Jump to content

Browser search redirect


Recommended Posts

I have a Win 7 Ultimate PC with a very stubborn browser search redirect problem.

I get this symptom with both google search and yahoo search, on all my browsers (Firefox 7.01, IE 9.0.3, Chrome 15.0.874.106).

With google search, I get redirects of the form, e.g.: www.google.com/go?22619488. With yahoo, I get a wide variety of redirects, e.g.: hxxp://shop6-1.forless.com.

So far I've tried, to no avail: MalwareBytes, GMER, Kaspersky TDSSKiller, Sophos Anti-Rootkit, Hitman Pro, SpyBot, McAfee Stinger. I'm tapped out.

Any guidance is much appreciated!

DDS.txt and Attach.txt output below.

********************************************************

DDS.txt

********************************************************

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by gage at 21:05:53 on 2011-10-27

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2047.946 [GMT -4:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\rundll32.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Windows Home Server\esClient.exe

C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe

C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe

C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Windows Home Server\WHSConnector.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\System32\rundll32.exe

C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe

C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\notepad.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy 2\SDHelper.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: BrowserHelper Class: {9a065c65-4ee7-4ddd-9918-f129089a894a} - c:\program files\windows home server\WHSDeskBands.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Home Server Banner: {d73e76a3-f902-45bd-8fc8-95ae8e014671} - c:\program files\windows home server\WHSDeskBands.dll

TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [sDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"

mRun: [spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean

dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

dRun: [volmgr] c:\windows\system32\config\systemprofile\appdata\local\volmgr.exe

dRun: [Hewlett-Packard Update] rundll32 "c:\windows\system32\config\systemprofile\appdata\local\microsoft\microsoftupdate\Microsoftupdt32.DLL",DllRegisterServer

dRun: [JavaSoft Update] rundll32 "c:\windows\temp\update\Updateupdt32.DLL",DllRegisterServer

mExplorerRun: [bYBUFDEV] rundll32 "c:\windows\system32\snmpapi6.dll",Yrkwfl

StartupFolder: c:\users\gage\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\gage\appdata\roaming\dropbox\bin\Dropbox.exe

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB

DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 66.133.170.2 66.133.150.12

TCP: Interfaces\{74A2BC33-ADCB-4ECC-9354-D0E01E316D76} : DhcpNameServer = 66.133.170.2 66.133.150.12

TCP: Interfaces\{74A2BC33-ADCB-4ECC-9354-D0E01E316D76}\6416374756374705F494 : DhcpNameServer = 24.92.226.40 24.92.226.41

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: SDWinLogon - SDWinLogon.dll

Hosts: 127.0.0.1 www.spywareinfo.com

Hosts: 94.63.240.133 www.google.com

Hosts: 94.63.240.134 www.bing.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\gage\appdata\roaming\mozilla\firefox\profiles\ygexxtpd.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll

FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll

FF - plugin: c:\users\gage\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]

R1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files\spybot - search & destroy 2\SDHookDrv32.sys [2011-10-21 38504]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]

R2 esClient;Windows Media Center Client Service;c:\program files\windows home server\esClient.exe [2009-4-20 94064]

R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nvPDsvc.exe [2008-12-11 3575808]

R2 SDHookService;Spybot S&D 2 Live Protection Service;c:\program files\spybot - search & destroy 2\SDHookSvc.exe [2011-10-21 130976]

R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2011-10-21 892336]

R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2011-10-21 955816]

R2 WHSConnector;Windows Home Server Connector Service;c:\program files\windows home server\WHSConnector.exe [2009-4-20 335728]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2006-9-14 88192]

R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]

R3 VSTHWICH;VSTHWICH;c:\windows\system32\drivers\VSTICH3.SYS [2009-7-13 242176]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-28 136176]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-3-7 1153368]

S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2011-10-21 169624]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-28 136176]

S3 HKOJLGLAVH;HKOJLGLAVH;c:\users\gage\appdata\local\temp\hkojlglavh.exe --> c:\users\gage\appdata\local\temp\HKOJLGLAVH.exe [?]

S3 HSFDKMVIRSUCQZ;HSFDKMVIRSUCQZ;c:\users\gage\appdata\local\temp\hsfdkmvirsucqz.exe --> c:\users\gage\appdata\local\temp\HSFDKMVIRSUCQZ.exe [?]

S3 JLDVLIXQN;JLDVLIXQN;c:\users\gage\appdata\local\temp\jldvlixqn.exe --> c:\users\gage\appdata\local\temp\JLDVLIXQN.exe [?]

S3 Kinetic Books License Service;Kinetic Books License Service;c:\program files\common files\kinetic books shared\service\KineticBooksLicenseService.exe [2010-9-8 79360]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]

S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]

S3 RDPDISPM;RDPDISPM;c:\windows\system32\drivers\rdpdispm.sys [2009-8-10 9040]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-5-7 15872]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-7 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-20 1343400]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2011-10-27 03:34:36 -------- d-----w- c:\program files\Sophos

2011-10-25 02:37:35 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-10-25 02:37:34 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll

2011-10-25 02:37:34 773080 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll

2011-10-25 02:37:34 478168 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll

2011-10-25 02:37:34 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll

2011-10-25 02:37:34 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll

2011-10-25 02:37:34 1833944 ----a-w- c:\program files\mozilla firefox\mozjs.dll

2011-10-25 02:37:34 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll

2011-10-23 02:28:50 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-10-23 02:28:04 -------- d-----w- c:\programdata\Hitman Pro

2011-10-23 00:39:23 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll

2011-10-23 00:35:59 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-22 01:56:05 15224 ----a-w- c:\windows\system32\sdnclean.exe

2011-10-22 01:56:00 -------- d-----w- c:\program files\Spybot - Search & Destroy 2

2011-10-19 22:56:21 -------- d-----w- C:\VQms1vXc60qEwkg

2011-10-19 02:31:57 69120 --sha-r- c:\windows\system32\snmpapi6.dll

2011-10-19 02:15:44 -------- d-----w- c:\users\gage\appdata\roaming\Ykir

2011-10-19 02:15:44 -------- d-----w- c:\users\gage\appdata\roaming\Iwoqgo

2011-10-18 17:34:48 6668624 ---ha-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ed7a00d2-735d-4743-b650-fb8ac5b32ee1}\mpengine.dll

2011-10-13 21:38:58 75776 ----a-w- c:\windows\system32\psisrndr.ax

2011-10-13 21:38:58 465408 ----a-w- c:\windows\system32\psisdecd.dll

2011-10-13 21:38:55 233472 ----a-w- c:\windows\system32\oleacc.dll

2011-10-13 21:38:54 571904 ----a-w- c:\windows\system32\oleaut32.dll

2011-10-13 21:38:30 2334720 ----a-w- c:\windows\system32\win32k.sys

2011-10-11 16:30:30 703824 ---h--w- c:\programdata\microsoft\microsoft antimalware\definition updates\{fec263c8-6369-4dc5-8fac-9637b993729a}\gapaengine.dll

.

==================== Find3M ====================

.

2011-10-03 09:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll

2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 21:06:31.73 ===============

********************************************************

Attach.txt

********************************************************

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume2

Install Date: 8/10/2009 8:02:40 PM

System Uptime: 10/27/2011 1:48:54 PM (8 hours ago)

.

Motherboard: Dell Inc. | | 0D8006

Processor: Intel® Pentium® M processor 2.00GHz | Microprocessor | 2000/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 56 GiB total, 0.571 GiB free.

D: is CDROM (UDF)

E: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: MpKsl52420518

Device ID: ROOT\LEGACY_MPKSL52420518\0000

Manufacturer:

Name: MpKsl52420518

PNP Device ID: ROOT\LEGACY_MPKSL52420518\0000

Service: MpKsl52420518

.

==== System Restore Points ===================

.

RP267: 10/22/2011 2:36:17 PM - Scheduled Checkpoint

RP268: 10/22/2011 8:38:05 PM - Installed Java 6 Update 29

RP269: 10/22/2011 8:58:07 PM - Installed Adobe Reader X (10.1.0).

RP270: 10/22/2011 9:38:15 PM - Installed QuickTime

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

7-Zip 9.20

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.1)

Adobe Shockwave Player 11.6

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Bing Bar

Bing Bar Platform

Bonjour

C-Major Audio

CCleaner

Combat Arms

D3DX10

Dropbox

Garry's Mod

Google Chrome

Google Earth

Google Update Helper

HP MediaSmart Server

iTunes

J2SE Development Kit 5.0 Update 11

J2SE Runtime Environment 5.0 Update 11

Java Auto Updater

Java 6 Update 29

Java 6 Update 5

Junk Mail filter update

Killing Floor

Kinetic Books Licensing (Shared Components)

LG USB Modem driver

Malwarebytes' Anti-Malware version 1.51.2.1300

McAfee Security Scan Plus

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft Antimalware

Microsoft Application Error Reporting

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel 2007 Step by Step

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Search Enhancement Pack

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 7.0.1 (x86 en-US)

MSVCRT

Music Manager

NVIDIA Drivers

NVIDIA nView Desktop Manager

NVIDIA Performance Drivers

OGA Notifier 2.0.0048.0

Pando Media Booster

Pandora

Physics for Scientists and Engineers

Pokemon Online 1.0.00

QuickTime

REA's TESTware for SAT Latin

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2553074)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Excel 2007 (KB2553073)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2535818)

Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)

Security Update for Microsoft Office Publisher 2007 (KB2284697)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Shoddy Battle

Skype Toolbars

Skype™ 4.2

Sophos Anti-Rootkit 1.5.20

Spybot - Search & Destroy

Spybot - Search & Destroy 2

Steam

swMSM

Team Fortress 2

TeamSpeak 3 Client

Unreal Tournament 3

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Outlook 2007 (KB2583910)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Outlook 2007 Junk Email Filter (KB2596560)

Windows Home Server Connector

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live MIME IFilter

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

.

==== Event Viewer Messages From Past Week ========

.

10/27/2011 8:50:56 PM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: Access is denied.

10/27/2011 8:50:56 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: Access is denied.

10/27/2011 8:50:55 PM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80070005.

10/27/2011 5:48:03 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: After starting, the service hung in a start-pending state.

10/27/2011 5:47:55 PM, Error: Service Control Manager [7022] - The Peer Name Resolution Protocol service hung on starting.

10/26/2011 9:27:55 PM, Error: Microsoft-Windows-WMPNSS-Service [14346] - A new media server was not initialized because RegisterRunningDevice() encountered error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service.

10/26/2011 9:25:12 PM, Error: Service Control Manager [7003] - The Spybot-S&D 2 Security Center Service service depends the following service: wscsvc. This service might not be installed.

10/26/2011 9:25:10 PM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.

10/26/2011 9:25:07 PM, Error: Service Control Manager [7023] - The Offline Files service terminated with the following error: The system cannot find the path specified.

10/24/2011 9:52:57 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

10/24/2011 9:52:57 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

10/22/2011 3:52:25 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

10/22/2011 3:34:59 PM, Error: Service Control Manager [7030] - The HSFDKMVIRSUCQZ service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

10/22/2011 3:34:50 PM, Error: Service Control Manager [7030] - The JLDVLIXQN service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

10/22/2011 3:34:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

10/22/2011 3:34:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

10/22/2011 3:34:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

10/22/2011 3:34:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

10/22/2011 3:34:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

10/22/2011 3:34:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

10/22/2011 3:34:07 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss SDHookDriver spldr tdx vwififlt Wanarpv6 WfpLwf

10/22/2011 3:34:07 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

10/22/2011 3:34:07 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

10/22/2011 3:34:07 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

10/22/2011 3:34:07 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

10/22/2011 3:34:07 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

10/22/2011 3:34:07 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

10/22/2011 3:34:07 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

10/22/2011 3:34:07 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

10/22/2011 3:34:07 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

10/22/2011 3:34:07 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

10/22/2011 3:34:07 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

10/22/2011 3:30:56 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HKOJLGLAVH service to connect.

10/22/2011 3:30:56 PM, Error: Service Control Manager [7000] - The HKOJLGLAVH service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/22/2011 3:30:14 PM, Error: Service Control Manager [7030] - The HKOJLGLAVH service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

10/22/2011 11:16:35 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

10/22/2011 11:16:35 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/21/2011 11:50:42 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf

10/21/2011 11:47:18 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.

10/21/2011 11:44:17 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error: An instance of the service is already running.

10/21/2011 11:42:18 AM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s).

10/21/2011 11:42:18 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

10/21/2011 11:42:18 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

10/21/2011 11:42:18 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

10/21/2011 11:42:18 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

10/21/2011 11:42:18 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

10/21/2011 11:42:18 AM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

10/21/2011 11:42:17 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

10/21/2011 11:42:17 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

10/21/2011 11:42:17 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

10/21/2011 11:42:17 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

10/21/2011 11:42:17 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

10/21/2011 11:42:17 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

10/21/2011 10:50:55 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).

10/21/2011 10:50:55 AM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

10/21/2011 10:50:55 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

10/21/2011 10:50:55 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

10/21/2011 10:50:55 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

10/21/2011 10:50:55 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

10/21/2011 10:50:55 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

10/21/2011 10:50:55 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

10/21/2011 10:50:55 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

10/21/2011 10:50:55 AM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

10/21/2011 10:50:55 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

10/21/2011 10:50:55 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

10/21/2011 10:50:55 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

10/21/2011 10:50:55 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

10/21/2011 10:38:09 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.

10/21/2011 10:35:20 AM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.

10/21/2011 10:35:20 AM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.

10/20/2011 8:33:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

10/20/2011 7:46:27 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 3 time(s).

10/20/2011 7:46:27 PM, Error: Service Control Manager [7034] - The User Profile Service service terminated unexpectedly. It has done this 3 time(s).

10/20/2011 7:46:27 PM, Error: Service Control Manager [7034] - The Themes service terminated unexpectedly. It has done this 3 time(s).

10/20/2011 7:46:27 PM, Error: Service Control Manager [7034] - The Task Scheduler service terminated unexpectedly. It has done this 3 time(s).

10/20/2011 7:46:27 PM, Error: Service Control Manager [7034] - The System Event Notification Service service terminated unexpectedly. It has done this 3 time(s).

10/20/2011 7:46:27 PM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 3 time(s).

10/20/2011 7:46:27 PM, Error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 3 time(s).

10/20/2011 7:46:27 PM, Error: Service Control Manager [7034] - The IP Helper service terminated unexpectedly. It has done this 3 time(s).

10/20/2011 7:46:27 PM, Error: Service Control Manager [7034] - The Group Policy Client service terminated unexpectedly. It has done this 3 time(s).

10/20/2011 7:46:27 PM, Error: Service Control Manager [7034] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 3 time(s).

10/20/2011 7:46:27 PM, Error: Service Control Manager [7034] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 3 time(s).

10/20/2011 7:46:27 PM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 3 time(s).

10/20/2011 7:31:05 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

10/20/2011 5:24:28 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

10/20/2011 4:43:43 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Winmgmt service.

10/20/2011 3:39:29 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the gpsvc service.

10/20/2011 3:38:59 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.

10/20/2011 3:38:29 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.

10/20/2011 3:37:59 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.

10/20/2011 3:37:29 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RasMan service.

10/20/2011 11:42:47 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.

10/20/2011 11:42:47 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/20/2011 10:47:20 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

10/20/2011 10:46:50 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr Wanarpv6

.

==== End Of File ===========================

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

I followed the instructions, and had a few problems, noted below.

First, note one symptom I did not mention earlier. I have the standard Win 7 Microsoft Security Essentials install, but the Windows Defender is apparently disabled, and when I try to launch the control panel for that, it flashes briefly and then disappears. I'm speculating that whatever I'm infected with has disabled this.

When attempting to update MalwareBytes, I got a status dialog with title bar: "Updating MalwareBytes' Anti-Malware," and it appeared to download 6.95MB (100%), but then I got this error dialog:

An error has occurred. Please report this error code to our support team.

PROGRAM_ERROR_UPDATING(5, 0, CreateFile)

Access is denied.

Here's some info that might be relevant here. I verified that I had an active Internet connection. Also, I am running with admin privileges. Note that I'm not using a proxy server to download updates. Note also that I have SpyBot 2.0.6.0 (Build 20111005) installed, but I have LiveProtection off. Windows Defender is turned off, as I already mentioned.

My current database info for MalwareBytes is:

Date: 10/21/2011

Database version: 7993

Fingerprints loaded: 342982

I ran a quick scan on MalwareBytes anyway, without updating. I hadn't booted up the computer since I put up the first MalwareBytes forum posting. I got the "The scan completed successfully. No malicious items were detected." message. Log below.

Then I ran ComboFix. It detected Microsoft Security Essentials and warned me about this.

I then got a message dialog:

"Rootkit!!

ComboFix has detected the presence of rootkit activity and needs to reboot the machine."

ComboFix rebooted the machine, finished the scan and produced its log (see below).

I then tried to run DDS.scr, but wasn't able to. I got the following message:

"This file does not have a program associated with it for performing this action. Please install a program or, if one is already installed, create an association in the default programs control panel."

Current status: After going through the steps outlined above, the browser-redirect symptom seems to now be absent (at least w/ Firefox, which is the only browser I tried). However, I now have a number of security-related messages from Microsoft Security Essentials, which seems to be reactivated (it shows a tray icon, which was absent previously). Also, I still have the DDS-run-failure symptom. So, I'm not sure how "done" the repair is at this point.

I restarted the machine, and I get the same symptom trying to run DDS. I didn't try again to update MalwareBytes.

I've included the two logs below:

mbam-log-2011-11-01 (06-49-45).txt

log.txt (from ComboFix)

Please advise.

Thank you.

*****************************************************

mbam-log-2011-11-01 (06-49-45).txt

*****************************************************

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7993

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

11/1/2011 6:49:45 AM

mbam-log-2011-11-01 (06-49-45).txt

Scan type: Quick scan

Objects scanned: 164840

Time elapsed: 3 minute(s), 56 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

*****************************************************

log.txt (from ComboFix)

*****************************************************

ComboFix 11-11-01.02 - gage 11/01/2011 7:36.1.1 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2047.1539 [GMT -4:00]

Running from: c:\users\gage\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Cadat.Bin

c:\cadat.bin\F33F09F41066AAF

C:\install.exe

c:\users\gage\AppData\Local\{8D406AD3-86E0-4E1A-930C-D6D1802A3FC6}

c:\users\gage\AppData\Local\{8D406AD3-86E0-4E1A-930C-D6D1802A3FC6}\chrome.manifest

c:\users\gage\AppData\Local\{8D406AD3-86E0-4E1A-930C-D6D1802A3FC6}\chrome\content\overlay.xul

c:\users\gage\AppData\Local\{8D406AD3-86E0-4E1A-930C-D6D1802A3FC6}\install.rdf

c:\users\gage\AppData\Roaming\Mozilla\Firefox\Profiles\ygexxtpd.default\extensions\{3c785fed-6fdb-4f10-ad3a-d1d0435ff95f}

c:\users\gage\AppData\Roaming\Mozilla\Firefox\Profiles\ygexxtpd.default\extensions\{3c785fed-6fdb-4f10-ad3a-d1d0435ff95f}\chrome.manifest

c:\users\gage\AppData\Roaming\Mozilla\Firefox\Profiles\ygexxtpd.default\extensions\{3c785fed-6fdb-4f10-ad3a-d1d0435ff95f}\chrome\xulcache.jar

c:\users\gage\AppData\Roaming\Mozilla\Firefox\Profiles\ygexxtpd.default\extensions\{3c785fed-6fdb-4f10-ad3a-d1d0435ff95f}\defaults\preferences\xulcache.js

c:\users\gage\AppData\Roaming\Mozilla\Firefox\Profiles\ygexxtpd.default\extensions\{3c785fed-6fdb-4f10-ad3a-d1d0435ff95f}\install.rdf

c:\users\gage\AppData\Roaming\Mozilla\Firefox\Profiles\ygexxtpd.default\extensions\{43790598-f2ea-41e9-8249-ec3cc5865f4a}

c:\users\gage\AppData\Roaming\Mozilla\Firefox\Profiles\ygexxtpd.default\extensions\{43790598-f2ea-41e9-8249-ec3cc5865f4a}\chrome.manifest

c:\users\gage\AppData\Roaming\Mozilla\Firefox\Profiles\ygexxtpd.default\extensions\{43790598-f2ea-41e9-8249-ec3cc5865f4a}\chrome\xulcache.jar

c:\users\gage\AppData\Roaming\Mozilla\Firefox\Profiles\ygexxtpd.default\extensions\{43790598-f2ea-41e9-8249-ec3cc5865f4a}\defaults\preferences\xulcache.js

c:\users\gage\AppData\Roaming\Mozilla\Firefox\Profiles\ygexxtpd.default\extensions\{43790598-f2ea-41e9-8249-ec3cc5865f4a}\install.rdf

c:\users\gage\AppData\Roaming\Mozilla\Firefox\Profiles\ygexxtpd.default\extensions\{53c6971e-e449-4314-a0a2-a9fcbb8dad37}

c:\users\gage\AppData\Roaming\Mozilla\Firefox\Profiles\ygexxtpd.default\extensions\{53c6971e-e449-4314-a0a2-a9fcbb8dad37}\chrome.manifest

c:\users\gage\AppData\Roaming\Mozilla\Firefox\Profiles\ygexxtpd.default\extensions\{53c6971e-e449-4314-a0a2-a9fcbb8dad37}\chrome\xulcache.jar

c:\users\gage\AppData\Roaming\Mozilla\Firefox\Profiles\ygexxtpd.default\extensions\{53c6971e-e449-4314-a0a2-a9fcbb8dad37}\defaults\preferences\xulcache.js

c:\users\gage\AppData\Roaming\Mozilla\Firefox\Profiles\ygexxtpd.default\extensions\{53c6971e-e449-4314-a0a2-a9fcbb8dad37}\install.rdf

c:\users\gage\AppData\Roaming\Mozilla\Firefox\Profiles\ygexxtpd.default\extensions\{a0954b7a-d952-46f2-8d42-4780b961c246}

c:\users\gage\AppData\Roaming\Mozilla\Firefox\Profiles\ygexxtpd.default\extensions\{a0954b7a-d952-46f2-8d42-4780b961c246}\chrome.manifest

c:\users\gage\AppData\Roaming\Mozilla\Firefox\Profiles\ygexxtpd.default\extensions\{a0954b7a-d952-46f2-8d42-4780b961c246}\chrome\xulcache.jar

c:\users\gage\AppData\Roaming\Mozilla\Firefox\Profiles\ygexxtpd.default\extensions\{a0954b7a-d952-46f2-8d42-4780b961c246}\defaults\preferences\xulcache.js

c:\users\gage\AppData\Roaming\Mozilla\Firefox\Profiles\ygexxtpd.default\extensions\{a0954b7a-d952-46f2-8d42-4780b961c246}\install.rdf

c:\users\gage\AppData\Roaming\Mozilla\Firefox\Profiles\ygexxtpd.default\extensions\{bcb51568-1060-4801-9c85-b5d41b33160b}

c:\users\gage\AppData\Roaming\Mozilla\Firefox\Profiles\ygexxtpd.default\extensions\{bcb51568-1060-4801-9c85-b5d41b33160b}\chrome.manifest

c:\users\gage\AppData\Roaming\Mozilla\Firefox\Profiles\ygexxtpd.default\extensions\{bcb51568-1060-4801-9c85-b5d41b33160b}\chrome\xulcache.jar

c:\users\gage\AppData\Roaming\Mozilla\Firefox\Profiles\ygexxtpd.default\extensions\{bcb51568-1060-4801-9c85-b5d41b33160b}\defaults\preferences\xulcache.js

c:\users\gage\AppData\Roaming\Mozilla\Firefox\Profiles\ygexxtpd.default\extensions\{bcb51568-1060-4801-9c85-b5d41b33160b}\install.rdf

c:\users\gage\AppData\Roaming\Mozilla\Firefox\Profiles\ygexxtpd.default\extensions\{ffdf6c89-8ed7-48c8-8d39-c0f87ef72bd3}

c:\users\gage\AppData\Roaming\Mozilla\Firefox\Profiles\ygexxtpd.default\extensions\{ffdf6c89-8ed7-48c8-8d39-c0f87ef72bd3}\chrome.manifest

c:\users\gage\AppData\Roaming\Mozilla\Firefox\Profiles\ygexxtpd.default\extensions\{ffdf6c89-8ed7-48c8-8d39-c0f87ef72bd3}\chrome\xulcache.jar

c:\users\gage\AppData\Roaming\Mozilla\Firefox\Profiles\ygexxtpd.default\extensions\{ffdf6c89-8ed7-48c8-8d39-c0f87ef72bd3}\defaults\preferences\xulcache.js

c:\users\gage\AppData\Roaming\Mozilla\Firefox\Profiles\ygexxtpd.default\extensions\{ffdf6c89-8ed7-48c8-8d39-c0f87ef72bd3}\install.rdf

c:\windows\$NtUninstallKB8870$

c:\windows\$NtUninstallKB8870$\2080530084\@

c:\windows\$NtUninstallKB8870$\2080530084\bckfg.tmp

c:\windows\$NtUninstallKB8870$\2080530084\cfg.ini

c:\windows\$NtUninstallKB8870$\2080530084\Desktop.ini

c:\windows\$NtUninstallKB8870$\2080530084\keywords

c:\windows\$NtUninstallKB8870$\2080530084\kwrd.dll

c:\windows\$NtUninstallKB8870$\2080530084\L\xadqgnnk

c:\windows\$NtUninstallKB8870$\2080530084\lsflt7.ver

c:\windows\$NtUninstallKB8870$\2080530084\U\00000001.@

c:\windows\$NtUninstallKB8870$\2080530084\U\00000002.@

c:\windows\$NtUninstallKB8870$\2080530084\U\80000000.@

c:\windows\$NtUninstallKB8870$\2080530084\U\80000032.@

c:\windows\$NtUninstallKB8870$\4019963252

.

.

((((((((((((((((((((((((( Files Created from 2011-10-01 to 2011-11-01 )))))))))))))))))))))))))))))))

.

.

2011-10-27 03:34 . 2011-10-27 03:34 -------- d-----w- c:\program files\Sophos

2011-10-25 02:37 . 2011-09-29 06:53 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll

2011-10-25 02:37 . 2011-09-29 06:53 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll

2011-10-25 02:37 . 2011-09-29 06:53 773080 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll

2011-10-25 02:37 . 2011-09-29 06:53 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll

2011-10-25 02:37 . 2011-09-29 06:53 1833944 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll

2011-10-25 02:37 . 2011-09-29 06:53 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll

2011-10-25 02:37 . 2011-09-29 00:26 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll

2011-10-25 02:37 . 2011-09-29 00:26 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll

2011-10-23 02:28 . 2011-10-25 01:26 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-10-23 02:28 . 2011-10-23 02:28 -------- d-----w- c:\programdata\Hitman Pro

2011-10-23 01:38 . 2011-10-23 01:38 -------- d-----w- c:\program files\Apple Software Update

2011-10-23 01:00 . 2011-10-23 01:00 -------- d-----w- c:\program files\Common Files\Adobe

2011-10-23 00:39 . 2011-10-03 09:06 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

2011-10-23 00:35 . 2011-10-23 00:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-22 01:56 . 2009-01-25 17:14 15224 ----a-w- c:\windows\system32\sdnclean.exe

2011-10-22 01:56 . 2011-10-22 15:09 -------- d-----w- c:\program files\Spybot - Search & Destroy 2

2011-10-19 22:56 . 2011-10-19 22:56 -------- d-----w- C:\VQms1vXc60qEwkg

2011-10-19 02:31 . 2011-10-19 02:31 69120 --sha-r- c:\windows\system32\snmpapi6.dll

2011-10-19 02:15 . 2011-10-20 02:52 -------- d-----w- c:\users\gage\AppData\Roaming\Iwoqgo

2011-10-19 02:15 . 2011-10-19 23:13 -------- d-----w- c:\users\gage\AppData\Roaming\Ykir

2011-10-19 01:36 . 2011-10-19 01:36 -------- d-----w- c:\windows\Sun

2011-10-18 17:34 . 2011-10-07 03:48 6668624 ---ha-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ED7A00D2-735D-4743-B650-FB8AC5B32EE1}\mpengine.dll

2011-10-13 21:38 . 2011-08-17 04:24 465408 ----a-w- c:\windows\system32\psisdecd.dll

2011-10-13 21:38 . 2011-08-17 04:19 75776 ----a-w- c:\windows\system32\psisrndr.ax

2011-10-13 21:38 . 2011-08-27 04:26 233472 ----a-w- c:\windows\system32\oleacc.dll

2011-10-13 21:38 . 2011-08-27 04:26 571904 ----a-w- c:\windows\system32\oleaut32.dll

2011-10-13 21:38 . 2011-09-06 02:28 2334720 ----a-w- c:\windows\system32\win32k.sys

2011-10-11 16:30 . 2011-10-11 16:29 703824 ---h--w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FEC263C8-6369-4DC5-8FAC-9637B993729A}\gapaengine.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-03 09:06 . 2010-04-29 17:34 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-09-12 23:14 . 2011-05-23 16:46 7269712 ---ha-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-09-12 17:01 . 2011-08-23 16:29 0 ----a-w- c:\users\gage\AppData\Local\Rlaqovabupice.bin

2011-08-31 21:00 . 2011-06-28 21:40 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-29 06:53 . 2011-10-25 02:37 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\gage\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\gage\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\gage\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2011-10-05 3578272]

"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2011-10-05 3025304]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2009-07-14 8704]

.

c:\users\gage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\gage\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-06-06 16:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-09-05 17:04 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2011-08-29 20:23 136176 ----atw- c:\users\gage\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-11-12 21:33 141600 ---ha-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]

2011-08-31 21:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MusicManager]

2011-09-14 19:10 13128704 ----a-w- c:\users\gage\AppData\Local\Programs\Google\MusicManager\MusicManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2009-03-06 15:52 13605408 ----a-w- c:\windows\System32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]

2009-03-06 15:52 96800 ----a-w- c:\windows\System32\nvhotkey.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2009-03-06 15:52 92704 ----a-w- c:\windows\System32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2009-03-05 02:11 1657376 ----a-w- c:\windows\System32\nwiz.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]

2009-11-13 21:59 2923192 ---ha-w- c:\program files\Pando Networks\Media Booster\PMB.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-11-11 04:08 417792 ---ha-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

2010-11-20 12:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-03-05 21:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2011-08-04 16:00 1242448 ---ha-w- c:\program files\Steam\Steam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-06-09 17:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

R1 MpKsl52420518;MpKsl52420518;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CEE8B91E-E537-467A-8E61-EE297FE61467}\MpKsl52420518.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-29 136176]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-29 136176]

R3 HKOJLGLAVH;HKOJLGLAVH;c:\users\gage\AppData\Local\Temp\HKOJLGLAVH.exe [x]

R3 HSFDKMVIRSUCQZ;HSFDKMVIRSUCQZ;c:\users\gage\AppData\Local\Temp\HSFDKMVIRSUCQZ.exe [x]

R3 JLDVLIXQN;JLDVLIXQN;c:\users\gage\AppData\Local\Temp\JLDVLIXQN.exe [x]

R3 Kinetic Books License Service;Kinetic Books License Service;c:\program files\Common Files\Kinetic Books Shared\Service\KineticBooksLicenseService.exe [2010-09-08 79360]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\CECC.tmp [x]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]

R3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys [2009-08-11 9040]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-02 1343400]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files\Spybot - Search & Destroy 2\SDHookDrv32.sys [2011-10-05 38504]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 esClient;Windows Media Center Client Service;c:\program files\Windows Home Server\esClient.exe [2009-04-21 94064]

S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2008-12-11 3575808]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 SDHookService;Spybot S&D 2 Live Protection Service;c:\program files\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-10-05 130976]

S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-10-05 892336]

S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-10-05 955816]

S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-10-05 169624]

S2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [2009-04-21 335728]

S3 GTIPCI21;GTIPCI21;c:\windows\system32\DRIVERS\gtipci21.sys [2006-09-14 88192]

S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

S3 VSTHWICH;VSTHWICH;c:\windows\system32\DRIVERS\VSTICH3.SYS [2009-07-13 242176]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-01 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job

- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2011-10-22 19:46]

.

2011-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc8f4a7ca79da1.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-29 03:25]

.

2011-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cc8f4a81927741.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-29 03:25]

.

2011-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3515355301-299534459-1887375660-1001Core.job

- c:\users\gage\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-29 20:23]

.

2011-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3515355301-299534459-1887375660-1001UA.job

- c:\users\gage\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-29 20:23]

.

2011-10-27 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job

- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2011-10-22 19:46]

.

2011-10-22 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job

- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2011-10-22 19:46]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 66.133.170.2 66.133.150.12

FF - ProfilePath - c:\users\gage\AppData\Roaming\Mozilla\Firefox\Profiles\ygexxtpd.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - ORPHANS REMOVED - - - -

.

Notify-SDWinLogon - SDWinLogon.dll

MSConfigStartUp-CDDB Update - c:\users\gage\AppData\Local\Apple Computer\AppleUpdate\Appleupdt32.DLL

MSConfigStartUp-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil10i_Plugin.exe

MSConfigStartUp-MoeMonitor - c:\users\gage\AppData\Local\Microsoft\Live Mesh\Bin\Servicing\0.9.4014.7\MoeMonitor.exe

MSConfigStartUp-PeOuyECqQC - c:\programdata\PeOuyECqQC.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.dfsc]

"ImagePath"="\*"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\CECC.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(1808)

c:\users\gage\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

c:\program files\Common Files\microsoft shared\ink\tiptsf.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\windows\system32\rundll32.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\taskhost.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\conhost.exe

.

**************************************************************************

.

Completion time: 2011-11-01 08:08:02 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-01 12:07

.

Pre-Run: 1,094,737,920 bytes free

Post-Run: 833,368,064 bytes free

.

- - End Of File - - 95D59210F0CD9905943C87D34CC1CC4D

Link to post
Share on other sites

  • Staff

Hi,

Grab a fresh copy of ComboFix, run it, and post its log.

Reboot.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Reboot.

See if DDS will run now. If so, post DDS.txt (attach.txt is not necessary).

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

I was able to successfully run ComboFix, TDSSKiller.zip, ESET, and Security Check (logs for all below).

ESET got positives on several trojans and viruses.

I wasn't able to run DDS. DDS.scr is apparently not associated with any program, so I am getting the "This file does not have a program associated with it for performing this action. Please install a program or, if one if already installed, create as association in the Defaults Programs control panel." error message. Note that this is Win7 Ultimate.

Thanks

DB

*************************************************************

ComboFix log

*************************************************************

ComboFix 11-11-11.06 - gage 11/11/2011 20:45:57.2.1 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2047.1296 [GMT -5:00]

Running from: c:\users\gage\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2011-10-12 to 2011-11-12 )))))))))))))))))))))))))))))))

.

.

2011-11-12 02:02 . 2011-11-12 02:02 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-11-01 11:48 . 2011-11-12 02:02 -------- d-----w- c:\users\gage\AppData\Local\temp

2011-11-01 11:08 . 2009-07-13 23:11 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys

2011-10-27 03:34 . 2011-10-27 03:34 -------- d-----w- c:\program files\Sophos

2011-10-25 02:37 . 2011-09-29 06:53 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll

2011-10-25 02:37 . 2011-09-29 06:53 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll

2011-10-25 02:37 . 2011-09-29 06:53 773080 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll

2011-10-25 02:37 . 2011-09-29 06:53 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll

2011-10-25 02:37 . 2011-09-29 06:53 1833944 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll

2011-10-25 02:37 . 2011-09-29 06:53 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll

2011-10-25 02:37 . 2011-09-29 00:26 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll

2011-10-25 02:37 . 2011-09-29 00:26 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll

2011-10-23 02:28 . 2011-10-25 01:26 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-10-23 02:28 . 2011-10-23 02:28 -------- d-----w- c:\programdata\Hitman Pro

2011-10-23 01:38 . 2011-10-23 01:38 -------- d-----w- c:\program files\Apple Software Update

2011-10-23 01:00 . 2011-10-23 01:00 -------- d-----w- c:\program files\Common Files\Adobe

2011-10-23 00:39 . 2011-10-03 09:06 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

2011-10-23 00:35 . 2011-10-23 00:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-22 01:56 . 2009-01-25 17:14 15224 ----a-w- c:\windows\system32\sdnclean.exe

2011-10-22 01:56 . 2011-10-22 15:09 -------- d-----w- c:\program files\Spybot - Search & Destroy 2

2011-10-19 22:56 . 2011-10-19 22:56 -------- d-----w- C:\VQms1vXc60qEwkg

2011-10-19 02:31 . 2011-10-19 02:31 69120 --sha-r- c:\windows\system32\snmpapi6.dll

2011-10-19 02:15 . 2011-10-20 02:52 -------- d-----w- c:\users\gage\AppData\Roaming\Iwoqgo

2011-10-19 02:15 . 2011-10-19 23:13 -------- d-----w- c:\users\gage\AppData\Roaming\Ykir

2011-10-19 01:36 . 2011-10-19 01:36 -------- d-----w- c:\windows\Sun

2011-10-18 17:34 . 2011-10-07 03:48 6668624 ---ha-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ED7A00D2-735D-4743-B650-FB8AC5B32EE1}\mpengine.dll

2011-10-13 21:38 . 2011-08-17 04:24 465408 ----a-w- c:\windows\system32\psisdecd.dll

2011-10-13 21:38 . 2011-08-17 04:19 75776 ----a-w- c:\windows\system32\psisrndr.ax

2011-10-13 21:38 . 2011-08-27 04:26 233472 ----a-w- c:\windows\system32\oleacc.dll

2011-10-13 21:38 . 2011-08-27 04:26 571904 ----a-w- c:\windows\system32\oleaut32.dll

2011-10-13 21:38 . 2011-09-06 02:28 2334720 ----a-w- c:\windows\system32\win32k.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-11 16:29 . 2011-10-11 16:30 703824 ---h--w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FEC263C8-6369-4DC5-8FAC-9637B993729A}\gapaengine.dll

2011-10-03 09:06 . 2010-04-29 17:34 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-09-12 23:14 . 2011-05-23 16:46 7269712 ---ha-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-09-12 17:01 . 2011-08-23 16:29 0 ----a-w- c:\users\gage\AppData\Local\Rlaqovabupice.bin

2011-08-31 21:00 . 2011-06-28 21:40 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-29 06:53 . 2011-10-25 02:37 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-11-01_11.58.21 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-08-11 00:34 . 2011-11-04 00:41 31292 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 04:55 . 2011-11-01 12:15 37050 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2009-08-11 00:23 . 2011-11-01 11:54 10836 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3515355301-299534459-1887375660-1001_UserData.bin

+ 2009-08-11 00:23 . 2011-11-01 12:15 10836 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3515355301-299534459-1887375660-1001_UserData.bin

- 2010-06-19 20:56 . 2011-11-01 12:00 80118 c:\windows\System32\perfc001.dat

+ 2010-06-19 20:56 . 2011-11-12 01:24 80118 c:\windows\System32\perfc001.dat

- 2011-11-01 11:14 . 2011-11-01 11:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-11-04 00:38 . 2011-11-04 00:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-11-01 11:14 . 2011-11-01 11:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-11-04 00:38 . 2011-11-04 00:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-08-11 16:27 . 2011-11-12 01:00 245028 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

- 2010-06-19 20:56 . 2011-11-01 12:00 649608 c:\windows\System32\perfh00C.dat

+ 2010-06-19 20:56 . 2011-11-12 01:24 649608 c:\windows\System32\perfh00C.dat

+ 2009-07-14 02:05 . 2011-11-12 01:24 626278 c:\windows\System32\perfh009.dat

- 2009-07-14 02:05 . 2011-11-01 12:00 626278 c:\windows\System32\perfh009.dat

+ 2010-06-19 20:56 . 2011-11-12 01:24 444756 c:\windows\System32\perfh001.dat

- 2010-06-19 20:56 . 2011-11-01 12:00 444756 c:\windows\System32\perfh001.dat

+ 2010-06-19 20:56 . 2011-11-12 01:24 111926 c:\windows\System32\perfc00C.dat

- 2010-06-19 20:56 . 2011-11-01 12:00 111926 c:\windows\System32\perfc00C.dat

+ 2009-07-14 02:05 . 2011-11-12 01:24 107522 c:\windows\System32\perfc009.dat

- 2009-07-14 02:05 . 2011-11-01 12:00 107522 c:\windows\System32\perfc009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\gage\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\gage\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\gage\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2011-10-05 3578272]

"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2011-10-05 3025304]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2009-07-14 8704]

.

c:\users\gage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\gage\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-06-06 16:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-09-05 17:04 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2011-08-29 20:23 136176 ----atw- c:\users\gage\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-11-12 21:33 141600 ---ha-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]

2011-08-31 21:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MusicManager]

2011-09-14 19:10 13128704 ----a-w- c:\users\gage\AppData\Local\Programs\Google\MusicManager\MusicManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2009-03-06 15:52 13605408 ----a-w- c:\windows\System32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]

2009-03-06 15:52 96800 ----a-w- c:\windows\System32\nvhotkey.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2009-03-06 15:52 92704 ----a-w- c:\windows\System32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2009-03-05 02:11 1657376 ----a-w- c:\windows\System32\nwiz.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]

2009-11-13 21:59 2923192 ---ha-w- c:\program files\Pando Networks\Media Booster\PMB.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-11-11 04:08 417792 ---ha-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

2010-11-20 12:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-03-05 21:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2011-08-04 16:00 1242448 ---ha-w- c:\program files\Steam\Steam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-06-09 17:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

R1 MpKsl52420518;MpKsl52420518;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CEE8B91E-E537-467A-8E61-EE297FE61467}\MpKsl52420518.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-29 136176]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-29 136176]

R3 HKOJLGLAVH;HKOJLGLAVH;c:\users\gage\AppData\Local\Temp\HKOJLGLAVH.exe [x]

R3 HSFDKMVIRSUCQZ;HSFDKMVIRSUCQZ;c:\users\gage\AppData\Local\Temp\HSFDKMVIRSUCQZ.exe [x]

R3 JLDVLIXQN;JLDVLIXQN;c:\users\gage\AppData\Local\Temp\JLDVLIXQN.exe [x]

R3 Kinetic Books License Service;Kinetic Books License Service;c:\program files\Common Files\Kinetic Books Shared\Service\KineticBooksLicenseService.exe [2010-09-08 79360]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\CECC.tmp [x]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]

R3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys [2009-08-11 9040]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-02 1343400]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files\Spybot - Search & Destroy 2\SDHookDrv32.sys [2011-10-05 38504]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 esClient;Windows Media Center Client Service;c:\program files\Windows Home Server\esClient.exe [2009-04-21 94064]

S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2008-12-11 3575808]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 SDHookService;Spybot S&D 2 Live Protection Service;c:\program files\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-10-05 130976]

S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-10-05 892336]

S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-10-05 955816]

S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-10-05 169624]

S2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [2009-04-21 335728]

S3 GTIPCI21;GTIPCI21;c:\windows\system32\DRIVERS\gtipci21.sys [2006-09-14 88192]

S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

S3 VSTHWICH;VSTHWICH;c:\windows\system32\DRIVERS\VSTICH3.SYS [2009-07-13 242176]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-04 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job

- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2011-10-22 19:46]

.

2011-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc8f4a7ca79da1.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-29 03:25]

.

2011-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cc8f4a81927741.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-29 03:25]

.

2011-11-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3515355301-299534459-1887375660-1001Core.job

- c:\users\gage\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-29 20:23]

.

2011-11-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3515355301-299534459-1887375660-1001UA.job

- c:\users\gage\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-29 20:23]

.

2011-10-27 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job

- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2011-10-22 19:46]

.

2011-10-22 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job

- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2011-10-22 19:46]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 74.40.74.40 74.40.74.41

FF - ProfilePath - c:\users\gage\AppData\Roaming\Mozilla\Firefox\Profiles\ygexxtpd.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.dfsc]

"ImagePath"="\*"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\CECC.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(20864)

c:\users\gage\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

Completion time: 2011-11-11 21:32:44

ComboFix-quarantined-files.txt 2011-11-12 02:32

ComboFix2.txt 2011-11-01 12:08

.

Pre-Run: 527,507,456 bytes free

Post-Run: 453,660,672 bytes free

.

- - End Of File - - 7E1100F9FDC77DE2F9AAC4A4D6AC93AF

*************************************************************

TDSSKiller output

*************************************************************

22:02:00.0747 2956 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15

22:02:02.0762 2956 ============================================================

22:02:02.0762 2956 Current date / time: 2011/11/11 22:02:02.0762

22:02:02.0762 2956 SystemInfo:

22:02:02.0762 2956

22:02:02.0762 2956 OS Version: 6.1.7601 ServicePack: 1.0

22:02:02.0762 2956 Product type: Workstation

22:02:02.0762 2956 ComputerName: PIGG

22:02:02.0762 2956 UserName: gage

22:02:02.0762 2956 Windows directory: C:\Windows

22:02:02.0762 2956 System windows directory: C:\Windows

22:02:02.0762 2956 Processor architecture: Intel x86

22:02:02.0762 2956 Number of processors: 1

22:02:02.0762 2956 Page size: 0x1000

22:02:02.0762 2956 Boot type: Normal boot

22:02:02.0762 2956 ============================================================

22:02:07.0887 2956 Initialize success

22:02:37.0497 3692 ============================================================

22:02:37.0497 3692 Scan started

22:02:37.0497 3692 Mode: Manual; SigCheck; TDLFS;

22:02:37.0497 3692 ============================================================

22:02:39.0903 3692 .dfsc - ok

22:02:40.0309 3692 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys

22:02:40.0497 3692 1394ohci - ok

22:02:40.0981 3692 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys

22:02:41.0012 3692 ACPI - ok

22:02:41.0325 3692 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys

22:02:41.0418 3692 AcpiPmi - ok

22:02:42.0043 3692 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

22:02:42.0106 3692 adp94xx - ok

22:02:42.0528 3692 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

22:02:42.0559 3692 adpahci - ok

22:02:42.0872 3692 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

22:02:42.0918 3692 adpu320 - ok

22:02:43.0340 3692 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys

22:02:43.0450 3692 AFD - ok

22:02:43.0856 3692 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

22:02:43.0887 3692 agp440 - ok

22:02:44.0215 3692 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

22:02:44.0262 3692 aic78xx - ok

22:02:44.0590 3692 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

22:02:44.0622 3692 aliide - ok

22:02:45.0090 3692 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

22:02:45.0153 3692 amdagp - ok

22:02:45.0434 3692 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

22:02:45.0497 3692 amdide - ok

22:02:45.0778 3692 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

22:02:45.0872 3692 AmdK8 - ok

22:02:46.0184 3692 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

22:02:46.0262 3692 AmdPPM - ok

22:02:46.0512 3692 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys

22:02:46.0575 3692 amdsata - ok

22:02:46.0622 3692 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

22:02:46.0653 3692 amdsbs - ok

22:02:47.0012 3692 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys

22:02:47.0028 3692 amdxata - ok

22:02:47.0200 3692 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys

22:02:47.0387 3692 AppID - ok

22:02:47.0684 3692 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

22:02:47.0731 3692 arc - ok

22:02:48.0012 3692 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

22:02:48.0043 3692 arcsas - ok

22:02:48.0512 3692 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

22:02:48.0590 3692 AsyncMac - ok

22:02:48.0918 3692 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

22:02:48.0934 3692 atapi - ok

22:02:49.0340 3692 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

22:02:49.0387 3692 b06bdrv - ok

22:02:49.0668 3692 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

22:02:49.0747 3692 b57nd60x - ok

22:02:50.0700 3692 BCM43XX (f9ce9b5e049efc66b8e6c73c18ee8438) C:\Windows\system32\DRIVERS\bcmwl6.sys

22:02:50.0778 3692 BCM43XX - ok

22:02:51.0043 3692 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

22:02:51.0168 3692 Beep - ok

22:02:51.0403 3692 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

22:02:51.0434 3692 blbdrive - ok

22:02:51.0590 3692 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys

22:02:51.0653 3692 bowser - ok

22:02:51.0950 3692 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

22:02:52.0059 3692 BrFiltLo - ok

22:02:52.0168 3692 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

22:02:52.0262 3692 BrFiltUp - ok

22:02:52.0481 3692 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

22:02:52.0559 3692 Brserid - ok

22:02:52.0747 3692 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

22:02:52.0840 3692 BrSerWdm - ok

22:02:52.0856 3692 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

22:02:52.0918 3692 BrUsbMdm - ok

22:02:52.0997 3692 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

22:02:53.0090 3692 BrUsbSer - ok

22:02:53.0184 3692 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

22:02:53.0262 3692 BTHMODEM - ok

22:02:53.0387 3692 catchme - ok

22:02:53.0528 3692 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

22:02:53.0606 3692 cdfs - ok

22:02:53.0731 3692 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys

22:02:53.0825 3692 cdrom - ok

22:02:53.0965 3692 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

22:02:54.0012 3692 circlass - ok

22:02:54.0122 3692 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

22:02:54.0153 3692 CLFS - ok

22:02:54.0309 3692 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

22:02:54.0356 3692 CmBatt - ok

22:02:54.0450 3692 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

22:02:54.0497 3692 cmdide - ok

22:02:54.0715 3692 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

22:02:54.0778 3692 CNG - ok

22:02:54.0887 3692 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

22:02:54.0903 3692 Compbatt - ok

22:02:54.0997 3692 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys

22:02:55.0028 3692 CompositeBus - ok

22:02:55.0106 3692 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

22:02:55.0122 3692 crcdisk - ok

22:02:55.0278 3692 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

22:02:55.0340 3692 discache - ok

22:02:55.0434 3692 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

22:02:55.0450 3692 Disk - ok

22:02:55.0590 3692 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

22:02:55.0622 3692 drmkaud - ok

22:02:55.0903 3692 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys

22:02:55.0934 3692 DXGKrnl - ok

22:02:56.0122 3692 EagleNT - ok

22:02:57.0168 3692 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

22:02:57.0403 3692 ebdrv - ok

22:02:57.0684 3692 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

22:02:57.0731 3692 elxstor - ok

22:02:57.0950 3692 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

22:02:58.0028 3692 ErrDev - ok

22:02:58.0309 3692 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

22:02:58.0387 3692 exfat - ok

22:02:58.0653 3692 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

22:02:58.0747 3692 fastfat - ok

22:02:58.0981 3692 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

22:02:59.0043 3692 fdc - ok

22:02:59.0184 3692 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

22:02:59.0215 3692 FileInfo - ok

22:02:59.0340 3692 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

22:02:59.0434 3692 Filetrace - ok

22:02:59.0668 3692 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

22:02:59.0747 3692 flpydisk - ok

22:02:59.0903 3692 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

22:02:59.0934 3692 FltMgr - ok

22:02:59.0981 3692 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

22:02:59.0997 3692 FsDepends - ok

22:03:00.0137 3692 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

22:03:00.0168 3692 Fs_Rec - ok

22:03:00.0262 3692 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys

22:03:00.0278 3692 fvevol - ok

22:03:00.0434 3692 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

22:03:00.0481 3692 gagp30kx - ok

22:03:00.0559 3692 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

22:03:00.0575 3692 GEARAspiWDM - ok

22:03:00.0700 3692 GTIPCI21 (f3c9f09aa3eda29a1c841877e7e39158) C:\Windows\system32\DRIVERS\gtipci21.sys

22:03:00.0778 3692 GTIPCI21 - ok

22:03:00.0918 3692 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

22:03:00.0981 3692 hcw85cir - ok

22:03:01.0122 3692 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys

22:03:01.0200 3692 HDAudBus - ok

22:03:01.0434 3692 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

22:03:01.0481 3692 HidBatt - ok

22:03:01.0622 3692 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

22:03:01.0700 3692 HidBth - ok

22:03:01.0747 3692 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

22:03:01.0825 3692 HidIr - ok

22:03:02.0043 3692 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys

22:03:02.0075 3692 HidUsb - ok

22:03:02.0168 3692 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

22:03:02.0200 3692 HpSAMD - ok

22:03:02.0418 3692 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys

22:03:02.0481 3692 HTTP - ok

22:03:02.0653 3692 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys

22:03:02.0684 3692 hwpolicy - ok

22:03:02.0872 3692 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys

22:03:02.0918 3692 i8042prt - ok

22:03:03.0059 3692 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys

22:03:03.0122 3692 iaStorV - ok

22:03:03.0278 3692 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

22:03:03.0293 3692 iirsp - ok

22:03:03.0387 3692 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

22:03:03.0403 3692 intelide - ok

22:03:03.0543 3692 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

22:03:03.0606 3692 intelppm - ok

22:03:03.0653 3692 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

22:03:03.0700 3692 IpFilterDriver - ok

22:03:03.0903 3692 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys

22:03:03.0965 3692 IPMIDRV - ok

22:03:04.0153 3692 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

22:03:04.0247 3692 IPNAT - ok

22:03:04.0434 3692 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

22:03:04.0481 3692 IRENUM - ok

22:03:04.0543 3692 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

22:03:04.0543 3692 isapnp - ok

22:03:04.0622 3692 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys

22:03:04.0668 3692 iScsiPrt - ok

22:03:04.0872 3692 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys

22:03:04.0903 3692 kbdclass - ok

22:03:04.0981 3692 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys

22:03:05.0028 3692 kbdhid - ok

22:03:05.0293 3692 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys

22:03:05.0309 3692 KSecDD - ok

22:03:05.0372 3692 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys

22:03:05.0387 3692 KSecPkg - ok

22:03:05.0512 3692 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

22:03:05.0575 3692 lltdio - ok

22:03:05.0668 3692 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

22:03:05.0700 3692 LSI_FC - ok

22:03:05.0809 3692 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

22:03:05.0825 3692 LSI_SAS - ok

22:03:05.0887 3692 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

22:03:05.0918 3692 LSI_SAS2 - ok

22:03:05.0965 3692 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

22:03:05.0981 3692 LSI_SCSI - ok

22:03:06.0012 3692 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

22:03:06.0075 3692 luafv - ok

22:03:06.0231 3692 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

22:03:06.0293 3692 megasas - ok

22:03:06.0356 3692 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

22:03:06.0372 3692 MegaSR - ok

22:03:06.0465 3692 MEMSWEEP2 - ok

22:03:06.0622 3692 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

22:03:06.0700 3692 Modem - ok

22:03:06.0903 3692 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

22:03:06.0950 3692 monitor - ok

22:03:07.0043 3692 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys

22:03:07.0059 3692 mouclass - ok

22:03:07.0215 3692 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

22:03:07.0247 3692 mouhid - ok

22:03:07.0356 3692 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys

22:03:07.0403 3692 mountmgr - ok

22:03:07.0590 3692 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys

22:03:07.0637 3692 MpFilter - ok

22:03:07.0762 3692 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys

22:03:07.0793 3692 mpio - ok

22:03:07.0950 3692 MpKsl52420518 - ok

22:03:08.0122 3692 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys

22:03:08.0153 3692 MpNWMon - ok

22:03:08.0200 3692 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

22:03:08.0293 3692 mpsdrv - ok

22:03:08.0575 3692 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys

22:03:08.0622 3692 MRxDAV - ok

22:03:08.0747 3692 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys

22:03:08.0840 3692 mrxsmb - ok

22:03:08.0965 3692 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys

22:03:09.0012 3692 mrxsmb10 - ok

22:03:09.0184 3692 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

22:03:09.0200 3692 mrxsmb20 - ok

22:03:09.0262 3692 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys

22:03:09.0278 3692 msahci - ok

22:03:09.0372 3692 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys

22:03:09.0387 3692 msdsm - ok

22:03:09.0543 3692 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

22:03:09.0606 3692 Msfs - ok

22:03:09.0684 3692 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

22:03:09.0747 3692 mshidkmdf - ok

22:03:09.0997 3692 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

22:03:10.0012 3692 msisadrv - ok

22:03:10.0168 3692 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

22:03:10.0231 3692 MSKSSRV - ok

22:03:10.0278 3692 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

22:03:10.0340 3692 MSPCLOCK - ok

22:03:10.0575 3692 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

22:03:10.0668 3692 MSPQM - ok

22:03:10.0918 3692 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

22:03:10.0950 3692 MsRPC - ok

22:03:11.0247 3692 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys

22:03:11.0278 3692 mssmbios - ok

22:03:11.0403 3692 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

22:03:11.0450 3692 MSTEE - ok

22:03:11.0762 3692 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

22:03:11.0856 3692 MTConfig - ok

22:03:12.0215 3692 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

22:03:12.0231 3692 Mup - ok

22:03:12.0356 3692 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

22:03:12.0434 3692 NativeWifiP - ok

22:03:12.0778 3692 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys

22:03:12.0809 3692 NDIS - ok

22:03:12.0950 3692 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

22:03:13.0059 3692 NdisCap - ok

22:03:13.0184 3692 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

22:03:13.0340 3692 NdisTapi - ok

22:03:13.0559 3692 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys

22:03:13.0668 3692 Ndisuio - ok

22:03:13.0856 3692 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys

22:03:13.0950 3692 NdisWan - ok

22:03:14.0153 3692 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys

22:03:14.0215 3692 NDProxy - ok

22:03:14.0340 3692 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

22:03:14.0434 3692 NetBIOS - ok

22:03:14.0543 3692 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys

22:03:14.0637 3692 NetBT - ok

22:03:14.0840 3692 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

22:03:14.0887 3692 nfrd960 - ok

22:03:15.0012 3692 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

22:03:15.0059 3692 NisDrv - ok

22:03:15.0356 3692 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

22:03:15.0418 3692 Npfs - ok

22:03:15.0715 3692 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

22:03:15.0793 3692 nsiproxy - ok

22:03:16.0356 3692 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys

22:03:16.0418 3692 Ntfs - ok

22:03:16.0653 3692 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

22:03:16.0715 3692 Null - ok

22:03:17.0856 3692 nvlddmkm (05b288b25c2ebd9a4e9e5114ae790876) C:\Windows\system32\DRIVERS\nvlddmkm.sys

22:03:18.0356 3692 nvlddmkm - ok

22:03:18.0622 3692 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys

22:03:18.0668 3692 nvraid - ok

22:03:18.0918 3692 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys

22:03:18.0965 3692 nvstor - ok

22:03:19.0215 3692 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

22:03:19.0247 3692 nv_agp - ok

22:03:19.0387 3692 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

22:03:19.0434 3692 ohci1394 - ok

22:03:19.0559 3692 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

22:03:19.0575 3692 Parport - ok

22:03:19.0684 3692 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys

22:03:19.0700 3692 partmgr - ok

22:03:19.0887 3692 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

22:03:19.0934 3692 Parvdm - ok

22:03:20.0122 3692 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys

22:03:20.0153 3692 pci - ok

22:03:20.0262 3692 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

22:03:20.0278 3692 pciide - ok

22:03:20.0450 3692 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

22:03:20.0512 3692 pcmcia - ok

22:03:20.0606 3692 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

22:03:20.0622 3692 pcw - ok

22:03:20.0825 3692 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

22:03:20.0918 3692 PEAUTH - ok

22:03:21.0153 3692 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

22:03:21.0247 3692 PptpMiniport - ok

22:03:21.0497 3692 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

22:03:21.0528 3692 Processor - ok

22:03:21.0793 3692 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

22:03:21.0856 3692 Psched - ok

22:03:22.0247 3692 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

22:03:22.0309 3692 ql2300 - ok

22:03:22.0559 3692 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

22:03:22.0575 3692 ql40xx - ok

22:03:22.0793 3692 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

22:03:22.0809 3692 QWAVEdrv - ok

22:03:23.0090 3692 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

22:03:23.0184 3692 RasAcd - ok

22:03:23.0403 3692 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

22:03:23.0481 3692 RasAgileVpn - ok

22:03:23.0731 3692 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

22:03:23.0809 3692 Rasl2tp - ok

22:03:24.0106 3692 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

22:03:24.0184 3692 RasPppoe - ok

22:03:24.0403 3692 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

22:03:24.0481 3692 RasSstp - ok

22:03:24.0747 3692 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys

22:03:24.0825 3692 rdbss - ok

22:03:25.0059 3692 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

22:03:25.0090 3692 rdpbus - ok

22:03:25.0325 3692 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys

22:03:25.0387 3692 RDPCDD - ok

22:03:25.0590 3692 RDPDISPM (a862a3a8d7d2d75bdc41b556325e9876) C:\Windows\system32\DRIVERS\rdpdispm.sys

22:03:25.0622 3692 RDPDISPM - ok

22:03:25.0778 3692 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys

22:03:25.0809 3692 RDPDR - ok

22:03:26.0028 3692 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

22:03:26.0090 3692 RDPENCDD - ok

22:03:26.0293 3692 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

22:03:26.0387 3692 RDPREFMP - ok

22:03:26.0590 3692 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys

22:03:26.0668 3692 RdpVideoMiniport - ok

22:03:26.0950 3692 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys

22:03:27.0012 3692 RDPWD - ok

22:03:27.0262 3692 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys

22:03:27.0293 3692 rdyboost - ok

22:03:27.0481 3692 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

22:03:27.0543 3692 rspndr - ok

22:03:27.0622 3692 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys

22:03:27.0653 3692 s3cap - ok

22:03:27.0872 3692 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys

22:03:27.0918 3692 sbp2port - ok

22:03:28.0059 3692 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys

22:03:28.0106 3692 scfilter - ok

22:03:28.0356 3692 SDHookDriver (47dd7bb6b72a5f49e01f53597bcaeac7) C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys

22:03:28.0387 3692 SDHookDriver - ok

22:03:28.0715 3692 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

22:03:28.0778 3692 secdrv - ok

22:03:29.0028 3692 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

22:03:29.0075 3692 Serenum - ok

22:03:29.0137 3692 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

22:03:29.0184 3692 Serial - ok

22:03:29.0403 3692 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

22:03:29.0481 3692 sermouse - ok

22:03:29.0731 3692 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

22:03:29.0793 3692 sffdisk - ok

22:03:29.0965 3692 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

22:03:29.0997 3692 sffp_mmc - ok

22:03:30.0059 3692 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys

22:03:30.0090 3692 sffp_sd - ok

22:03:30.0278 3692 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

22:03:30.0356 3692 sfloppy - ok

22:03:30.0512 3692 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

22:03:30.0559 3692 sisagp - ok

22:03:30.0778 3692 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

22:03:30.0825 3692 SiSRaid2 - ok

22:03:31.0028 3692 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

22:03:31.0059 3692 SiSRaid4 - ok

22:03:31.0293 3692 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

22:03:31.0340 3692 Smb - ok

22:03:31.0528 3692 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

22:03:31.0543 3692 spldr - ok

22:03:31.0731 3692 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys

22:03:31.0825 3692 srv - ok

22:03:32.0075 3692 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys

22:03:32.0137 3692 srv2 - ok

22:03:32.0293 3692 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys

22:03:32.0340 3692 srvnet - ok

22:03:32.0465 3692 STAC97 (305cc42945a713347f978d78566113f3) C:\Windows\system32\drivers\STAC97.sys

22:03:32.0512 3692 STAC97 - ok

22:03:32.0684 3692 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

22:03:32.0700 3692 stexstor - ok

22:03:32.0762 3692 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys

22:03:32.0778 3692 storflt - ok

22:03:32.0825 3692 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys

22:03:32.0840 3692 storvsc - ok

22:03:32.0981 3692 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys

22:03:32.0997 3692 swenum - ok

22:03:33.0043 3692 Synth3dVsc - ok

22:03:33.0215 3692 Tcpip (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\drivers\tcpip.sys

22:03:33.0278 3692 Tcpip - ok

22:03:33.0497 3692 TCPIP6 (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\DRIVERS\tcpip.sys

22:03:33.0543 3692 TCPIP6 - ok

22:03:33.0887 3692 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys

22:03:33.0965 3692 tcpipreg - ok

22:03:34.0200 3692 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys

22:03:34.0262 3692 TDPIPE - ok

22:03:34.0450 3692 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys

22:03:34.0575 3692 TDTCP - ok

22:03:34.0653 3692 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys

22:03:34.0747 3692 tdx - ok

22:03:34.0918 3692 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys

22:03:34.0934 3692 TermDD - ok

22:03:35.0075 3692 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys

22:03:35.0137 3692 tssecsrv - ok

22:03:35.0200 3692 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys

22:03:35.0231 3692 TsUsbFlt - ok

22:03:35.0481 3692 tsusbhub - ok

22:03:35.0559 3692 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys

22:03:35.0622 3692 tunnel - ok

22:03:35.0731 3692 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

22:03:35.0747 3692 uagp35 - ok

22:03:35.0840 3692 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys

22:03:35.0903 3692 udfs - ok

22:03:36.0028 3692 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

22:03:36.0028 3692 uliagpkx - ok

22:03:36.0168 3692 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys

22:03:36.0184 3692 umbus - ok

22:03:36.0262 3692 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

22:03:36.0278 3692 UmPass - ok

22:03:36.0340 3692 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys

22:03:36.0356 3692 usbaudio - ok

22:03:36.0528 3692 usbbus (9419faac6552a51542dbba02971c841c) C:\Windows\system32\DRIVERS\lgusbbus.sys

22:03:36.0559 3692 usbbus - ok

22:03:36.0622 3692 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\drivers\usbccgp.sys

22:03:36.0684 3692 usbccgp - ok

22:03:36.0762 3692 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys

22:03:36.0778 3692 usbcir - ok

22:03:36.0918 3692 UsbDiag (c0a466fa4ffec464320e159bc1bbdc0c) C:\Windows\system32\DRIVERS\lgusbdiag.sys

22:03:36.0950 3692 UsbDiag - ok

22:03:37.0028 3692 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys

22:03:37.0059 3692 usbehci - ok

22:03:37.0215 3692 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys

22:03:37.0262 3692 usbhub - ok

22:03:37.0356 3692 USBModem (f74a54774a9b0afeb3c40adec68aa600) C:\Windows\system32\DRIVERS\lgusbmodem.sys

22:03:37.0434 3692 USBModem - ok

22:03:37.0668 3692 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys

22:03:37.0731 3692 usbohci - ok

22:03:37.0778 3692 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

22:03:37.0793 3692 usbprint - ok

22:03:37.0856 3692 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS

22:03:37.0918 3692 USBSTOR - ok

22:03:38.0028 3692 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys

22:03:38.0075 3692 usbuhci - ok

22:03:38.0200 3692 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

22:03:38.0215 3692 vdrvroot - ok

22:03:38.0325 3692 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

22:03:38.0372 3692 vga - ok

22:03:38.0403 3692 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

22:03:38.0434 3692 VgaSave - ok

22:03:38.0481 3692 VGPU - ok

22:03:38.0559 3692 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys

22:03:38.0622 3692 vhdmp - ok

22:03:38.0747 3692 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

22:03:38.0778 3692 viaagp - ok

22:03:38.0840 3692 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

22:03:38.0887 3692 ViaC7 - ok

22:03:38.0934 3692 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

22:03:38.0934 3692 viaide - ok

22:03:39.0012 3692 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys

22:03:39.0043 3692 vmbus - ok

22:03:39.0247 3692 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys

22:03:39.0309 3692 VMBusHID - ok

22:03:39.0372 3692 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys

22:03:39.0387 3692 volmgr - ok

22:03:39.0465 3692 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

22:03:39.0497 3692 volmgrx - ok

22:03:39.0762 3692 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys

22:03:39.0809 3692 volsnap - ok

22:03:39.0918 3692 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

22:03:39.0950 3692 vsmraid - ok

22:03:40.0075 3692 VSTHWICH (a864e0bfe76383ed7d5ffca51dcc0d5b) C:\Windows\system32\DRIVERS\VSTICH3.SYS

22:03:40.0137 3692 VSTHWICH - ok

22:03:40.0387 3692 VST_DPV (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS

22:03:40.0434 3692 VST_DPV - ok

22:03:40.0543 3692 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys

22:03:40.0606 3692 vwifibus - ok

22:03:40.0637 3692 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

22:03:40.0668 3692 vwififlt - ok

22:03:40.0700 3692 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys

22:03:40.0731 3692 vwifimp - ok

22:03:40.0950 3692 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

22:03:41.0012 3692 WacomPen - ok

22:03:41.0168 3692 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

22:03:41.0247 3692 WANARP - ok

22:03:41.0262 3692 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

22:03:41.0293 3692 Wanarpv6 - ok

22:03:41.0434 3692 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

22:03:41.0450 3692 Wd - ok

22:03:41.0622 3692 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

22:03:41.0653 3692 Wdf01000 - ok

22:03:41.0825 3692 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

22:03:41.0887 3692 WfpLwf - ok

22:03:41.0950 3692 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

22:03:41.0965 3692 WIMMount - ok

22:03:42.0043 3692 winachsf (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS

22:03:42.0106 3692 winachsf - ok

22:03:42.0356 3692 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys

22:03:42.0403 3692 WmiAcpi - ok

22:03:42.0528 3692 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

22:03:42.0575 3692 ws2ifsl - ok

22:03:42.0747 3692 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys

22:03:42.0825 3692 WudfPf - ok

22:03:42.0918 3692 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys

22:03:42.0981 3692 WUDFRd - ok

22:03:43.0059 3692 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

22:03:43.0153 3692 \Device\Harddisk0\DR0 - ok

22:03:43.0168 3692 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR1

22:03:44.0122 3692 \Device\Harddisk1\DR1 - ok

22:03:44.0168 3692 Boot (0x1200) (9b198d9f3513cab81dd1ee9eada857cd) \Device\Harddisk0\DR0\Partition0

22:03:44.0168 3692 \Device\Harddisk0\DR0\Partition0 - ok

22:03:44.0200 3692 Boot (0x1200) (9a128b60eb9e04d6d57f6fbc04ed34fe) \Device\Harddisk0\DR0\Partition1

22:03:44.0200 3692 \Device\Harddisk0\DR0\Partition1 - ok

22:03:44.0215 3692 Boot (0x1200) (6af5fab4162ffe7d10f05c1b2efd11a8) \Device\Harddisk1\DR1\Partition0

22:03:44.0215 3692 \Device\Harddisk1\DR1\Partition0 - ok

22:03:44.0215 3692 ============================================================

22:03:44.0215 3692 Scan finished

22:03:44.0215 3692 ============================================================

22:03:44.0247 3480 Detected object count: 0

22:03:44.0247 3480 Actual detected object count: 0

*************************************************************

ESET log

*************************************************************

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

*************************************************************

ESET results

*************************************************************

C:\Program Files\Common Files\microsoft shared\Bthum._os Win32/Corkow.A trojan cleaned by deleting - quarantined

C:\Program Files\Common Files\microsoft shared\chtPL.tr_ Win32/Corkow.A trojan cleaned by deleting - quarantined

C:\Program Files\Common Files\microsoft shared\clienum.svc Win32/Corkow.A trojan cleaned by deleting - quarantined

C:\Program Files\Common Files\microsoft shared\cmimans.aut Win32/Corkow.A trojan cleaned by deleting - quarantined

C:\Program Files\Common Files\microsoft shared\corINUK2.bda Win32/Corkow.A trojan cleaned by deleting - quarantined

C:\Program Files\Common Files\microsoft shared\cscEngn.tcr Win32/Corkow.A trojan cleaned by deleting - quarantined

C:\Program Files\Common Files\microsoft shared\dplserv.woa Win32/Corkow.A trojan cleaned by deleting - quarantined

C:\Program Files\Common Files\microsoft shared\dsqstore._os Win32/Corkow.A trojan cleaned by deleting - quarantined

C:\Program Files\Common Files\microsoft shared\FauRSKO.acp Win32/Corkow.A trojan cleaned by deleting - quarantined

C:\Program Files\Common Files\microsoft shared\FWPiprov.rox Win32/Corkow.A trojan cleaned by deleting - quarantined

C:\Program Files\Common Files\microsoft shared\gdiorsvc.tre Win32/Corkow.A trojan cleaned by deleting - quarantined

C:\Program Files\Common Files\microsoft shared\gpasvc.had Win32/Corkow.A trojan cleaned by deleting - quarantined

C:\Program Files\Common Files\microsoft shared\hgcgenx.mac Win32/Corkow.A trojan cleaned by deleting - quarantined

C:\Program Files\Common Files\microsoft shared\IEAEapPe.cin Win32/Corkow.A trojan cleaned by deleting - quarantined

C:\Program Files\Common Files\microsoft shared\IKEanui.int Win32/Corkow.A trojan cleaned by deleting - quarantined

C:\Program Files\Common Files\microsoft shared\imgarrs.dx3 Win32/Corkow.A trojan cleaned by deleting - quarantined

C:\Program Files\Common Files\microsoft shared\kbdet40.ilu Win32/Corkow.A trojan cleaned by deleting - quarantined

C:\Program Files\Common Files\microsoft shared\MCE10lev.rin Win32/Corkow.A trojan cleaned by deleting - quarantined

C:\Program Files\Common Files\microsoft shared\MPSmon.srv Win32/Corkow.A trojan cleaned by deleting - quarantined

C:\Program Files\Common Files\microsoft shared\MSV6gt.rsl Win32/Corkow.A trojan cleaned by deleting - quarantined

C:\Program Files\Common Files\microsoft shared\prid3x40.ipr Win32/Corkow.A trojan cleaned by deleting - quarantined

C:\Program Files\Common Files\microsoft shared\pwrery.api Win32/Corkow.A trojan cleaned by deleting - quarantined

C:\Program Files\Common Files\microsoft shared\rpct.ceq Win32/Corkow.A trojan cleaned by deleting - quarantined

C:\Program Files\Common Files\microsoft shared\samrm.pci Win32/Corkow.A trojan cleaned by deleting - quarantined

C:\Program Files\Common Files\microsoft shared\senaseln.npr Win32/Corkow.A trojan cleaned by deleting - quarantined

C:\Program Files\Common Files\microsoft shared\shleng.nap Win32/Corkow.A trojan cleaned by deleting - quarantined

C:\Program Files\Common Files\microsoft shared\shlLV.3dl Win32/Corkow.A trojan cleaned by deleting - quarantined

C:\Program Files\Common Files\microsoft shared\tasgest.uto Win32/Corkow.A trojan cleaned by deleting - quarantined

C:\Program Files\Common Files\microsoft shared\WIFsp.pt3 Win32/Corkow.A trojan cleaned by deleting - quarantined

C:\Program Files\Common Files\microsoft shared\Wsmshext.red Win32/Corkow.A trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Users\gage\AppData\Roaming\Mozilla\Firefox\Profiles\ygexxtpd.default\extensions\{3c785fed-6fdb-4f10-ad3a-d1d0435ff95f}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Users\gage\AppData\Roaming\Mozilla\Firefox\Profiles\ygexxtpd.default\extensions\{3c785fed-6fdb-4f10-ad3a-d1d0435ff95f}\chrome\xulcache.jar.vir JS/Agent.NDO trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Users\gage\AppData\Roaming\Mozilla\Firefox\Profiles\ygexxtpd.default\extensions\{43790598-f2ea-41e9-8249-ec3cc5865f4a}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Users\gage\AppData\Roaming\Mozilla\Firefox\Profiles\ygexxtpd.default\extensions\{43790598-f2ea-41e9-8249-ec3cc5865f4a}\chrome\xulcache.jar.vir JS/Agent.NDO trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Users\gage\AppData\Roaming\Mozilla\Firefox\Profiles\ygexxtpd.default\extensions\{53c6971e-e449-4314-a0a2-a9fcbb8dad37}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Users\gage\AppData\Roaming\Mozilla\Firefox\Profiles\ygexxtpd.default\extensions\{53c6971e-e449-4314-a0a2-a9fcbb8dad37}\chrome\xulcache.jar.vir JS/Agent.NDO trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Users\gage\AppData\Roaming\Mozilla\Firefox\Profiles\ygexxtpd.default\extensions\{a0954b7a-d952-46f2-8d42-4780b961c246}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Users\gage\AppData\Roaming\Mozilla\Firefox\Profiles\ygexxtpd.default\extensions\{a0954b7a-d952-46f2-8d42-4780b961c246}\chrome\xulcache.jar.vir JS/Agent.NDO trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Users\gage\AppData\Roaming\Mozilla\Firefox\Profiles\ygexxtpd.default\extensions\{bcb51568-1060-4801-9c85-b5d41b33160b}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Users\gage\AppData\Roaming\Mozilla\Firefox\Profiles\ygexxtpd.default\extensions\{bcb51568-1060-4801-9c85-b5d41b33160b}\chrome\xulcache.jar.vir JS/Agent.NDO trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Users\gage\AppData\Roaming\Mozilla\Firefox\Profiles\ygexxtpd.default\extensions\{ffdf6c89-8ed7-48c8-8d39-c0f87ef72bd3}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Users\gage\AppData\Roaming\Mozilla\Firefox\Profiles\ygexxtpd.default\extensions\{ffdf6c89-8ed7-48c8-8d39-c0f87ef72bd3}\chrome\xulcache.jar.vir JS/Agent.NDO trojan cleaned by deleting - quarantined

C:\Users\gage\Desktop\Gage's Documents\pokemon stuff\shoddy battle\pokesav_en.zip probably a variant of Win32/Agent.GNNMRUP trojan deleted - quarantined

C:\Users\gage\Desktop\Gage's Documents\pokemon stuff\shoddy battle\pokesav_en\Pokesav D&P - ENG - Proper Lists.exe probably a variant of Win32/Agent.GNNMRUP trojan cleaned by deleting - quarantined

C:\Windows\System32\snmpapi6.dll Win32/Adware.Virtumonde.NHD application cleaned by deleting (after the next restart) - quarantined

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JN577CNA\all[1].htm HTML/Iframe.B.Gen virus deleted - quarantined

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\32b664-1bb85a44 a variant of Java/Agent.DW trojan deleted - quarantined

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\36c847e7-6ef3b3d8 a variant of Java/Agent.DW trojan deleted - quarantined

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\2e62d66b-35713739 multiple threats deleted - quarantined

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\4f835c6d-76716dd6 a variant of Java/Agent.DW trojan deleted - quarantined

*************************************************************

Security Check output

*************************************************************

Results of screen317's Security Check version 0.99.26

Windows 7 Service Pack 1 x86 (UAC is enabled)

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

McAfee Security Scan Plus

Microsoft Security Essentials

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

CCleaner

Java 6 Update 29

Java 6 Update 5

Out of date Java installed!

Adobe Flash Player 11.0.1.152

Adobe Reader X (10.1.1)

Mozilla Firefox (7.0.1) Firefox Out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Spybot Teatimer.exe is disabled!

Microsoft Security Essentials msseces.exe

``````````End of Log````````````

Link to post
Share on other sites

  • Staff

Hi,

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad - don't use any other text editor than notepad or the script will fail.

Copy/paste the text in the box below into Notepad:

Driver::
JLDVLIXQN
HSFDKMVIRSUCQZ
HKOJLGLAVH
VGPU
ClearJavaCache::
DirLook::
C:\Program Files\Common Files\microsoft shared
Folder::
c:\users\gage\AppData\Local\Temp
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache
KILLALL::

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.

-screen317

Link to post
Share on other sites

I ran ComboFix as directed (log attached - it was too long to fit in this post inline). ComboFix ran, rebooted, and then produced its log.

But ... I wasn't able to successfully run DDS.scr. However, I get a different symptom now than I did before. Now it launches, but gets stuck in (apparently) an endless loop in which a command window pops up, then quickly closes, then an identical-looking window pops up, ad infinitum. The window title bar reads: < C:\Windows\System32\WindowPowerShell\v1.0\powershell.exe. >

Thanks very much for all the attention. At this point I don't know if I have a problem, or if I'm just somehow running DDS.scr incorrectly. The original browser redirect symptom seems to be gone.

combofix log.txt

Link to post
Share on other sites

  • Staff

Hi,

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad - don't use any other text editor than notepad or the script will fail.

Copy/paste the text in the box below into Notepad:

Dirlook::
c:\users\gage\AppData\Roaming\Iwoqgo
c:\users\gage\AppData\Roaming\Ykir
KILLALL::
Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
Driver::
MEMSWEEP2
File::
c:\windows\system32\CECC.tmp
c:\users\gage\AppData\Local\Rlaqovabupice.bin

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.

-screen317

Link to post
Share on other sites

I ran a fresh version of ComboFix (log below). I still have the same symptom (refer to prior posting) attempting to run DDS.scr. I had gone to http://download.bleepingcomputer.com/sUBs/dds.scr to confirm that I had an accurate, up-to-date version.

Thank you.

**********************************************

ComboFix log

**********************************************

ComboFix 11-11-22.03 - gage 11/22/2011 21:27:55.4.1 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2047.1373 [GMT -5:00]

Running from: c:\users\gage\Desktop\Anti-Malware\ComboFix.exe

Command switches used :: c:\users\gage\Desktop\Anti-Malware\CFScript.txt

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

FILE ::

"c:\users\gage\AppData\Local\Rlaqovabupice.bin"

"c:\windows\system32\CECC.tmp"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\gage\AppData\Local\Rlaqovabupice.bin

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_MEMSWEEP2

-------\Service_MEMSWEEP2

.

.

((((((((((((((((((((((((( Files Created from 2011-10-23 to 2011-11-23 )))))))))))))))))))))))))))))))

.

.

2011-11-23 02:41 . 2011-11-23 02:51 -------- d-----w- c:\users\gage\AppData\Local\temp

2011-11-23 02:41 . 2011-11-23 02:41 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-11-18 15:38 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll

2011-11-18 15:38 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-11-18 15:38 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys

2011-11-17 23:35 . 2011-11-17 23:36 -------- d-----w- c:\users\MyAdmin

2011-11-12 04:57 . 2011-11-12 04:57 -------- d-----w- c:\program files\ESET

2011-11-12 03:26 . 2011-11-12 03:26 -------- d-----w- c:\users\gage\AppData\Local\Apps

2011-11-01 11:08 . 2009-07-13 23:11 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys

2011-10-27 03:34 . 2011-10-27 03:34 -------- d-----w- c:\program files\Sophos

2011-10-25 02:37 . 2011-11-23 02:04 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll

2011-10-25 02:37 . 2011-11-23 02:04 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll

2011-10-25 02:37 . 2011-11-23 02:04 801752 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll

2011-10-25 02:37 . 2011-11-23 02:04 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll

2011-10-25 02:37 . 2011-11-23 02:04 1989592 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll

2011-10-25 02:37 . 2011-11-23 02:04 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll

2011-10-25 02:37 . 2011-09-29 00:26 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll

2011-10-25 02:37 . 2011-09-29 00:26 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-25 01:26 . 2011-10-23 02:28 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-10-23 00:35 . 2011-10-23 00:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-19 02:31 . 2011-10-19 02:31 69120 --sha-r- c:\windows\system32\snmpapi6.dll

2011-10-11 16:29 . 2011-10-11 16:30 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FEC263C8-6369-4DC5-8FAC-9637B993729A}\gapaengine.dll

2011-10-07 03:48 . 2011-10-18 17:34 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ED7A00D2-735D-4743-B650-FB8AC5B32EE1}\mpengine.dll

2011-10-03 09:06 . 2010-04-29 17:34 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-09-12 23:14 . 2011-05-23 16:46 7269712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-09-01 02:35 . 2011-10-14 15:11 1798144 ----a-w- c:\windows\system32\jscript9.dll

2011-09-01 02:28 . 2011-10-14 15:11 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-09-01 02:22 . 2011-10-14 15:11 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-08-31 21:00 . 2011-06-28 21:40 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-27 04:26 . 2011-10-13 21:38 233472 ----a-w- c:\windows\system32\oleacc.dll

2011-08-27 04:26 . 2011-10-13 21:38 571904 ----a-w- c:\windows\system32\oleaut32.dll

2011-11-23 02:04 . 2011-10-25 02:37 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Directory of c:\users\gage\AppData\Roaming\Iwoqgo ----

.

.

---- Directory of c:\users\gage\AppData\Roaming\Ykir ----

.

.

.

((((((((((((((((((((((((((((( SnapShot@2011-11-01_11.58.21 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-13 23:42 . 2009-07-14 01:16 41984 c:\windows\winsxs\x86_microsoft-windows-wab-core_31bf3856ad364e35_6.1.7601.21830_none_579ad6f7c13ca999\wabimp.dll

+ 2009-07-13 23:42 . 2009-07-14 01:16 41984 c:\windows\winsxs\x86_microsoft-windows-wab-core_31bf3856ad364e35_6.1.7601.17699_none_56d95b58a847985d\wabimp.dll

+ 2009-07-13 23:42 . 2009-07-14 01:16 41984 c:\windows\winsxs\x86_microsoft-windows-wab-core_31bf3856ad364e35_6.1.7600.21062_none_5595e0fdc42cfa49\wabimp.dll

+ 2009-07-13 23:42 . 2009-07-14 01:16 41984 c:\windows\winsxs\x86_microsoft-windows-wab-core_31bf3856ad364e35_6.1.7600.16891_none_54eafc02ab2861b9\wabimp.dll

+ 2009-08-11 00:34 . 2011-11-12 03:16 31396 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 04:55 . 2011-11-23 02:46 37514 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2009-08-11 00:23 . 2011-11-20 20:12 10876 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3515355301-299534459-1887375660-1001_UserData.bin

+ 2010-06-19 20:56 . 2011-11-23 02:53 80118 c:\windows\System32\perfc001.dat

- 2010-06-19 20:56 . 2011-11-01 12:00 80118 c:\windows\System32\perfc001.dat

+ 2011-11-18 02:17 . 2011-11-20 20:16 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:34 . 2011-11-23 02:54 87408 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2011-11-12 06:14 . 2011-11-12 06:14 65536 c:\windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe

+ 2011-11-12 06:14 . 2011-11-12 06:14 65536 c:\windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe

+ 2011-11-12 06:14 . 2011-11-12 06:14 65536 c:\windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe

+ 2011-11-12 06:14 . 2011-11-12 06:14 65536 c:\windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe

+ 2011-11-12 06:14 . 2011-11-12 06:14 65536 c:\windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe

+ 2011-11-12 06:14 . 2011-11-12 06:14 65536 c:\windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe

+ 2011-11-12 06:14 . 2011-11-12 06:14 65536 c:\windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}\ARPPRODUCTICON.exe

+ 2010-04-02 19:35 . 2011-11-23 02:42 2752 c:\windows\System32\wdi\ERCQueuedResolutions.dat

+ 2011-11-15 22:59 . 2011-11-15 22:59 8192 c:\windows\System32\Microsoft\Protect\Recovery\Recovery.dat

+ 2011-11-20 20:08 . 2011-11-23 02:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-11-01 11:14 . 2011-11-01 11:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-11-01 11:14 . 2011-11-01 11:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-11-20 20:08 . 2011-11-23 02:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-11-18 15:38 . 2011-10-01 06:09 708608 c:\windows\winsxs\x86_microsoft-windows-wab-core_31bf3856ad364e35_6.1.7601.21830_none_579ad6f7c13ca999\wab32.dll

+ 2011-11-18 15:38 . 2011-10-01 04:37 708608 c:\windows\winsxs\x86_microsoft-windows-wab-core_31bf3856ad364e35_6.1.7601.17699_none_56d95b58a847985d\wab32.dll

+ 2011-11-18 15:38 . 2011-10-01 04:39 708608 c:\windows\winsxs\x86_microsoft-windows-wab-core_31bf3856ad364e35_6.1.7600.21062_none_5595e0fdc42cfa49\wab32.dll

+ 2011-11-18 15:38 . 2011-10-01 04:43 708608 c:\windows\winsxs\x86_microsoft-windows-wab-core_31bf3856ad364e35_6.1.7600.16891_none_54eafc02ab2861b9\wab32.dll

+ 2011-11-18 15:38 . 2011-09-29 16:17 187760 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_b5a84e10ddca7566\FWPKCLNT.SYS

+ 2011-05-08 02:06 . 2010-11-20 12:29 187776 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_b4d1ffa1c4e682b5\FWPKCLNT.SYS

+ 2011-11-18 15:38 . 2011-09-29 16:02 187248 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_b38e8546e0cbe4a1\FWPKCLNT.SYS

+ 2009-07-13 23:12 . 2009-07-14 01:20 187472 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_b2f8731bc7b62d86\FWPKCLNT.SYS

+ 2009-08-11 16:27 . 2011-11-23 01:23 254046 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2010-06-19 20:56 . 2011-11-23 02:53 649608 c:\windows\System32\perfh00C.dat

- 2010-06-19 20:56 . 2011-11-01 12:00 649608 c:\windows\System32\perfh00C.dat

+ 2009-07-14 02:05 . 2011-11-23 02:53 626278 c:\windows\System32\perfh009.dat

- 2009-07-14 02:05 . 2011-11-01 12:00 626278 c:\windows\System32\perfh009.dat

- 2010-06-19 20:56 . 2011-11-01 12:00 444756 c:\windows\System32\perfh001.dat

+ 2010-06-19 20:56 . 2011-11-23 02:53 444756 c:\windows\System32\perfh001.dat

- 2010-06-19 20:56 . 2011-11-01 12:00 111926 c:\windows\System32\perfc00C.dat

+ 2010-06-19 20:56 . 2011-11-23 02:53 111926 c:\windows\System32\perfc00C.dat

- 2009-07-14 02:05 . 2011-11-01 12:00 107522 c:\windows\System32\perfc009.dat

+ 2009-07-14 02:05 . 2011-11-23 02:53 107522 c:\windows\System32\perfc009.dat

- 2011-10-25 01:49 . 2011-10-25 01:50 409752 c:\windows\System32\FNTCACHE.DAT

+ 2011-10-25 01:49 . 2011-11-20 20:08 409752 c:\windows\System32\FNTCACHE.DAT

+ 2009-08-11 00:02 . 2011-11-12 06:12 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2009-08-11 00:02 . 2011-10-21 14:51 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2009-08-11 02:53 . 2011-11-01 10:17 278528 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-08-11 02:53 . 2011-11-20 20:16 278528 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:47 . 2011-10-19 22:41 389820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 04:47 . 2011-11-20 20:06 389820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-11-18 15:38 . 2011-09-29 04:49 2349568 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21828_none_bb7db57911eafe30\win32k.sys

+ 2011-11-18 15:38 . 2011-09-29 03:37 2341888 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17697_none_baa76709f9070b7f\win32k.sys

+ 2011-11-18 15:38 . 2011-09-29 03:35 2349056 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.21060_none_b963ecaf14ec6d6b\win32k.sys

+ 2011-11-18 15:38 . 2011-09-29 04:20 2339840 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16889_none_b8cdda83fbd6b650\win32k.sys

+ 2009-07-13 23:42 . 2009-07-14 01:11 1098752 c:\windows\winsxs\x86_microsoft-windows-wab-core_31bf3856ad364e35_6.1.7601.21830_none_579ad6f7c13ca999\wab32res.dll

+ 2009-07-13 23:42 . 2009-07-14 01:11 1098752 c:\windows\winsxs\x86_microsoft-windows-wab-core_31bf3856ad364e35_6.1.7601.17699_none_56d95b58a847985d\wab32res.dll

+ 2009-07-13 23:42 . 2009-07-14 01:11 1098752 c:\windows\winsxs\x86_microsoft-windows-wab-core_31bf3856ad364e35_6.1.7600.21062_none_5595e0fdc42cfa49\wab32res.dll

+ 2009-07-13 23:42 . 2009-07-14 01:11 1098752 c:\windows\winsxs\x86_microsoft-windows-wab-core_31bf3856ad364e35_6.1.7600.16891_none_54eafc02ab2861b9\wab32res.dll

+ 2011-11-18 15:38 . 2011-09-29 16:17 1303920 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_b5a84e10ddca7566\tcpip.sys

+ 2011-11-18 15:38 . 2011-09-29 16:03 1290608 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_b4d1ffa1c4e682b5\tcpip.sys

+ 2011-11-18 15:38 . 2011-09-29 16:02 1301872 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_b38e8546e0cbe4a1\tcpip.sys

+ 2011-11-18 15:38 . 2011-09-29 15:43 1285488 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_b2f8731bc7b62d86\tcpip.sys

+ 2009-07-14 02:03 . 2011-11-20 20:06 7340032 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT

- 2009-07-14 02:03 . 2011-10-14 15:28 7340032 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT

+ 2009-07-14 04:41 . 2011-11-20 20:16 5259264 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:41 . 2011-11-01 10:17 5259264 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:34 . 2011-10-14 15:34 6020143 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

+ 2009-07-14 04:34 . 2011-11-20 20:14 6020143 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

- 2010-06-06 23:56 . 2011-10-19 22:42 2886860 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3515355301-299534459-1887375660-1001-8192.dat

+ 2010-06-06 23:56 . 2011-11-20 20:06 2886860 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3515355301-299534459-1887375660-1001-8192.dat

+ 2011-10-17 18:26 . 2011-10-17 18:26 1437184 c:\windows\Installer\a443b0.msi

+ 2011-05-24 02:22 . 2011-11-19 17:42 38198673 c:\windows\winsxs\ManifestCache\a786a517e28d5687_blobs.bin

+ 2010-06-19 20:33 . 2011-11-19 17:43 50295240 c:\windows\System32\MRT.exe

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\gage\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\gage\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\gage\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2011-10-05 3578272]

"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2011-10-05 3025304]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2009-07-14 8704]

.

c:\users\gage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\gage\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-06-06 16:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-09-05 17:04 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2011-08-29 20:23 136176 ----atw- c:\users\gage\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-11-12 21:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]

2011-08-31 21:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MusicManager]

2011-11-12 00:54 13222400 ----a-w- c:\users\gage\AppData\Local\Programs\Google\MusicManager\MusicManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2009-03-06 15:52 13605408 ----a-w- c:\windows\System32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]

2009-03-06 15:52 96800 ----a-w- c:\windows\System32\nvhotkey.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2009-03-06 15:52 92704 ----a-w- c:\windows\System32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2009-03-05 02:11 1657376 ----a-w- c:\windows\System32\nwiz.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]

2009-11-13 21:59 2923192 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

2010-11-20 12:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-03-05 21:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2011-08-04 16:00 1242448 ----a-w- c:\program files\Steam\Steam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-06-09 17:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

R1 MpKsl52420518;MpKsl52420518;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CEE8B91E-E537-467A-8E61-EE297FE61467}\MpKsl52420518.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-29 136176]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-29 136176]

R3 Kinetic Books License Service;Kinetic Books License Service;c:\program files\Common Files\Kinetic Books Shared\Service\KineticBooksLicenseService.exe [2010-09-08 79360]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]

R3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys [2009-08-11 9040]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-02 1343400]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files\Spybot - Search & Destroy 2\SDHookDrv32.sys [2011-10-05 38504]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 esClient;Windows Media Center Client Service;c:\program files\Windows Home Server\esClient.exe [2009-04-21 94064]

S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2008-12-11 3575808]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 SDHookService;Spybot S&D 2 Live Protection Service;c:\program files\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-10-05 130976]

S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-10-05 892336]

S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-10-05 955816]

S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-10-05 169624]

S2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [2009-04-21 335728]

S3 GTIPCI21;GTIPCI21;c:\windows\system32\DRIVERS\gtipci21.sys [2006-09-14 88192]

S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

S3 VSTHWICH;VSTHWICH;c:\windows\system32\DRIVERS\VSTICH3.SYS [2009-07-13 242176]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-23 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job

- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2011-10-22 19:46]

.

2011-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc8f4a7ca79da1.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-29 03:25]

.

2011-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cc8f4a81927741.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-29 03:25]

.

2011-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3515355301-299534459-1887375660-1001Core.job

- c:\users\gage\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-29 20:23]

.

2011-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3515355301-299534459-1887375660-1001UA.job

- c:\users\gage\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-29 20:23]

.

2011-11-17 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job

- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2011-10-22 19:46]

.

2011-10-22 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job

- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2011-10-22 19:46]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 74.40.74.40 74.40.74.41

FF - ProfilePath - c:\users\gage\AppData\Roaming\Mozilla\Firefox\Profiles\ygexxtpd.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.dfsc]

"ImagePath"="\*"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(3644)

c:\users\gage\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\windows\system32\rundll32.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\conhost.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Completion time: 2011-11-22 22:05:17 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-23 03:05

ComboFix2.txt 2011-11-18 02:17

ComboFix3.txt 2011-11-01 12:08

.

Pre-Run: 1,062,576,128 bytes free

Post-Run: 538,308,608 bytes free

.

- - End Of File - - 12E055C9A432314985F0642E50A2EE00

Link to post
Share on other sites

  • Staff

Hi,

Delete these two folders:

c:\users\gage\AppData\Roaming\Iwoqgo

Directory of c:\users\gage\AppData\Roaming\Ykir

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Link to post
Share on other sites

I ran the two programs as instructed.

ESET log.txt and Security Check checkup.txt below.

ESET caught one item - an adware. That isn't in the log.txt; I don't know if it's supposed to be or not.

At this point, I'm not having any symptoms. Please tell me if these logs suggest whether or not any further work is indicated.

Thanks very much,

DB

*******************************

ESET log.txt

*******************************

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

*******************************

Security Check checkup.txt

*******************************

Results of screen317's Security Check version 0.99.28

Windows 7 Service Pack 1 x86 (UAC is enabled)

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

McAfee Security Scan Plus

Microsoft Security Essentials

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

CCleaner

Java 6 Update 29

Java 6 Update 5

Java version out of date!

Adobe Flash Player 11.0.1.152

Adobe Reader X (10.1.1)

Mozilla Firefox (8.0.)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Spybot Teatimer.exe is disabled!

Microsoft Security Essentials msseces.exe

``````````End of Log````````````

Link to post
Share on other sites

  • Staff

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

Reboot.

Run TFC by OldTimer to clear temporary files:

  • Please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

Run TFC by OldTimer to clear temporary files:

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program(s) (if present):

ESET Online Scanner v3

Java™ 6 Update 5

Restart your computer.

Let me know what issues remain.`

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Great news!

I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

  • 1 month later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.