Redirect, Windows defender disabled / cant update

[calebpoland]

Redirect, Windows defender unable to start svc, windows host service crashing. Uhm, Ive ran MBAM a bunch and OneCare located trojandownloader JAVA openconnect.b. MBAM helped a little, but still infected. Now no results.

1st the MBAM LOG just performed in SAFE MODE NO NETWORKING:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4333

Windows 6.0.6002 Service Pack 2 (Safe Mode)

Internet Explorer 8.0.6001.18928

7/22/2010 1:12:47 PM

mbam-log-2010-07-22 (13-12-47).txt

Scan type: Full scan (C:\|)

Objects scanned: 256795

Time elapsed: 1 hour(s), 0 minute(s), 37 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

.

.

.

.

.

.

.

.

.

.

.

.

.

..

And now the DDS

DDS (Ver_10-03-17.01) - NTFSx86 NETWORK

Run by Cat at 21:31:28.08 on Thu 07/22/2010

Internet Explorer: 8.0.6001.18928

Microsoft

Attach.zip

[Maniac]

Hello calebpoland! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

• The process of cleaning your system may take some time, so please be patient.
  
• Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  
• Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  
• Instructions that I give are for your system only!
  
• If you don't know or can't understand something please ask.
  
• Do not install or uninstall any software or hardware, while work on.
  
• Keep me informed about any changes.
  

Step 1

Please, uninstall the following applications:

1. Adobe Reader 8.1.2
   
2. LimeWire 4.16.4
   

You can read, how to do this here:

• Windows XP
  
• Windows Vista
  
• Windows 7
  

Step 2

Please go into the Control Panel, Add/Remove and for now remove ALL versions of JAVA

Then run this tool to help cleanup any left over Java

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

• Double-click on JavaRa.exe to start the program.
  
• From the drop-down menu, choose English and click on Select.
  
• JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  
• Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  
• A logfile will pop up. Please save it to a convenient location and post it back when you reply
  Then look for the following Java folders and if found delete them.
  C:\Program Files\Java
  C:\Program Files\Common Files\Java
  C:\Windows\Sun
  C:\Documents and Settings\All Users\Application Data\Java
  C:\Documents and Settings\All Users\Application Data\Sun\Java
  C:\Documents and Settings\username\Application Data\Java
  C:\Documents and Settings\username\Application Data\Sun\Java
  

Step 3

I also see you have Viewpoint installed...

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.

• 
  
• Viewpoint
  
• Viewpoint Manager
  
• Viewpoint Media Player
  

Step 4

Use Normal mode:

• Launch Malwarebytes' Anti-Malware
  
• Go to "Update" tab and select "Check for Updates". If an update is found, it will download and install the latest version.
  
• Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

In your next reply, please include these log(s):

1. JavaRa log
   
2. MalwareBytes' Anti-Malware log
   
3. a new fresh DDS log only
   

[calebpoland]

In normal mode, none of the apps made request to reboot in between so i didnt.

MBAM: Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4342

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18928

7/23/2010 5:17:47 PM

mbam-log-2010-07-23 (17-17-47).txt

Scan type: Quick scan

Objects scanned: 129424

Time elapsed: 13 minute(s), 8 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

new_DDS.txt

[calebpoland]

also I didnt reboot after I uninstalled Java, Limeware, Viewpoint and Java Folders

[Maniac]

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

1. If you are using Firefox, make sure that your download settings are as follows:
   
   • Open Tools -> Options -> Main tab
     
   • Set to Always ask me where to Save the files.
     

[*]During the download, rename Combofix to Combo-Fix as follows:

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  

  -----------------------------------------------------------

  
  

• Close any open browsers.
  
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

[calebpoland]

combo-fix log

combo_fix.txt

[Maniac]

Please read the following through carefully so that you understand what to do.

• Download TDSSKiller and save it to your Desktop.
  
• Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  
• Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)
  "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
  
• If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  
• It may ask you to reboot the computer to complete the process. Allow it to do so.
  
• When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.
  

[calebpoland]

When I copy "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v into the run window it pops up a error box saying:

Valid command line parameters:

-| <file_name> path to log file

-qpath

-qall

-qsus

-qmbr

etc.

[calebpoland]

I did a manual scan through the program and the log file it showed through the scanner was:

2010/07/26 15:53:24.0937 TDSS rootkit removing tool 2.4.0.0 Jul 22 2010 16:09:49

2010/07/26 15:53:24.0938 ================================================================================

2010/07/26 15:53:24.0938 SystemInfo:

2010/07/26 15:53:24.0938

2010/07/26 15:53:24.0938 OS Version: 6.0.6002 ServicePack: 2.0

2010/07/26 15:53:24.0938 Product type: Workstation

2010/07/26 15:53:24.0938 ComputerName: CAT-PC

2010/07/26 15:53:24.0939 UserName: Cat

2010/07/26 15:53:24.0939 Windows directory: C:\Windows

2010/07/26 15:53:24.0939 System windows directory: C:\Windows

2010/07/26 15:53:24.0939 Processor architecture: Intel x86

2010/07/26 15:53:24.0939 Number of processors: 2

2010/07/26 15:53:24.0939 Page size: 0x1000

2010/07/26 15:53:24.0939 Boot type: Normal boot

2010/07/26 15:53:24.0939 ================================================================================

2010/07/26 15:53:29.0971 Initialize success

2010/07/26 15:53:44.0924 ================================================================================

2010/07/26 15:53:44.0924 Scan started

2010/07/26 15:53:44.0924 Mode: Manual;

2010/07/26 15:53:44.0924 ================================================================================

2010/07/26 15:53:48.0739 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

2010/07/26 15:53:48.0868 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

2010/07/26 15:53:48.0987 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

2010/07/26 15:53:49.0114 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

2010/07/26 15:53:49.0157 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

2010/07/26 15:53:49.0350 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys

2010/07/26 15:53:49.0479 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys

2010/07/26 15:53:49.0567 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

2010/07/26 15:53:49.0617 aliide (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys

2010/07/26 15:53:49.0647 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys

2010/07/26 15:53:49.0758 amdide (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys

2010/07/26 15:53:49.0809 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

2010/07/26 15:53:50.0264 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys

2010/07/26 15:53:50.0535 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

2010/07/26 15:53:50.0590 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

2010/07/26 15:53:50.0638 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

2010/07/26 15:53:50.0710 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

2010/07/26 15:53:51.0114 atikmdag (c8465ed71bf898ea71c8717f2f8a5fa3) C:\Windows\system32\DRIVERS\atikmdag.sys

2010/07/26 15:53:51.0348 AtiPcie (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys

2010/07/26 15:53:51.0418 BCM43XX (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys

2010/07/26 15:53:51.0556 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\Windows\system32\DRIVERS\bcm4sbxp.sys

2010/07/26 15:53:51.0637 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

2010/07/26 15:53:51.0850 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys

2010/07/26 15:53:51.0891 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

2010/07/26 15:53:51.0927 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

2010/07/26 15:53:51.0974 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

2010/07/26 15:53:52.0136 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

2010/07/26 15:53:52.0168 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

2010/07/26 15:53:52.0197 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

2010/07/26 15:53:52.0229 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

2010/07/26 15:53:52.0504 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

2010/07/26 15:53:52.0569 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

2010/07/26 15:53:52.0651 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

2010/07/26 15:53:52.0742 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

2010/07/26 15:53:52.0860 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

2010/07/26 15:53:52.0993 cmdide (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys

2010/07/26 15:53:53.0060 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

2010/07/26 15:53:53.0082 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

2010/07/26 15:53:53.0109 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

2010/07/26 15:53:53.0183 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys

2010/07/26 15:53:53.0335 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

2010/07/26 15:53:53.0430 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

2010/07/26 15:53:53.0530 DXGKrnl (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys

2010/07/26 15:53:53.0673 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys

2010/07/26 15:53:53.0704 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

2010/07/26 15:53:53.0989 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

2010/07/26 15:53:54.0092 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

2010/07/26 15:53:54.0244 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

2010/07/26 15:53:54.0307 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

2010/07/26 15:53:54.0352 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

2010/07/26 15:53:54.0703 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

2010/07/26 15:53:55.0169 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

2010/07/26 15:53:55.0276 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

2010/07/26 15:53:55.0343 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

2010/07/26 15:53:56.0001 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

2010/07/26 15:53:56.0589 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

2010/07/26 15:53:56.0752 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys

2010/07/26 15:53:57.0027 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

2010/07/26 15:53:57.0234 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

2010/07/26 15:53:57.0736 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

2010/07/26 15:53:57.0875 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys

2010/07/26 15:53:57.0969 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

2010/07/26 15:53:58.0625 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys

2010/07/26 15:53:59.0058 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys

2010/07/26 15:53:59.0331 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys

2010/07/26 15:53:59.0916 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

2010/07/26 15:54:00.0014 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

2010/07/26 15:54:00.0579 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

2010/07/26 15:54:01.0065 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

2010/07/26 15:54:01.0116 intelide (0084046c084d68e494f8cf36bcf08186) C:\Windows\system32\drivers\intelide.sys

2010/07/26 15:54:01.0149 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys

2010/07/26 15:54:01.0272 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2010/07/26 15:54:01.0347 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

2010/07/26 15:54:01.0420 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

2010/07/26 15:54:01.0557 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

2010/07/26 15:54:02.0240 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys

2010/07/26 15:54:02.0300 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

2010/07/26 15:54:02.0452 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

2010/07/26 15:54:02.0487 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

2010/07/26 15:54:02.0589 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

2010/07/26 15:54:02.0618 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\DRIVERS\kbdhid.sys

2010/07/26 15:54:02.0753 klmd24 (6485ad0a17a0d6286b4d44c652adabb2) C:\Windows\system32\drivers\klmd.sys

2010/07/26 15:54:02.0817 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

2010/07/26 15:54:02.0957 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

2010/07/26 15:54:03.0009 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

2010/07/26 15:54:03.0082 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

2010/07/26 15:54:03.0115 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

2010/07/26 15:54:03.0244 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

2010/07/26 15:54:03.0325 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys

2010/07/26 15:54:03.0371 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

2010/07/26 15:54:03.0497 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

2010/07/26 15:54:03.0547 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

2010/07/26 15:54:03.0587 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

2010/07/26 15:54:03.0632 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\DRIVERS\mouhid.sys

2010/07/26 15:54:03.0744 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

2010/07/26 15:54:03.0772 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

2010/07/26 15:54:03.0820 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

2010/07/26 15:54:03.0855 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

2010/07/26 15:54:03.0931 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

2010/07/26 15:54:04.0061 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys

2010/07/26 15:54:04.0137 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2010/07/26 15:54:04.0195 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2010/07/26 15:54:04.0266 msahci (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys

2010/07/26 15:54:04.0397 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

2010/07/26 15:54:04.0504 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

2010/07/26 15:54:04.0651 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

2010/07/26 15:54:04.0838 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

2010/07/26 15:54:04.0859 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

2010/07/26 15:54:04.0919 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

2010/07/26 15:54:05.0013 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

2010/07/26 15:54:05.0086 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

2010/07/26 15:54:05.0243 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

2010/07/26 15:54:05.0296 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

2010/07/26 15:54:05.0400 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

2010/07/26 15:54:05.0568 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

2010/07/26 15:54:05.0784 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

2010/07/26 15:54:05.0836 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

2010/07/26 15:54:06.0078 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

2010/07/26 15:54:06.0238 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

2010/07/26 15:54:06.0318 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

2010/07/26 15:54:06.0401 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

2010/07/26 15:54:06.0568 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

2010/07/26 15:54:06.0822 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

2010/07/26 15:54:07.0509 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

2010/07/26 15:54:07.0937 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

2010/07/26 15:54:08.0087 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

2010/07/26 15:54:08.0137 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

2010/07/26 15:54:08.0179 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

2010/07/26 15:54:08.0216 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

2010/07/26 15:54:08.0339 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys

2010/07/26 15:54:08.0473 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

2010/07/26 15:54:08.0520 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

2010/07/26 15:54:08.0577 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

2010/07/26 15:54:08.0692 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

2010/07/26 15:54:08.0750 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

2010/07/26 15:54:08.0795 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

2010/07/26 15:54:08.0866 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

2010/07/26 15:54:09.0025 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

2010/07/26 15:54:09.0275 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

2010/07/26 15:54:09.0329 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

2010/07/26 15:54:09.0394 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

2010/07/26 15:54:09.0563 PxHelp20 (324c27635e516184c811339a75cefd4a) C:\Windows\system32\Drivers\PxHelp20.sys

2010/07/26 15:54:09.0639 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

2010/07/26 15:54:09.0825 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

2010/07/26 15:54:09.0873 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

2010/07/26 15:54:10.0059 R300 (c8465ed71bf898ea71c8717f2f8a5fa3) C:\Windows\system32\DRIVERS\atikmdag.sys

2010/07/26 15:54:10.0273 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

2010/07/26 15:54:10.0367 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

2010/07/26 15:54:10.0427 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

2010/07/26 15:54:10.0604 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

2010/07/26 15:54:10.0810 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

2010/07/26 15:54:10.0871 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

2010/07/26 15:54:11.0058 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys

2010/07/26 15:54:11.0116 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

2010/07/26 15:54:11.0249 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

2010/07/26 15:54:11.0393 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys

2010/07/26 15:54:11.0509 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys

2010/07/26 15:54:11.0601 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys

2010/07/26 15:54:11.0677 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

2010/07/26 15:54:11.0824 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

2010/07/26 15:54:11.0929 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys

2010/07/26 15:54:11.0982 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2010/07/26 15:54:12.0037 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

2010/07/26 15:54:12.0148 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

2010/07/26 15:54:12.0253 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

2010/07/26 15:54:12.0304 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys

2010/07/26 15:54:12.0325 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys

2010/07/26 15:54:12.0388 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys

2010/07/26 15:54:12.0495 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

2010/07/26 15:54:12.0655 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys

2010/07/26 15:54:12.0694 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

2010/07/26 15:54:12.0812 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

2010/07/26 15:54:13.0381 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

2010/07/26 15:54:13.0542 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

2010/07/26 15:54:13.0686 srv (0debafcc0e3591fca34f077cab62f7f7) C:\Windows\system32\DRIVERS\srv.sys

2010/07/26 15:54:13.0818 srv2 (6b6f3658e0a58c6c50c5f7fbdf3df633) C:\Windows\system32\DRIVERS\srv2.sys

2010/07/26 15:54:13.0878 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys

2010/07/26 15:54:14.0017 STHDA (5af135b2e2097d4494b9067ce84e2665) C:\Windows\system32\drivers\stwrt.sys

2010/07/26 15:54:14.0141 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

2010/07/26 15:54:14.0246 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

2010/07/26 15:54:14.0320 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

2010/07/26 15:54:14.0589 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

2010/07/26 15:54:14.0649 SynTP (dd17b63f26430e179ef6bdef5ac735bd) C:\Windows\system32\DRIVERS\SynTP.sys

2010/07/26 15:54:14.0935 Tcpip (48cbe6d53632d0067c2d6b20f90d84ca) C:\Windows\system32\drivers\tcpip.sys

2010/07/26 15:54:15.0190 Tcpip6 (48cbe6d53632d0067c2d6b20f90d84ca) C:\Windows\system32\DRIVERS\tcpip.sys

2010/07/26 15:54:15.0356 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

2010/07/26 15:54:15.0426 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

2010/07/26 15:54:15.0576 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

2010/07/26 15:54:15.0635 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

2010/07/26 15:54:15.0749 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

2010/07/26 15:54:15.0900 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

2010/07/26 15:54:15.0958 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

2010/07/26 15:54:16.0143 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

2010/07/26 15:54:16.0230 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

2010/07/26 15:54:16.0295 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

2010/07/26 15:54:16.0442 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys

2010/07/26 15:54:16.0491 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

2010/07/26 15:54:16.0577 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

2010/07/26 15:54:16.0712 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

2010/07/26 15:54:16.0815 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

2010/07/26 15:54:16.0865 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys

2010/07/26 15:54:16.0918 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys

2010/07/26 15:54:17.0046 usbbus (5353218b3265e3b8190335059f697a11) C:\Windows\system32\DRIVERS\lgusbbus.sys

2010/07/26 15:54:17.0104 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

2010/07/26 15:54:17.0167 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

2010/07/26 15:54:17.0308 UsbDiag (7dd3eefc62a1ef44e5f940fa651ed9ed) C:\Windows\system32\DRIVERS\lgusbdiag.sys

2010/07/26 15:54:17.0395 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

2010/07/26 15:54:17.0447 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

2010/07/26 15:54:17.0596 USBModem (083031a78822eccbd7510bccd3e20d4c) C:\Windows\system32\DRIVERS\lgusbmodem.sys

2010/07/26 15:54:17.0685 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys

2010/07/26 15:54:17.0739 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys

2010/07/26 15:54:17.0856 usbser (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\DRIVERS\usbser.sys

2010/07/26 15:54:17.0948 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2010/07/26 15:54:17.0991 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys

2010/07/26 15:54:18.0063 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys

2010/07/26 15:54:18.0183 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

2010/07/26 15:54:18.0238 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

2010/07/26 15:54:18.0311 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys

2010/07/26 15:54:18.0509 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

2010/07/26 15:54:18.0583 viaide (f3b4762eb85a2aff4999401f14c3262b) C:\Windows\system32\drivers\viaide.sys

2010/07/26 15:54:18.0645 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

2010/07/26 15:54:18.0785 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

2010/07/26 15:54:18.0957 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

2010/07/26 15:54:19.0013 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

2010/07/26 15:54:19.0082 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

2010/07/26 15:54:19.0234 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2010/07/26 15:54:19.0250 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2010/07/26 15:54:19.0442 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

2010/07/26 15:54:19.0509 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

2010/07/26 15:54:19.0742 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys

2010/07/26 15:54:20.0004 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

2010/07/26 15:54:20.0101 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

2010/07/26 15:54:20.0166 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

2010/07/26 15:54:20.0481 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys

2010/07/26 15:54:20.0516 ================================================================================

2010/07/26 15:54:20.0516 Scan finished

2010/07/26 15:54:20.0516 ================================================================================

[Maniac]

Any change?

[calebpoland]

Windows defender still unable to be started. Windows host service still randomly crashes during internet use. Unable to update Windows.

[Maniac]

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

1. If you are using Firefox, make sure that your download settings are as follows:
   
   • Open Tools -> Options -> Main tab
     
   • Set to Always ask me where to Save the files.
     

[*]During the download, rename Combofix to Combo-Fix as follows:

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  

  -----------------------------------------------------------

  
  

• Close any open browsers.
  
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

[calebpoland]

ran combo, it did detect rootkits, had to reboot.

newCombo_fix.txt

[calebpoland]

15 mins later and still having re-direct and popup troubles. windows defender still disabled

[calebpoland]

my sound today has been very fuzzy and some random pop ups

[Maniac]

Run MBRCheck.exe

• Run MBRCheck.exe
  
• Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  
• Please push the 'Y' key and then press Enter
  
• When program ask you Enter your choice: enter 2 and press the Enter key
  
• Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
  
• Enter 0 and press the Enter key.
  
• The program will show Available MBR codes:, followed by a list of operating systems. Please enter 1 for Windows XP, and then press Enter.
  
• When asked Do you want to fix the MBR code? type in YES and press enter
  
• Restart your PC.
  

[calebpoland]

Done. I chose the XP option on MBR. I run Vista if that matters. Rebooted, Defender still disabled even though I checked it previously to initialize at startup.

[calebpoland]

Windows update doesnt get an error when trying to update now, but it doesnt connect just sits there.

[Maniac]

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

• Please go here then click on:
  
• Select the option YES, I accept the Terms of Use then click on:
  
• When prompted allow the Add-On/Active X to install.
  
• Now click on Advanced Settings and select the following:
  

• • Remove found threats
    
  • Scan archives
    
  • Scan for potentially unwanted applications
    
  • Scan for potentially unsafe applications
    
  • Enable Anti-Stealth Technology
    

[*]Now click on:

[*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

[*]When completed the Online Scan will begin automatically.

[*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

[*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

[*]Now click on:

[*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

[*]Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

[calebpoland]

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=8e4b12288c243542b5e6a0a9ed81af03

# end=stopped

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-08-01 03:21:57

# local_time=2010-07-31 10:21:57 (-0600, Central Daylight Time)

# country="United States"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=5892 16776573 100 100 0 117238104 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=25440

# found=0

# cleaned=0

# scan_time=2385

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=8e4b12288c243542b5e6a0a9ed81af03

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-08-02 06:31:37

# local_time=2010-08-02 01:31:37 (-0600, Central Daylight Time)

# country="United States"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=5892 16776573 100 100 0 117330214 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=140812

# found=0

# cleaned=0

# scan_time=8055

[Maniac]

Please download to your Desktop: Dr.Web CureIt

• After the file has downloaded, disable your current Anti-Virus and disconnect from the Internet
  
• Doubleclick the drweb-cureit.exe file, then click the Start button, then the OK button to perform an Express Scan.
  
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it.
  
• Once the short scan has finished, Click on the Complete scan radio button.
  
• Then click on the Settings menu on top, the select Change Settings or press the F9 key. You can also change the Language
  
• Choose the Scanning tab and I recomend leaving the Heuristic analysis enabled (this can lead to False Positives though)
  
• On the File types tab ensure you select All files
  
• Click on the Actions tab and set the following:
  
  • Objects Infected objects = Cure, Incurable objects = Move, Suspicious objects = Report
    
  • Infected packages Archive = Move, E-mails = Report, Containers = Move
    
  • Malware Adware = Move, Dialers = Move, Jokes = Move, Riskware = Move, Hacktools = Move
    
  • Do not change the Rename extension - default is: #??
    
  • Leave the default save path for Moved files here: %USERPROFILE%\DoctorWeb\Quarantine\
    
  • Leave prompt on Action checked
    

  [*]On the Log file tab leave the Log to file checked.

  [*]Leave the log file path alone: %USERPROFILE%\DoctorWeb\CureIt.log

  [*]Log mode = Append

  [*]Encoding = ANSI

  [*]Details Leave Names of file packers and Statistics checked.

  [*]Limit log file size = 2048 KB and leave the check mark on the Maximum log file size.

  [*]On the General tab leave the Scan Priority on High

  [*]Click the Apply button at the bottom, and then the OK button.

  [*]On the right side under the Dr Web Anti-Virus Logo you will see 3 little buttons. Click the left VCR style Start button.

  [*]In this mode it will scan Boot sectors of all disks, All removable media, and all local drives

  [*]The more files and folders you have the longer the scan will take. On large drives it can take hours to complete.

  [*]When the Cure option is selected, an additional context menu will open. Select the necessary action of the program, if the curing fails.

  [*]Click 'Yes to all' if it asks if you want to cure/move the files.

  [*]This will move it to the %USERPROFILE%\DoctorWeb\Quarantine\ folder if it can't be cured. (in this case we need samples)

  [*]After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list

  [*]Save the report to your Desktop. The report will be called DrWeb.csv

  [*]Close Dr.Web Cureit.

  [*]Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.

  [*]After reboot, post the contents of the log from Dr.Web you saved previously to your Desktop in your next reply with a new hijackthis log.

  

[calebpoland]

Windows defender now popped up running today on log in and Windows is succesfully updating patches as well. Have not had any host crashing problems.

[Maniac]

I want to see a log file from Dr.Web CureIt, please.

[calebpoland]

Ive ran the scan and let it finish overnight but I cant find the log file and I cant find a way to save it to my desktop through drweb

[Maniac]

No problem.

How are things running now?