Jump to content

Windows Defender Error 0x80070424


Recommended Posts

I'm hoping I can finally get this issue resolved. Usually I am able to get everything working again after getting a virus but this is something that I cannot get to work. A few days ago my computer was infected with the Win 7 Total Security 2011 virus. At least I think that's what it was called, there are so many different names of these types of viruses. I was able to find the files associated with this virus through a scan with MBAM, but now my Windows Defender isn't working at all. After I open it up, I get an error message that states: The specified service does not exist as an installed service. (Error Code: 0x80070424). I don't know if I still have a virus that's blocking this program from working or the Win 7 virus did something to the registry, or if some important files got corrupted. I did a scan with Avira but it came up with no viruses. Also, I could not find a way to disable my script blocker so I have no DDS or Attach .txt files, and the GMER scanner didn't detect anything wrong so there was nothing in the log file. So basically I just have my MBAM log file and the DeFogger log file.

I ran the DeFogger. I don't think I got an error message but I did get a defogger_disable log. Here's what that shows:

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 14:56 on 28/04/2011 (kbalanis)

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

Here's the log of the MBAM scan:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6449

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

4/28/2011 4:48:24 PM

mbam-log-2011-04-28 (16-48-24).txt

Scan type: Full scan (C:\|)

Objects scanned: 408660

Time elapsed: 1 hour(s), 9 minute(s), 44 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

As you can see, MBAM hasn't detected any malicious software. So I don't really have much to go on.

I was able to get the DDS file to work. Here's the DDS.txt log:

.

DDS (Ver_11-03-05.01) - NTFS_AMD64

Run by kbalanis at 14:48:08.46 on Fri 04/29/2011

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.8190.4998 [GMT -7:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe

C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe

C:\Windows\system32\mfevtps.exe

C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe

C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe

C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe

C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe

C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe

C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Dell\Dell ControlPoint\System Manager\PanelHelper32.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 7\PSP.EXE

C:\Program Files (x86)\AVG\AVG10\avgchsva.exe

C:\Program Files (x86)\AVG\AVG10\avgrsa.exe

C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe

C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe

C:\Program Files (x86)\AVG\AVG10\avgnsa.exe

C:\Program Files (x86)\AVG\AVG10\avgtray.exe

C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Windows\splwow64.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\svchost.exe -k Akamai

C:\Windows\system32\msiexec.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Users\kbalanis\Desktop\dds.com

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Trend Micro NSC BHO: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - TmIEPlugInBHO Class

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

mRun: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe

mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

mRun: [shStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTOCA~1.LNK - C:\Program Files (x86)\Common Files\Autodesk Shared\acstart16.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLCO~1.LNK - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TDMNOT~1.LNK - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll

BHO-X64: Trend Micro NSC BHO - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

mRun-x64: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install

mRun-x64: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe

mRun-x64: [DellControlPoint] "c:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe"

mRun-x64: [uSCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe

.

============= SERVICES / DRIVERS ===============

.

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2011-1-19 37456]

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-10-15 466944]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-10-12 55280]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2011-1-7 304720]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-3-1 41552]

R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2011-2-10 376400]

R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-2-15 7421280]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]

R2 dcpsysmgrsvc;Dell ControlPoint System Manager;C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2010-2-8 515952]

R2 McAfeeEngineService;McAfee Engine Service;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2009-4-29 19720]

R2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2009-1-16 103744]

R2 McShield;McAfee McShield;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe [2009-4-29 176872]

R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [2009-4-29 62800]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2010-10-15 78992]

R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-10-27 6807656]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2011-3-30 118352]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2011-2-10 29264]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-10-15 120096]

S0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2011-2-22 26704]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-1-4 1436424]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2010-10-15 76696]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-15 1255736]

.

=============== File Associations ===============

.

.scr=AutoCADScriptFile

.

=============== Created Last 30 ================

.

2011-04-29 16:11:42 6533152 ----a-w- C:\Users\kbalanis\XobniSetup.exe

2011-04-29 16:11:42 -------- d-----w- C:\Program Files (x86)\Xobni

2011-04-29 16:10:54 -------- d-----w- C:\Users\kbalanis\AppData\Roaming\AVG10

2011-04-29 16:05:36 -------- d--h--w- C:\PROGRA~3\Common Files

2011-04-29 16:05:28 -------- d-----w- C:\Windows\SysWow64\drivers\AVG

2011-04-29 16:04:57 -------- d-----w- C:\Windows\System32\drivers\AVG

2011-04-29 16:04:57 -------- d-----w- C:\PROGRA~3\AVG10

2011-04-29 16:04:24 -------- d-----w- C:\Program Files (x86)\AVG

2011-04-29 15:57:50 -------- d-----w- C:\PROGRA~3\MFAData

2011-04-28 19:26:12 -------- d-----w- C:\Users\kbalanis\AppData\Local\Threat Expert

2011-04-28 18:44:23 -------- d-sh--w- C:\$RECYCLE.BIN

2011-04-28 18:36:49 89088 ----a-w- C:\Windows\MBR.exe

2011-04-28 18:36:47 98816 ----a-w- C:\Windows\sed.exe

2011-04-28 18:36:47 256512 ----a-w- C:\Windows\PEV.exe

2011-04-28 18:36:47 161792 ----a-w- C:\Windows\SWREG.exe

2011-04-28 18:06:03 -------- d-----w- C:\PROGRA~3\Kaspersky Lab Setup Files

2011-04-28 16:56:29 374664 ----a-w- C:\Windows\System32\drivers\netio.sys

2011-04-28 15:53:11 19528 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys

2011-04-28 15:53:09 -------- d-----w- C:\Program Files\Hitman Pro 3.5

2011-04-28 15:52:54 -------- d-----w- C:\PROGRA~3\Hitman Pro

2011-04-27 22:18:21 -------- d-----w- C:\Program Files (x86)\Eusing Free Registry Cleaner

2011-04-27 15:01:01 2870272 ----a-w- C:\Windows\explorer.exe

2011-04-27 15:01:01 2614784 ----a-w- C:\Windows\SysWow64\explorer.exe

2011-04-26 18:34:58 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-04-26 18:34:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-04-25 22:23:33 -------- d-----w- C:\Users\kbalanis\AppData\Local\Wave Systems Corp

2011-04-25 18:08:39 -------- d-----w- C:\Users\kbalanis\AppData\Roaming\IObit

2011-04-25 17:59:16 8802128 ------w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll

2011-04-25 17:25:23 -------- d-----w- C:\Users\kbalanis\AppData\Roaming\ParetoLogic

2011-04-25 17:25:23 -------- d-----w- C:\Users\kbalanis\AppData\Roaming\DriverCure

2011-04-25 17:25:12 -------- d-----w- C:\PROGRA~3\ParetoLogic

2011-04-22 00:24:03 -------- d-----w- C:\Users\kbalanis\AppData\Roaming\Malwarebytes

2011-04-22 00:23:59 -------- d-----w- C:\PROGRA~3\Malwarebytes

2011-04-22 00:23:56 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-04-20 23:50:20 -------- d-----w- C:\Users\kbalanis\AppData\Local\{FC297FF4-13DE-493F-A0FB-D9B79D83B1CD}

2011-04-19 14:22:37 8802128 ------w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{ACE488A6-8877-4AD8-AFE8-100C60025AD1}\mpengine.dll

2011-04-15 23:55:32 -------- d-----w- C:\Users\kbalanis\AppData\Local\{B916030E-4E6C-4C9D-8A9E-12C87CF716D6}

2011-04-15 23:53:54 56832 ----a-w- C:\Windows\SysWow64\Iyvu9_32.dll

2011-04-15 23:53:54 391168 ----a-w- C:\Windows\SysWow64\i263_32.drv

2011-04-15 23:53:54 27648 ----a-w- C:\Windows\SysWow64\ir50_lcs.dll

2011-04-15 23:53:54 143872 ----a-w- C:\Windows\SysWow64\iacenc.dll

2011-04-15 23:53:40 305152 ----a-w- C:\Windows\IsUninst.exe

2011-04-15 23:02:48 175616 ----a-w- C:\Windows\SysWow64\unrar.dll

2011-04-15 22:57:18 737072 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2011-04-15 22:56:46 4283672 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2011-04-15 22:56:18 42776 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2011-04-15 22:56:10 539968 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-04-15 22:56:10 -------- d-----w- C:\Users\kbalanis\AppData\Local\{AF809551-663D-4FCB-B7F2-3963393B2015}

2011-04-15 18:42:19 -------- d-----w- C:\Users\kbalanis\AppData\Local\{C8CB5FA3-EB69-4EE6-A995-8708C862B5C8}

2011-04-15 18:41:56 -------- d-----w- C:\Users\kbalanis\AppData\Local\{EB6F81BC-E876-4A38-9B41-F12103101298}

2011-04-15 16:30:05 -------- d-----w- C:\Users\kbalanis\AppData\Local\{86C5F188-1C3C-4E2D-B30A-EE32C33D0F2E}

2011-04-15 16:04:00 -------- d-----w- C:\Users\kbalanis\AppData\Local\{3A9D6DA1-5646-4B8B-B389-9D6A0E8A5F9C}

2011-04-14 20:57:52 -------- d-----w- C:\Users\kbalanis\AppData\Local\{0622E935-683C-45F8-B81C-17261BE92DBC}

2011-04-14 20:55:26 -------- d-----w- C:\Users\kbalanis\AppData\Local\{F390F25A-942B-4075-B28E-E1278A487295}

2011-04-14 20:53:58 -------- d-----w- C:\Users\kbalanis\AppData\Local\{8F67EFFB-85FA-4636-8D08-0FF915FC6EA6}

2011-04-14 20:52:29 -------- d-----w- C:\Users\kbalanis\AppData\Local\{06BD9DBF-CDEE-49EA-8CCE-3529EFA00C6C}

2011-04-14 20:51:22 -------- d-----w- C:\Users\kbalanis\AppData\Local\{6D6682A6-35A9-40EF-9C8B-87F116457AF3}

2011-04-14 20:50:28 -------- d-----w- C:\Users\kbalanis\AppData\Local\{BAC6BC2D-E3F6-4067-9E88-B90CD31914CB}

2011-04-11 14:51:27 -------- d-----w- C:\CTS

2011-03-31 00:17:00 118352 ----a-w- C:\Windows\System32\drivers\AVGIDSDriver.sys

.

==================== Find3M ====================

.

2011-04-16 18:45:29 848 --sha-w- C:\Windows\SysWow64\KGyGaAvL.sys

2011-03-12 12:03:46 662528 ----a-w- C:\Windows\System32\XpsPrint.dll

2011-03-12 11:31:58 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2011-03-11 06:23:13 187264 ----a-w- C:\Windows\System32\drivers\storport.sys

2011-03-11 06:23:06 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys

2011-03-11 06:23:06 1657216 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2011-03-11 06:23:06 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys

2011-03-11 06:23:00 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys

2011-03-11 06:22:41 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys

2011-03-11 06:22:40 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys

2011-03-11 06:19:26 1395712 ----a-w- C:\Windows\System32\mfc42.dll

2011-03-11 06:19:26 1359872 ----a-w- C:\Windows\System32\mfc42u.dll

2011-03-11 06:18:20 2566144 ----a-w- C:\Windows\System32\esent.dll

2011-03-11 06:15:54 96768 ----a-w- C:\Windows\System32\fsutil.exe

2011-03-11 05:40:24 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll

2011-03-11 05:40:24 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll

2011-03-11 05:39:35 1686016 ----a-w- C:\Windows\SysWow64\esent.dll

2011-03-11 05:37:34 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe

2011-03-08 06:14:30 976896 ----a-w- C:\Windows\System32\inetcomm.dll

2011-03-08 05:38:13 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll

2011-03-04 06:17:25 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2011-03-04 06:17:24 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2011-03-03 06:17:10 182272 ----a-w- C:\Windows\System32\dnsrslvr.dll

2011-03-03 06:14:38 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe

2011-03-03 05:27:30 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe

2011-03-03 03:58:32 3133440 ----a-w- C:\Windows\System32\win32k.sys

2011-03-01 21:25:18 41552 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys

2011-02-24 06:30:00 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2011-02-24 06:29:15 1197056 ----a-w- C:\Windows\System32\wininet.dll

2011-02-24 06:24:57 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2011-02-24 05:32:52 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2011-02-24 05:32:44 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-02-24 05:30:16 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2011-02-24 05:05:13 482816 ----a-w- C:\Windows\System32\html.iec

2011-02-24 04:24:04 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-02-24 04:23:48 386048 ----a-w- C:\Windows\SysWow64\html.iec

2011-02-24 03:50:26 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-02-23 05:16:28 461312 ----a-w- C:\Windows\System32\drivers\srv.sys

2011-02-23 05:16:01 401920 ----a-w- C:\Windows\System32\drivers\srv2.sys

2011-02-23 05:15:50 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2011-02-23 05:15:27 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys

2011-02-23 05:15:14 286720 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-02-23 05:15:13 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys

2011-02-23 05:15:06 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys

2011-02-22 15:12:46 26704 ----a-w- C:\Windows\System32\drivers\AVGIDSEH.sys

2011-02-19 06:37:44 1135104 ----a-w- C:\Windows\System32\FntCache.dll

2011-02-19 06:37:10 1540608 ----a-w- C:\Windows\System32\DWrite.dll

2011-02-19 06:36:49 902656 ----a-w- C:\Windows\System32\d2d1.dll

2011-02-19 06:36:13 46080 ----a-w- C:\Windows\System32\atmlib.dll

2011-02-19 05:32:48 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll

2011-02-19 05:32:35 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2011-02-19 05:32:08 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2011-02-19 04:13:39 367104 ----a-w- C:\Windows\System32\atmfd.dll

2011-02-19 03:37:02 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll

2011-02-18 06:37:05 612352 ----a-w- C:\Windows\System32\vbscript.dll

2011-02-18 06:33:50 31232 ----a-w- C:\Windows\System32\prevhost.exe

2011-02-18 05:36:26 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll

2011-02-18 05:33:29 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe

2011-02-12 06:14:41 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe

2011-02-10 14:53:58 376400 ----a-w- C:\Windows\System32\drivers\avgtdia.sys

2011-02-10 14:53:34 29264 ----a-w- C:\Windows\System32\drivers\AVGIDSFilter.sys

2011-02-05 12:41:43 556928 ----a-w- C:\Windows\System32\winresume.efi

2011-02-05 12:41:35 640896 ----a-w- C:\Windows\System32\winload.efi

2011-02-05 12:41:24 20352 ----a-w- C:\Windows\System32\kdusb.dll

2011-02-05 12:41:24 19328 ----a-w- C:\Windows\System32\kd1394.dll

2011-02-05 12:41:23 17792 ----a-w- C:\Windows\System32\kdcom.dll

2011-02-05 12:39:21 603976 ----a-w- C:\Windows\System32\winload.exe

2011-02-05 12:39:21 518160 ----a-w- C:\Windows\System32\winresume.exe

2011-02-03 04:40:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

.

============= FINISH: 14:48:47.06 ===============

As stated above, the GMER program didn't detect anything wrong so there is no log file for that so I've attached the attach.zip file which only contains the attach.txt file from the DDS program.Attach.zip

Link to post
Share on other sites

  • Staff

Hi,

I notice that you are using more than one antivirus program (McAfee and AVG). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program.

Restart your computer and see if the Windows Defender error persists.

Link to post
Share on other sites

Hi,

I notice that you are using more than one antivirus program (McAfee and AVG). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program.

Restart your computer and see if the Windows Defender error persists.

I won't be able to get rid of the McAfee since it's a work computer and it needs to be on it, but I will get rid of AVG. I only installed AVG after the issue with Defender not working since I didn't feel like I had enough security since it wasn't working. But I'll get rid of AVG anyway, then reboot. I'll let you know if Defender works after that but I'm pretty sure it won't.

Link to post
Share on other sites

So I uninstalled AVG, then rebooted, it still doesn't work and I get the same error code. I did some online searching about the error and found that I can start the Defender process through the services.msc file. I tried that but the Defender process wasn't even there FOR me to start so I don't know what else to do.

Link to post
Share on other sites

Here's the ComboFix log:

ComboFix 11-05-04.04 - kbalanis 05/05/2011 8:24.2.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8190.6548 [GMT -7:00]

Running from: c:\users\kbalanis\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Resident AV is active

.

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\kbalanis\XobniSetup.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-04-05 to 2011-05-05 )))))))))))))))))))))))))))))))

.

.

2011-05-05 15:31 . 2011-05-05 15:31 -------- d-----w- c:\users\Keith Balanis\AppData\Local\temp

2011-05-05 15:31 . 2011-05-05 15:31 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-05-04 23:44 . 2011-05-04 23:44 -------- d-----w- c:\windows\system32\SPReview

2011-05-04 23:42 . 2011-05-04 23:42 -------- d-----w- c:\windows\system32\EventProviders

2011-05-04 23:37 . 2010-11-20 13:34 363392 ----a-w- c:\windows\system32\drivers\volmgrx.sys

2011-05-04 23:36 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll

2011-05-04 23:36 . 2010-11-20 12:17 209920 ----a-w- c:\windows\SysWow64\PkgMgr.exe

2011-05-04 23:36 . 2010-11-20 12:18 323072 ----a-w- c:\windows\SysWow64\drvstore.dll

2011-05-04 23:36 . 2010-11-20 12:18 257024 ----a-w- c:\windows\SysWow64\dpx.dll

2011-05-04 23:36 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll

2011-05-04 23:36 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll

2011-05-04 23:34 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll

2011-05-04 23:34 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll

2011-05-04 23:34 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll

2011-05-04 23:34 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll

2011-05-04 23:34 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe

2011-05-04 23:33 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll

2011-05-04 23:33 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll

2011-05-04 23:02 . 2011-05-04 23:16 -------- d-----w- C:\8bd29fcf06f28268469d6a56

2011-05-03 00:11 . 2011-05-03 00:11 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-05-03 00:04 . 2011-05-03 00:04 -------- d-----w- c:\users\kbalanis\AppData\Local\TuneUpMedic

2011-04-29 16:11 . 2011-04-29 16:11 -------- d-----w- c:\program files (x86)\Xobni

2011-04-29 16:10 . 2011-04-29 16:10 -------- d-----w- c:\users\kbalanis\AppData\Roaming\AVG10

2011-04-29 16:05 . 2011-04-29 16:05 -------- d--h--w- c:\programdata\Common Files

2011-04-29 16:04 . 2011-05-02 17:03 -------- d-----w- c:\programdata\AVG10

2011-04-29 16:04 . 2011-04-29 16:04 -------- d-----w- c:\program files (x86)\AVG

2011-04-29 15:57 . 2011-05-02 17:02 -------- d-----w- c:\programdata\MFAData

2011-04-28 19:26 . 2011-04-28 19:26 -------- d-----w- c:\users\kbalanis\AppData\Local\Threat Expert

2011-04-28 18:06 . 2011-04-28 18:06 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files

2011-04-28 15:53 . 2011-04-28 16:47 19528 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-04-28 15:53 . 2011-04-28 15:53 -------- d-----w- c:\program files\Hitman Pro 3.5

2011-04-28 15:52 . 2011-04-28 15:52 -------- d-----w- c:\programdata\Hitman Pro

2011-04-27 22:18 . 2011-04-29 00:08 -------- d-----w- c:\program files (x86)\Eusing Free Registry Cleaner

2011-04-27 15:01 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe

2011-04-27 15:01 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\SysWow64\explorer.exe

2011-04-26 18:34 . 2011-05-02 23:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-04-25 22:23 . 2011-04-25 22:23 -------- d-----w- c:\users\kbalanis\AppData\Local\Wave Systems Corp

2011-04-25 22:22 . 2011-04-25 22:22 -------- d-----w- c:\program files (x86)\Common Files\Java

2011-04-25 18:08 . 2011-04-25 18:08 -------- d-----w- c:\users\kbalanis\AppData\Roaming\IObit

2011-04-25 17:25 . 2011-04-25 17:25 -------- d-----w- c:\users\kbalanis\AppData\Roaming\ParetoLogic

2011-04-25 17:25 . 2011-04-25 17:25 -------- d-----w- c:\users\kbalanis\AppData\Roaming\DriverCure

2011-04-25 17:25 . 2011-04-26 17:58 -------- d-----w- c:\programdata\ParetoLogic

2011-04-22 00:24 . 2011-04-22 00:24 -------- d-----w- c:\users\kbalanis\AppData\Roaming\Malwarebytes

2011-04-22 00:23 . 2011-04-22 00:23 -------- d-----w- c:\programdata\Malwarebytes

2011-04-22 00:23 . 2010-12-21 01:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-20 23:50 . 2011-04-20 23:50 -------- d-----w- c:\users\kbalanis\AppData\Local\{FC297FF4-13DE-493F-A0FB-D9B79D83B1CD}

2011-04-19 14:22 . 2011-04-11 08:21 8802128 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ACE488A6-8877-4AD8-AFE8-100C60025AD1}\mpengine.dll

2011-04-15 23:55 . 2011-04-15 23:55 -------- d-----w- c:\users\kbalanis\AppData\Local\{B916030E-4E6C-4C9D-8A9E-12C87CF716D6}

2011-04-15 23:53 . 1998-02-13 21:30 143872 ----a-w- c:\windows\SysWow64\iacenc.dll

2011-04-15 23:53 . 1997-11-06 19:53 27648 ----a-w- c:\windows\SysWow64\ir50_lcs.dll

2011-04-15 23:53 . 1997-08-27 16:53 391168 ----a-w- c:\windows\SysWow64\i263_32.drv

2011-04-15 23:53 . 1997-06-13 15:56 56832 ----a-w- c:\windows\SysWow64\Iyvu9_32.dll

2011-04-15 23:53 . 1998-07-30 19:51 305152 ----a-w- c:\windows\IsUninst.exe

2011-04-15 23:04 . 2011-04-15 23:04 -------- d-----w- c:\users\kbalanis\AppData\Roaming\Media Player Classic

2011-04-15 23:02 . 2011-03-02 10:43 175616 ----a-w- c:\windows\SysWow64\unrar.dll

2011-04-15 22:57 . 2011-04-15 22:57 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2011-04-15 22:56 . 2011-04-15 22:56 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2011-04-15 22:56 . 2011-04-15 22:56 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2011-04-15 22:56 . 2011-04-15 22:56 -------- d-----w- c:\users\kbalanis\AppData\Local\{AF809551-663D-4FCB-B7F2-3963393B2015}

2011-04-15 22:56 . 2011-04-15 22:56 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-04-15 18:42 . 2011-04-15 18:42 -------- d-----w- c:\users\kbalanis\AppData\Local\{C8CB5FA3-EB69-4EE6-A995-8708C862B5C8}

2011-04-15 18:41 . 2011-04-15 18:41 -------- d-----w- c:\users\kbalanis\AppData\Local\{EB6F81BC-E876-4A38-9B41-F12103101298}

2011-04-15 16:30 . 2011-04-15 16:30 -------- d-----w- c:\users\kbalanis\AppData\Local\{86C5F188-1C3C-4E2D-B30A-EE32C33D0F2E}

2011-04-15 16:04 . 2011-04-15 16:04 -------- d-----w- c:\users\kbalanis\AppData\Local\{3A9D6DA1-5646-4B8B-B389-9D6A0E8A5F9C}

2011-04-14 20:57 . 2011-04-14 20:58 -------- d-----w- c:\users\kbalanis\AppData\Local\{0622E935-683C-45F8-B81C-17261BE92DBC}

2011-04-14 20:55 . 2011-04-14 20:55 -------- d-----w- c:\users\kbalanis\AppData\Local\{F390F25A-942B-4075-B28E-E1278A487295}

2011-04-14 20:53 . 2011-04-14 20:54 -------- d-----w- c:\users\kbalanis\AppData\Local\{8F67EFFB-85FA-4636-8D08-0FF915FC6EA6}

2011-04-14 20:52 . 2011-04-14 20:52 -------- d-----w- c:\users\kbalanis\AppData\Local\{06BD9DBF-CDEE-49EA-8CCE-3529EFA00C6C}

2011-04-14 20:51 . 2011-04-14 20:51 -------- d-----w- c:\users\kbalanis\AppData\Local\{6D6682A6-35A9-40EF-9C8B-87F116457AF3}

2011-04-14 20:50 . 2011-04-14 20:50 -------- d-----w- c:\users\kbalanis\AppData\Local\{BAC6BC2D-E3F6-4067-9E88-B90CD31914CB}

2011-04-13 15:01 . 2011-03-03 06:24 183296 ----a-w- c:\windows\system32\dnsrslvr.dll

2011-04-11 14:51 . 2011-04-11 14:51 -------- d-----w- C:\CTS

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-04 23:50 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2011-05-04 23:50 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2011-03-16 14:52 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-03-04 06:19 . 2011-04-27 15:00 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2011-03-04 06:19 . 2011-04-27 15:00 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2011-02-19 12:05 . 2011-03-09 15:03 1139200 ----a-w- c:\windows\system32\FntCache.dll

2011-02-19 12:04 . 2011-03-09 15:03 1544192 ----a-w- c:\windows\system32\DWrite.dll

2011-02-19 12:04 . 2011-03-09 15:03 902656 ----a-w- c:\windows\system32\d2d1.dll

2011-02-19 06:30 . 2011-03-09 15:03 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll

2011-02-19 06:30 . 2011-03-09 15:03 739840 ----a-w- c:\windows\SysWow64\d2d1.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-04-23 1314816]

"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]

"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2009-01-16 136512]

"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-04-30 124240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]

"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-11-04 611712]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AutoCAD Startup Accelerator.lnk - c:\program files (x86)\Common Files\Autodesk Shared\acstart16.exe [2005-3-5 10872]

Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2010-2-8 1416560]

TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2010-3-29 185192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]

@="Service"

.

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-01-04 1436424]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 w4shwdrv;w4shwdrv;c:\users\kbalanis\AppData\Local\Temp\w4s266A.tmp [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2010-02-08 515952]

S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2009-04-30 19720]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]

S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-10-27 6807656]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]

@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"

[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]

2010-03-29 18:00 60784 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]

@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"

[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]

2010-03-29 18:00 60784 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-12-03 1712232]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]

"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-11-02 657920]

"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-06-22 34232]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\system32\blank.htm

uInternet Settings,ProxyOverride = *.local

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\w4shwdrv]

"ImagePath"="\??\c:\users\kbalanis\AppData\Local\Temp\w4s266A.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1369809732-1291637309-727275192-1616\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-1369809732-1291637309-727275192-1616\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-05-05 08:34:11

ComboFix-quarantined-files.txt 2011-05-05 15:34

.

Pre-Run: 256,822,259,712 bytes free

Post-Run: 256,571,719,680 bytes free

.

- - End Of File - - 0703D1EB62ED721CE00D5E5DEE8C7FFF

Even though I have ScripScan disabled in McAfee I couldn't get the DDS file to work. I got it to work last time though, I don't get it.

Link to post
Share on other sites

Attach.txtI was able to get the DDS.scr file to work. Here is the DDS.txt log:

.

DDS (Ver_11-03-05.01) - NTFS_AMD64

Run by kbalanis at 9:50:50.63 on Thu 05/05/2011

Internet Explorer: 8.0.7601.17514

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8190.5819 [GMT -7:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe

C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe

C:\Windows\system32\mfevtps.exe

C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe

C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe

C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe

C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe

C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Dell\Dell ControlPoint\System Manager\PanelHelper32.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 7\PSP.EXE

C:\Windows\splwow64.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\kbalanis\Desktop\dds.com

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Trend Micro NSC BHO: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - TmIEPlugInBHO Class

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

mRun: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe

mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

mRun: [shStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTOCA~1.LNK - C:\Program Files (x86)\Common Files\Autodesk Shared\acstart16.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLCO~1.LNK - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TDMNOT~1.LNK - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll

BHO-X64: Trend Micro NSC BHO - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

mRun-x64: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install

mRun-x64: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe

mRun-x64: [DellControlPoint] "c:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe"

mRun-x64: [uSCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-10-15 466944]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-10-12 55280]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

R2 dcpsysmgrsvc;Dell ControlPoint System Manager;C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2010-2-8 515952]

R2 McAfeeEngineService;McAfee Engine Service;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2009-4-29 19720]

R2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2009-1-16 103744]

R2 McShield;McAfee McShield;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe [2009-4-29 176872]

R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [2009-4-29 62800]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2010-10-15 78992]

R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-10-27 6807656]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-10-15 120096]

S2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-1-4 1436424]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2010-10-15 76696]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-4 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-15 1255736]

.

=============== File Associations ===============

.

.scr=AutoCADScriptFile

.

=============== Created Last 30 ================

.

2011-05-05 16:37:32 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-05-05 15:34:35 -------- d-sh--w- C:\$RECYCLE.BIN

2011-05-05 15:22:54 -------- d-----w- C:\ComboFix

2011-05-04 23:44:02 -------- d-----w- C:\Windows\System32\SPReview

2011-05-04 23:42:19 -------- d-----w- C:\Windows\System32\EventProviders

2011-05-04 23:37:59 905216 ----a-w- C:\Windows\SysWow64\mmsys.cpl

2011-05-04 23:36:47 209920 ----a-w- C:\Windows\SysWow64\PkgMgr.exe

2011-05-04 23:36:47 189952 ----a-w- C:\Windows\SysWow64\wdscore.dll

2011-05-04 23:36:31 323072 ----a-w- C:\Windows\SysWow64\drvstore.dll

2011-05-04 23:36:31 257024 ----a-w- C:\Windows\SysWow64\dpx.dll

2011-05-04 23:36:24 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll

2011-05-04 23:36:24 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll

2011-05-04 23:34:41 529408 ----a-w- C:\Windows\System32\wbemcomn.dll

2011-05-04 23:34:41 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll

2011-05-04 23:34:41 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll

2011-05-04 23:34:29 933376 ----a-w- C:\Windows\System32\SmiEngine.dll

2011-05-04 23:34:21 199168 ----a-w- C:\Windows\System32\PkgMgr.exe

2011-05-04 23:33:48 422912 ----a-w- C:\Windows\System32\drvstore.dll

2011-05-04 23:33:47 399872 ----a-w- C:\Windows\System32\dpx.dll

2011-05-04 23:02:09 -------- d-----w- C:\8bd29fcf06f28268469d6a56

2011-05-03 00:11:07 -------- d-----w- C:\PROGRA~3\SUPERAntiSpyware.com

2011-05-03 00:04:56 -------- d-----w- C:\Users\kbalanis\AppData\Local\TuneUpMedic

2011-04-29 16:10:54 -------- d-----w- C:\Users\kbalanis\AppData\Roaming\AVG10

2011-04-29 16:05:36 -------- d--h--w- C:\PROGRA~3\Common Files

2011-04-29 16:04:57 -------- d-----w- C:\PROGRA~3\AVG10

2011-04-29 16:04:24 -------- d-----w- C:\Program Files (x86)\AVG

2011-04-29 15:57:50 -------- d-----w- C:\PROGRA~3\MFAData

2011-04-28 19:26:12 -------- d-----w- C:\Users\kbalanis\AppData\Local\Threat Expert

2011-04-28 18:36:49 89088 ----a-w- C:\Windows\MBR.exe

2011-04-28 18:36:47 98816 ----a-w- C:\Windows\sed.exe

2011-04-28 18:36:47 256512 ----a-w- C:\Windows\PEV.exe

2011-04-28 18:36:47 161792 ----a-w- C:\Windows\SWREG.exe

2011-04-28 18:06:03 -------- d-----w- C:\PROGRA~3\Kaspersky Lab Setup Files

2011-04-28 15:53:11 19528 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys

2011-04-28 15:53:09 -------- d-----w- C:\Program Files\Hitman Pro 3.5

2011-04-28 15:52:54 -------- d-----w- C:\PROGRA~3\Hitman Pro

2011-04-27 15:01:01 2871808 ----a-w- C:\Windows\explorer.exe

2011-04-27 15:01:01 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe

2011-04-26 18:34:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-04-25 22:23:33 -------- d-----w- C:\Users\kbalanis\AppData\Local\Wave Systems Corp

2011-04-25 18:08:39 -------- d-----w- C:\Users\kbalanis\AppData\Roaming\IObit

2011-04-25 17:59:16 8802128 ------w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll

2011-04-25 17:25:23 -------- d-----w- C:\Users\kbalanis\AppData\Roaming\ParetoLogic

2011-04-25 17:25:23 -------- d-----w- C:\Users\kbalanis\AppData\Roaming\DriverCure

2011-04-25 17:25:12 -------- d-----w- C:\PROGRA~3\ParetoLogic

2011-04-22 00:24:03 -------- d-----w- C:\Users\kbalanis\AppData\Roaming\Malwarebytes

2011-04-22 00:23:59 -------- d-----w- C:\PROGRA~3\Malwarebytes

2011-04-22 00:23:56 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-04-20 23:50:20 -------- d-----w- C:\Users\kbalanis\AppData\Local\{FC297FF4-13DE-493F-A0FB-D9B79D83B1CD}

2011-04-19 14:22:37 8802128 ------w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{ACE488A6-8877-4AD8-AFE8-100C60025AD1}\mpengine.dll

2011-04-15 23:55:32 -------- d-----w- C:\Users\kbalanis\AppData\Local\{B916030E-4E6C-4C9D-8A9E-12C87CF716D6}

2011-04-15 23:53:54 56832 ----a-w- C:\Windows\SysWow64\Iyvu9_32.dll

2011-04-15 23:53:54 391168 ----a-w- C:\Windows\SysWow64\i263_32.drv

2011-04-15 23:53:54 27648 ----a-w- C:\Windows\SysWow64\ir50_lcs.dll

2011-04-15 23:53:54 143872 ----a-w- C:\Windows\SysWow64\iacenc.dll

2011-04-15 23:53:40 305152 ----a-w- C:\Windows\IsUninst.exe

2011-04-15 23:02:48 175616 ----a-w- C:\Windows\SysWow64\unrar.dll

2011-04-15 22:57:18 737072 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2011-04-15 22:56:46 4283672 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2011-04-15 22:56:18 42776 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2011-04-15 22:56:10 539968 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-04-15 22:56:10 -------- d-----w- C:\Users\kbalanis\AppData\Local\{AF809551-663D-4FCB-B7F2-3963393B2015}

2011-04-15 18:42:19 -------- d-----w- C:\Users\kbalanis\AppData\Local\{C8CB5FA3-EB69-4EE6-A995-8708C862B5C8}

2011-04-15 18:41:56 -------- d-----w- C:\Users\kbalanis\AppData\Local\{EB6F81BC-E876-4A38-9B41-F12103101298}

2011-04-15 16:30:05 -------- d-----w- C:\Users\kbalanis\AppData\Local\{86C5F188-1C3C-4E2D-B30A-EE32C33D0F2E}

2011-04-15 16:04:00 -------- d-----w- C:\Users\kbalanis\AppData\Local\{3A9D6DA1-5646-4B8B-B389-9D6A0E8A5F9C}

2011-04-14 20:57:52 -------- d-----w- C:\Users\kbalanis\AppData\Local\{0622E935-683C-45F8-B81C-17261BE92DBC}

2011-04-14 20:55:26 -------- d-----w- C:\Users\kbalanis\AppData\Local\{F390F25A-942B-4075-B28E-E1278A487295}

2011-04-14 20:53:58 -------- d-----w- C:\Users\kbalanis\AppData\Local\{8F67EFFB-85FA-4636-8D08-0FF915FC6EA6}

2011-04-14 20:52:29 -------- d-----w- C:\Users\kbalanis\AppData\Local\{06BD9DBF-CDEE-49EA-8CCE-3529EFA00C6C}

2011-04-14 20:51:22 -------- d-----w- C:\Users\kbalanis\AppData\Local\{6D6682A6-35A9-40EF-9C8B-87F116457AF3}

2011-04-14 20:50:28 -------- d-----w- C:\Users\kbalanis\AppData\Local\{BAC6BC2D-E3F6-4067-9E88-B90CD31914CB}

2011-04-11 14:51:27 -------- d-----w- C:\CTS

.

==================== Find3M ====================

.

2011-05-04 23:50:42 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2011-05-04 23:50:41 175616 ----a-w- C:\Windows\System32\msclmd.dll

2011-04-16 18:45:29 848 --sha-w- C:\Windows\SysWow64\KGyGaAvL.sys

2011-03-12 12:08:49 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll

2011-03-12 11:23:45 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2011-03-11 06:41:37 189824 ----a-w- C:\Windows\System32\drivers\storport.sys

2011-03-11 06:41:34 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys

2011-03-11 06:41:34 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2011-03-11 06:41:34 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys

2011-03-11 06:41:26 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys

2011-03-11 06:41:12 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys

2011-03-11 06:41:12 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys

2011-03-11 06:34:51 1359872 ----a-w- C:\Windows\System32\mfc42u.dll

2011-03-11 06:34:50 1395712 ----a-w- C:\Windows\System32\mfc42.dll

2011-03-11 06:33:29 2565632 ----a-w- C:\Windows\System32\esent.dll

2011-03-11 06:30:28 96768 ----a-w- C:\Windows\System32\fsutil.exe

2011-03-11 05:33:59 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll

2011-03-11 05:33:59 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll

2011-03-11 05:33:09 1699328 ----a-w- C:\Windows\SysWow64\esent.dll

2011-03-11 05:31:07 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe

2011-03-08 06:29:32 976896 ----a-w- C:\Windows\System32\inetcomm.dll

2011-03-08 05:28:29 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll

2011-03-07 06:31:44 1188864 ----a-w- C:\Windows\System32\wininet.dll

2011-03-07 05:33:13 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-03-07 04:24:34 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-03-07 03:52:25 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-03-04 06:19:28 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2011-03-04 06:19:27 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2011-03-03 06:24:16 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll

2011-03-03 06:21:57 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe

2011-03-03 05:36:16 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe

2011-03-03 03:52:08 3135488 ----a-w- C:\Windows\System32\win32k.sys

2011-02-24 06:15:44 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2011-02-24 05:38:54 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2011-02-23 04:56:31 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys

2011-02-23 04:56:27 467456 ----a-w- C:\Windows\System32\drivers\srv.sys

2011-02-23 04:56:03 411648 ----a-w- C:\Windows\System32\drivers\srv2.sys

2011-02-23 04:55:47 167936 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2011-02-23 04:55:12 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-02-23 04:55:12 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys

2011-02-23 04:55:04 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys

2011-02-19 12:05:15 1139200 ----a-w- C:\Windows\System32\FntCache.dll

2011-02-19 12:04:37 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2011-02-19 12:04:17 902656 ----a-w- C:\Windows\System32\d2d1.dll

2011-02-19 12:03:46 46080 ----a-w- C:\Windows\System32\atmlib.dll

2011-02-19 09:00:32 367616 ----a-w- C:\Windows\System32\atmfd.dll

2011-02-19 06:30:51 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll

2011-02-19 06:30:50 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2011-02-19 06:30:46 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2011-02-19 04:34:54 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll

2011-02-18 10:56:44 613376 ----a-w- C:\Windows\System32\vbscript.dll

2011-02-18 10:51:16 31232 ----a-w- C:\Windows\System32\prevhost.exe

2011-02-18 05:43:28 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll

2011-02-18 05:39:44 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe

2011-02-12 11:34:16 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe

2011-02-05 17:10:16 642944 ----a-w- C:\Windows\System32\winload.efi

2011-02-05 17:10:08 20352 ----a-w- C:\Windows\System32\kdusb.dll

2011-02-05 17:10:08 19328 ----a-w- C:\Windows\System32\kd1394.dll

2011-02-05 17:10:08 17792 ----a-w- C:\Windows\System32\kdcom.dll

2011-02-05 17:06:41 605552 ----a-w- C:\Windows\System32\winload.exe

2011-02-05 17:06:41 566208 ----a-w- C:\Windows\System32\winresume.efi

2011-02-05 17:06:41 518672 ----a-w- C:\Windows\System32\winresume.exe

.

============= FINISH: 9:51:35.28 ===============

I've also attached the attach.txt log to this post.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.