012-10-19 09:45 . 2012-10-19 09:45 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin

2012-10-19 09:17 . 2012-10-19 09:17 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-10-19 09:17 . 2012-10-19 09:18 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-10-19 09:17 . 2012-10-19 09:18 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-10-16 08:38 . 2012-11-28 09:48 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38 . 2012-11-28 09:48 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39 . 2012-11-28 09:48 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-09 19:11 . 2012-10-09 19:11 49152 ----a-r- c:\windows\SysWow64\inetwh32.dll

2012-10-09 19:11 . 2012-10-09 19:11 1044480 ----a-r- c:\windows\SysWow64\roboex32.dll

2012-10-02 16:07 . 2012-10-02 16:07 972192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2012-09-26 19:57 . 2012-09-26 19:57 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll

2012-09-26 19:57 . 2012-09-26 19:57 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll

2012-09-26 19:57 . 2012-09-26 19:57 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll

2012-09-26 19:57 . 2012-09-26 19:57 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll

2012-09-26 19:57 . 2012-09-26 19:57 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll

2012-09-26 19:57 . 2012-09-26 19:57 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll

2012-09-26 19:57 . 2012-09-26 19:57 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax

2012-09-26 19:57 . 2012-09-26 19:57 491520 ----a-w- c:\windows\SysWow64\muzapp.dll

2012-09-26 19:57 . 2012-09-26 19:57 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll

2012-09-26 19:57 . 2012-09-26 19:57 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll

2012-09-26 19:57 . 2012-09-26 19:57 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll

2012-09-26 19:57 . 2012-09-26 19:57 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll

2012-09-26 19:57 . 2012-09-26 19:57 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll

2012-09-26 19:57 . 2012-09-26 19:57 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll

2012-09-26 19:57 . 2012-09-26 19:57 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax

2012-09-26 19:57 . 2012-09-26 19:57 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll

2012-09-26 19:57 . 2012-09-26 19:57 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe

2012-09-26 19:57 . 2012-09-26 19:57 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll

2012-09-26 19:57 . 2012-09-26 19:57 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll

2012-09-26 19:57 . 2012-09-26 19:57 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax

2012-09-26 19:57 . 2012-09-26 19:57 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll

2012-09-26 19:57 . 2012-09-26 19:57 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax

2012-09-26 19:57 . 2012-09-26 19:57 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax

2012-09-26 19:57 . 2012-09-26 19:57 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll

2012-09-26 19:57 . 2012-09-26 19:57 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax

2012-09-25 11:36 . 2012-09-25 11:37 916456 ----a-w- c:\windows\system32\deployJava1.dll

2012-09-25 11:36 . 2012-09-25 11:37 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-09-19 09:02 . 2012-09-29 17:36 1589248 ----a-w- c:\windows\SysWow64\libmysql_d.dll

2012-09-14 19:19 . 2012-10-10 13:52 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-14 18:28 . 2012-10-10 13:52 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-08-31 18:19 . 2012-10-10 13:53 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Brent\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Brent\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Brent\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Xmarks"="c:\program files (x86)\Xmarks\IE Extension\xmarkssync.exe" [2012-03-07 1122848]

"Spotify Web Helper"="c:\users\Brent\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-11-06 1199576]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"RemoteControl"="c:\program files (x86)\ (x86)\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]

"LanguageShortcut"="c:\program files (x86)\ (x86)\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]

"TurboV"="c:\program files\ASUS\TurboV\TurboV.exe" [2009-09-07 5507072]

"QFan Help"="c:\program files\ASUS\Ai Suite\QFan3\QFanHelp.exe" [2009-08-19 603136]

"Cpu Level Up help"="c:\program files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2009-08-21 887936]

"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-08-28 2252800]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-06 102400]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

.

c:\users\Brent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

7 Sticky Notes.lnk - c:\program files (x86)\7 Sticky Notes\7StickyNotes.exe [2012-7-4 9097216]

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux3"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]

R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]

R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-25 1255736]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024]

S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-04-07 202752]

S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-08-19 90112]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-08-17 1235968]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-29 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 08:59]

.

2012-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-26 18:19]

.

2012-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-26 18:19]

.

2012-11-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1572878878-1834635408-3462484821-1001Core.job

- c:\users\Brent\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-09 16:24]

.

2012-11-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1572878878-1834635408-3462484821-1001UA.job

- c:\users\Brent\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-09 16:24]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\Brent\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\Brent\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\Brent\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\Brent\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2012-10-25 15:45 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2012-10-25 15:45 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2012-10-25 15:45 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2012-10-25 15:45 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.bing.com/

uDefault_Search_URL = hxxp://www.google.com/ie

mLocal Page = c:\windows\SysWOW64\blank.htm

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: LastPass - file://c:\users\Brent\AppData\LocalLow\LastPass\context.html?cmd=lastpass

IE: LastPass Fill Forms - file://c:\users\Brent\AppData\LocalLow\LastPass\context.html?cmd=fillforms

IE: NuSphere PhpED :: Debug this page - c:\program files (x86)\NuSphere\PhpED\NuSphereIEBar.dll/1000

TCP: DhcpNameServer = 194.168.4.100 194.168.8.100

FF - ProfilePath - c:\users\Brent\AppData\Roaming\Mozilla\Firefox\Profiles\uvtvei7p.default\

FF - ExtSQL: 2012-11-06 10:40; {966762eb-7132-4081-ac70-20d20161ad96}; c:\users\Brent\AppData\Roaming\Mozilla\Firefox\Profiles\uvtvei7p.default\extensions\{966762eb-7132-4081-ac70-20d20161ad96}.xpi

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

Wow6432Node-HKLM-Run-KiesTrayAgent - c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe

SafeBoot-BsScanner

Toolbar-Locked - (no file)

AddRemove-CodInstl - c:\windows\system32\CDUninst.isu

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-11-29 09:37:48

ComboFix-quarantined-files.txt 2012-11-29 09:37

.

Pre-Run: 913,620,865,024 bytes free

Post-Run: 915,094,310,912 bytes free

.

- - End Of File - - E5248F08B30F56762BB227A22E35F992

Maurice Naggar · November 29, 2012

Looks good. We are almost ready to wrap this up. Do this next task

Download Security Check by screen317 from here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

brent58 · November 30, 2012

Hi Maurice, results below...

Presumably I am ok to re-install Prevx now?

Also, I would be interested to know if you think my current security precautions (ie. ms essentials, MAMB & Prevx) offer a good level of protection...... would you change anything?

Many thanks,

Brent

Results of screen317's Security Check version 0.99.56

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Microsoft Security Essentials

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.65.1.1000

Java 7 Update 9

Adobe Flash Player 11.5.502.110

Adobe Reader 9 Adobe Reader out of Date!

Adobe Reader 10.1.4 Adobe Reader out of Date!

Mozilla Firefox 16.0.2 Firefox out of Date!

Google Chrome 21.0.1180.83

Google Chrome 21.0.1180.89

Google Chrome 22.0.1229.79

Google Chrome 22.0.1229.92

Google Chrome 22.0.1229.94

Google Chrome 23.0.1271.64

Google Chrome 23.0.1271.91

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

Maurice Naggar · November 30, 2012

You may re-install PrevX, though I'd suggest you not have it set to auto-start with Windows.

You may use it as an on-demand tool.

Having MSE & MBAM active is sufficent enough, providing you follow the general safe-practice tips listed below.

Set "trust settings" in both MBAM and MS Security Essential. You may use the guides posted in the FAQ's >> here <<

Older versions of Adobe Reader pose a potential security risk.

De-install your Adobe Reader: Use Control Panel's Program and Features, Un-install Adobe Reader.

Get latest Adobe Reader version

http://get.adobe.com/reader/

Be sure to un-check the box for Free McAfee Security Scan or any "toolbar" (if offered )

Your Firefox browser is out of date. Start Firefox. Select Help from main bar, then About Firefox. Then click Check for Updates.

Do follow the prompts to Update & apply update, & allow restart of Firefox.

We can wrap this up now. I see that you are clear of your original issues.

If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used. Advise me after you have completed the cleanups.

We have to remove Combofix and all its associated folders. By whichever name you named it, ( you had named it ComboFix ),

put that name in the RUN box stated just below.

The "/uninstall" in the Run line below is to start Combofix for it's cleanup & removal function.

Note the space before the slash mark.

The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.

Highlight the line in this CODEBOX.
Select & Copy the entire line within this codebox (so that it is in Windows clipboard memory)
```
c:\users\Brent\Desktop\ComboFix.exe /uninstall
```
Start >> type in cmd >> press the Ctrl+Shift+Enter keyboard combination and cmd.exe will be launched as if you selected Run as Administrator. You will then see a User Account Control prompt asking if you would like to allow the Command Prompt to be able to make changes on your computer. Click on the Yes button and you will now be at the Elevated Command Prompt.
Do a Right click within the command prompt window and select Paste. This must show the line from Codebox above.
Then tap Enter

IF in the case Combofix un-install has an issue, skip that step.

Download OTC to your desktop and run it
Click Yes to beginning the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

ERUNT you should keep and use periodically to backup Windows registry.

Delete the following if still present:

DrWeb Cure-It

You may use Control Panel >> Programs and Features and uninstall ESET Online scan.

Safer practices & malware prevention

Have a hardware router between the incoming internet-modem and your computer.
Use a Standard user account rather than an administrator-rights account when "surfing" the web.
Configure your Antivirus software to check for updates daily, at a time in which you are sure the computer will be on.
Check in at Windows Update and install any Important Updates offered.
Make certain that Automatic Updates is enabled.
How to configure and use Automatic Updates in Windows
http://support.microsoft.com/kb/306525
Check on other update issues as well, visit Secunia Online Software Inspector (OSI)
See How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector
Download, install, and keep updated Spyware Blaster (free): http://www.javacoolsoftware.com/spywareblaster.html (all Protections should be enabled at all times)
Tutorial for Spywareblaster: Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware
I'd recommend that you get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm
See the FAQ page http://mvps.org/winhelp2002/hostsfaq.htm
That would help to keep your browser away from known spyware/malware sites.
Make regular backups of your system to removable media: DVD, USB external hard drive, etc.
Having a total image backup of your system stored on DVD/CD is highly important.
Get and make use of imaging-backup utilities and save them to offline media. That way you have something to fall back to if another disaster hits.
Examples of image backup software: Acronis True Image, or the free (for personal use) Macrium Reflect http://www.macrium.com/reflectfree.asp
or Paragon Backup & Recovery http://www.paragon-software.com/home/br-free/download.html
Consider using Web of Trust WOT add-on for your browser(s)
http://www.mywot.com/en/download
http://www.mywot.com/en/faq/add-on
On some regular schedule, it is a good idea to do an online scan for viruses and malware. Here is a very short list of sites where this may be done:
ESET Online Scanner
BitDefender Quickscan
Trend Micro Housecall
F-Secure Online Scanner
Microsoft Safety Scanner
Panda ActiveScan
See Six tips to help you stay safer online
Never, ever download free games, free tools, videos, mutli-media files or anything free unless you can be absolutely sure the source is safe !

We are finished here. Best regards.

brent58 · December 1, 2012

Hi Maurice,

Everything seems to be ok now so I would just like to thank you for your time in helping me with this and the valuable advice offered.

Kind Regards,

Brent

Maurice Naggar · December 1, 2012

Awesome. Very good. I will now mark this as completed & resolved. Wish you well.

Am I still infected?

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information