Jump to content

Infected


johnnyvan
 Share

Recommended Posts

Hello,

I thought I was rid of a bug that hid my programs and redirected searches. But Now I'm getting redirects again and an unknown internet radio source. Attached are the requested DDS logs.

thanks,

John

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22

Run by John at 5:31:58 on 2011-11-10

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3765.1317 [GMT -8:00]

.

AV: Sunbelt VIPRE *Enabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Sunbelt VIPRE *Enabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe

C:\Windows\system32\spool\DRIVERS\x64\3\lxebserv.exe

C:\Windows\system32\lxebcoms.exe

C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe

c:\Program Files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\sqlservr.exe

C:\Windows\system32\DRIVERS\o2flash.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe

C:\Program Files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe

C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe

C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Invention Pilot\Speed Typing\STyping.exe

C:\Program Files (x86)\TechSmith\Jing\Jing.exe

C:\Program Files (x86)\TimeLeft3\TimeLeft.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe

C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe

C:\Program Files (x86)\Memeo\Memeo Send\MemeoSend.exe

C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe

C:\Program Files (x86)\Memeo\AutoBackup\MemeoUpdater.exe

C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe

C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Windows\system32\taskhost.exe

C:\Users\John\Desktop\Legal\AutoWebLaw\awlSP4.exe

C:\Program Files (x86)\Stephen Hawkins\SEOLinkRobotPro\fastindexer.exe

C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\firefox.exe

C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugin-container.exe

C:\Windows\system32\REGSVR32.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://google.com/

uInternet Settings,ProxyServer = 171.66.3.181:3128

uInternet Settings,ProxyOverride = <local>;*.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [speed Typing] "C:\Program Files (x86)\Invention Pilot\Speed Typing\STyping.exe"

uRun: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe

mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe

mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui

mRun: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent

mRun: [Memeo Send] C:\Program Files (x86)\Memeo\Memeo Send\MemeoLauncher.exe --silent

mRun: [seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui

mRun: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sBAMTray] "C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe"

mRun: [FAStartup]

mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

StartupFolder: C:\Users\John\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

StartupFolder: C:\Users\John\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TimeLeft.lnk - C:\Program Files (x86)\TimeLeft3\TimeLeft.exe

StartupFolder: C:\Users\John\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\_uninst_.lnk - C:\Users\John\AppData\Local\Temp\_uninst_.bat

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{825E93D2-38BE-4C33-BDC1-753D8A9F7F60} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{825E93D2-38BE-4C33-BDC1-753D8A9F7F60}\5534448435D27455543545 : DhcpNameServer = 68.87.76.182 68.87.78.134 8.8.8.8

TCP: Interfaces\{825E93D2-38BE-4C33-BDC1-753D8A9F7F60}\564646F6E6E616 : DhcpNameServer = 192.168.1.2 68.94.156.1 68.94.157.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Notify: FastAccess - c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: FAIESSOHelper Class: {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll

BHO-X64: FAIESSO Helper Object - No File

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun-x64: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe

mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun-x64: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui

mRun-x64: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent

mRun-x64: [Memeo Send] C:\Program Files (x86)\Memeo\Memeo Send\MemeoLauncher.exe --silent

mRun-x64: [seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui

mRun-x64: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [sBAMTray] "C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe"

mRun-x64: [FAStartup]

mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\1lze15yw.default\

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=

FF - prefs.js: network.proxy.http - 211.222.202.109

FF - prefs.js: network.proxy.http_port - 80

FF - prefs.js: network.proxy.ssl - 72.44.82.146

FF - prefs.js: network.proxy.ssl_port - 3128

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\John\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 ElRawDisk;ElRawDisk;\??\C:\Windows\system32\drivers\ElRawDsk.sys --> C:\Windows\system32\drivers\ElRawDsk.sys [?]

R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2011-8-29 101720]

R1 SbTis;SbTis;C:\Windows\system32\drivers\sbtis.sys --> C:\Windows\system32\drivers\sbtis.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2010-4-30 89600]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

R2 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-2-22 2409800]

R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-8-25 722616]

R2 lxeb_device;lxeb_device;C:\Windows\system32\lxebcoms.exe -service --> C:\Windows\system32\lxebcoms.exe -service [?]

R2 lxebCATSCustConnectService;lxebCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\lxebserv.exe [2011-5-9 45736]

R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-1-24 25824]

R2 MSSQL$ADCENTERDESKTOP;SQL Server (ADCENTERDESKTOP);C:\Program Files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\sqlservr.exe [2009-3-30 57617752]

R2 SBAMSvc;VIPRE Antivirus;C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe [2011-9-6 2804280]

R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?]

R2 SBPIMSvc;SB Recovery Service;C:\Program Files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe [2011-9-6 181584]

R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-6-20 1692480]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]

R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?]

R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]

R3 O2MDGRDR;O2MDGRDR;C:\Windows\system32\DRIVERS\o2mdgx64.sys --> C:\Windows\system32\DRIVERS\o2mdgx64.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-15 183560]

S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2009-9-21 315664]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-30 61976]

S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]

S4 SQLAgent$ADCENTERDESKTOP;SQL Server Agent (ADCENTERDESKTOP);C:\Program Files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]

.

=============== File Associations ===============

.

JSEFile=NOTEPAD.EXE %1

.

=============== Created Last 30 ================

.

2011-11-10 13:10:32 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-11-10 01:29:35 -------- d-----w- C:\Users\John\AppData\Roaming\YourLocalShorcut

2011-11-10 01:29:30 -------- d-----w- C:\Program Files (x86)\ Your Local Shortcut

2011-11-09 17:51:58 -------- d-sh--w- C:\$RECYCLE.BIN

2011-11-09 15:38:13 98816 ----a-w- C:\Windows\sed.exe

2011-11-09 15:38:13 518144 ----a-w- C:\Windows\SWREG.exe

2011-11-09 15:38:13 256000 ----a-w- C:\Windows\PEV.exe

2011-11-09 15:38:13 208896 ----a-w- C:\Windows\MBR.exe

2011-11-09 15:37:03 -------- d-----w- C:\ComboFix

2011-11-09 04:23:51 -------- d-----w- C:\ProgramData\Kaspersky Lab

2011-11-04 20:46:04 -------- d-----w- C:\Program Files (x86)\Market Samurai

2011-10-28 04:38:08 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2011-10-28 04:38:08 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2011-10-28 04:38:08 144384 ----a-w- C:\Windows\System32\cdd.dll

2011-10-25 18:38:07 -------- d-----w- C:\Program Files (x86)\KeywordBlueprint2

2011-10-24 02:23:53 -------- d-----w- C:\Program Files (x86)\Aruhat Technologies Pvt. Ltd

2011-10-22 01:05:11 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll

2011-10-22 01:04:48 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2011-10-22 01:04:19 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2011-10-21 19:34:27 -------- d-----w- C:\Users\John\AppData\Local\{2865715D-57F6-4183-B334-D5D5F0DCC203}

2011-10-21 19:34:15 -------- d-----w- C:\Users\John\AppData\Local\{B9AAC002-5CE9-4226-81BA-E62FCBA3D5E3}

2011-10-19 16:50:17 -------- d-----w- C:\Users\John\AppData\Roaming\CommissionBlueprint.KeywordBlueprint2.E611A7DFA7A14643DD636F3114ECD771F85A61E0.1

2011-10-14 14:40:33 -------- d-----w- C:\Users\John\AppData\Local\{62C2AE11-9588-4AB3-9A6F-FE6F66095388}

2011-10-14 13:23:24 -------- d-----w- C:\Users\John\AppData\Local\{2D588960-01EB-4D40-8DA7-035C971A51E6}

2011-10-14 13:22:08 -------- d-----w- C:\Users\John\AppData\Local\{B53D1843-D3DF-45B0-852A-EDC4214FF009}

2011-10-14 13:21:56 -------- d-----w- C:\Users\John\AppData\Local\{4C6DD6EB-B4AB-4F69-902F-F716F600B91B}

2011-10-14 07:09:56 -------- d-----w- C:\Users\John\AppData\Local\{4DB9D253-8ED7-4FE4-A69B-7DC00E3B8DAE}

2011-10-12 05:57:20 3134976 ----a-w- C:\Windows\System32\win32k.sys

2011-10-12 00:38:33 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2011-10-12 00:38:18 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2011-10-12 00:37:53 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2011-10-12 00:37:50 539968 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-10-12 00:37:12 -------- d-----w- C:\Users\John\AppData\Local\PowerDVD DX

.

==================== Find3M ====================

.

2011-10-28 04:18:49 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-09-06 19:30:48 45904 ----a-w- C:\Windows\SysWow64\sbbd.exe

2011-09-06 19:30:48 45904 ----a-w- C:\Windows\System32\sbbd.exe

2011-08-30 00:36:34 71256 ----a-w- C:\Windows\System32\drivers\sbapifs.sys

2011-08-30 00:36:34 55384 ----a-w- C:\Windows\System32\drivers\sbredrv.sys

2011-08-30 00:36:34 101720 ----a-w- C:\Windows\SysWow64\drivers\SBREDrv.sys

2011-08-27 05:40:28 861184 ----a-w- C:\Windows\System32\oleaut32.dll

2011-08-27 05:40:28 331776 ----a-w- C:\Windows\System32\oleacc.dll

2011-08-27 04:43:07 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2011-08-27 04:43:06 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll

2011-08-17 05:32:24 613888 ----a-w- C:\Windows\System32\psisdecd.dll

2011-08-17 05:27:46 75776 ----a-w- C:\Windows\System32\MSDvbNP.ax

2011-08-17 05:27:46 288256 ----a-w- C:\Windows\System32\MSNP.ax

2011-08-17 05:27:46 108032 ----a-w- C:\Windows\System32\psisrndr.ax

2011-08-17 05:27:46 104960 ----a-w- C:\Windows\System32\Mpeg2Data.ax

2011-08-17 04:26:02 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll

2011-08-17 04:22:23 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax

2011-08-17 04:22:23 72704 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax

2011-08-17 04:22:23 59904 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax

2011-08-17 04:22:23 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax

.

============= FINISH: 5:40:24.28 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 6/30/2010 10:10:58 AM

System Uptime: 11/9/2011 4:31:55 PM (13 hours ago)

.

Motherboard: Dell Inc. | | 029DYC

Processor: Intel® Core i3 CPU M 350 @ 2.27GHz | U2E1 | 929/1333mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 283 GiB total, 219.745 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Description: facap, FastAccess Video Capture

Device ID: ROOT\IMAGE\0000

Manufacturer: Sensible Vision

Name: facap, FastAccess Video Capture

PNP Device ID: ROOT\IMAGE\0000

Service: FACAP

.

==== System Restore Points ===================

.

RP132: 11/7/2011 3:54:38 PM - Scheduled Checkpoint

RP133: 11/9/2011 7:38:50 AM - ComboFix created restore point

.

==== Installed Programs ======================

.

7-Zip 4.65

aaa

ABBYY FineReader 6.0 Sprint

Adobe AIR

Adobe Reader 9.2

Adobe Shockwave Player 11.5

Advanced Audio FX Engine

Apple Application Support

Apple Software Update

Auto Traffic Xploit Keyword Tool

Automotix (remove only)

Bing Bar

CherryPicker

CoffeeCup Free HTML Editor

Compatibility Pack for the 2007 Office system

Content Notifier

Core FTP LE

D3DX10

Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell DataSafe Online

Dell Dock

Dell Getting Started Guide

Dell Support Center (Support Software)

Dell Webcam Central

DHTML Editing Component

Directory Submitter 1.0.29

Domain Name Dominator

Domain Samurai

Elite Proxy Switcher 1.10

Facebook iframe Made EZ

Fast Content Producer

Fences

FileZilla Client 3.5.2

Google Chrome

Google Instant Scraper version 1.2

Google Maps Scraper - Demo

GoToAssist 8.0.0.514

GoToMeeting 5.0.0.799

Hot Item Finder

HTML Executable

Instant Blog Feeder Demo v2.01

InstantBannerPRO v2.01

Intel® Graphics Media Accelerator Driver

iolo technologies' System Mechanic

Java Auto Updater

Java 6 Update 22

Jing

Junk Mail filter update

Kcast for Windows 7

Keyword Blueprint 2

Keyword Swarm

Live! Cam Avatar Creator

LoJack Factory Installer

Malwarebytes' Anti-Malware version 1.51.2.1300

Market Samurai

MassArticleCreator

MassArticleSubmitter

Memeo AutoSync

Memeo Instant Backup

Memeo Send

Memeo Share

Micro Niche Finder 5.0

Microsoft adCenter Desktop

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2007

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office OneNote MUI (English) 2007

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2007

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing (English) 2010

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2008 Browser

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable - KB2467175

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft Works

Mozilla Firefox 8.0 (x86 en-US)

MPT Domain Tool 1.0

MPT Keyword Tool 1.0

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

OpenOffice.org 3.3

PowerDVD DX

PromoSoft 1.81

Proxy Scraper

QuickTime

Roxio Burn

Seagate Dashboard

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft Excel 2010 (KB2553070)

Security Update for Microsoft Office 2010 (KB2289078)

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2584066)

Security Update for Microsoft PowerPoint 2010 (KB2519975)

Security Update for Microsoft Publisher 2010 (KB2409055)

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Word 2010 (KB2345000)

SEO Link Robot

SEO SpyGlass

SEO TrackBacks Suite

Setup1

Sick Submitter

Skype Click to Call

Skype™ 5.5

SocialBot

Speed Typing

Spelling Dictionaries Support For Adobe Reader 9

Spin Writer Pro version 1.6

Submitter

TextPad 5

TheBestSpinner

TimeLeft

Traffic Equalizer

Ultimate Diamond Backlinks

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2010 (KB2202188)

Update for Microsoft Office 2010 (KB2413186)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2523113)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Microsoft OneNote 2010 (KB2493983)

Update for Microsoft Outlook Social Connector (KB2583935)

VIPRE Antivirus

Viral Article Publisher

Web CEO 8.1

WEB20Bot

Website Indexer

WildTangent Games

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Wondershare PPT2Video Pro 6.1.10

Word Wizard

Xara Xtreme 5

Xara Xtreme Pro 5

XHeader

XMind

Your Local Shortcut

.

==== Event Viewer Messages From Past Week ========

.

11/9/2011 8:25:46 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

11/9/2011 8:20:56 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

11/9/2011 6:12:42 PM, Error: Service Control Manager [7023] - The Background Intelligent Transfer Service service terminated with the following error: Access is denied.

11/8/2011 9:53:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

11/8/2011 9:53:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

11/8/2011 9:53:41 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache ElRawDisk spldr Wanarpv6

11/8/2011 9:53:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

11/8/2011 9:53:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

11/8/2011 9:53:40 PM, Error: Service Control Manager [7022] - The iolo System Service service hung on starting.

11/8/2011 9:52:24 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21

11/8/2011 10:20:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

11/8/2011 10:20:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

11/8/2011 10:04:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

11/6/2011 6:30:46 PM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

11/6/2011 2:20:03 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

11/10/2011 4:54:46 AM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

11/10/2011 4:54:34 AM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the SftService service.

.

==== End Of File ===========================

DDS.txt

Attach.txt

Link to post
Share on other sites

Hello johnnyvan and welcome to Malwarebytes! :welcome:

I sincerely apologize for the delay.

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt
how the PC is running now?
-------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
***IMPORTANT: save ComboFix to your Desktop***
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please go here to see a list of programs that should be disabled.
**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**
Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.
-------------
Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

  • TDSSKiller report
  • C:\ComboFix.txt
  • checkup.txt

How is your computer running now?

Link to post
Share on other sites

Thanks for your help D-FRED-BROWN

ComboFix 11-11-14.03 - John 11/14/2011 19:34:21.4.4 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3765.1681 [GMT -8:00]

Running from: c:\users\John\Desktop\ComboFix.exe

AV: Sunbelt VIPRE *Enabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}

SP: Sunbelt VIPRE *Enabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2011-10-15 to 2011-11-15 )))))))))))))))))))))))))))))))

.

.

2011-11-15 04:06 . 2011-11-15 04:06 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-11-15 01:27 . 2011-11-15 01:27 -------- d-----w- c:\users\John\AppData\Local\Traffic_Mystic_IM_Solutio

2011-11-14 22:18 . 2011-11-14 22:18 -------- d-----w- c:\program files (x86)\Market Samurai

2011-11-14 00:09 . 2011-11-14 00:09 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2011-11-13 05:37 . 2011-11-13 05:37 -------- d-----w- c:\users\John\AppData\Roaming\SUPERAntiSpyware.com

2011-11-13 05:37 . 2011-11-13 05:37 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-11-13 05:37 . 2011-11-13 05:37 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-11-12 19:26 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll

2011-11-12 19:26 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll

2011-11-12 19:26 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-11-12 19:25 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys

2011-11-10 01:29 . 2011-11-10 01:29 -------- d-----w- c:\users\John\AppData\Roaming\YourLocalShorcut

2011-11-10 01:29 . 2011-11-10 01:29 -------- d-----w- c:\program files (x86)\ Your Local Shortcut

2011-11-09 04:23 . 2011-11-12 22:17 -------- d-----w- c:\programdata\Kaspersky Lab

2011-10-28 04:38 . 2011-10-28 04:38 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2011-10-28 04:38 . 2011-10-28 04:38 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2011-10-28 04:38 . 2011-10-28 04:38 144384 ----a-w- c:\windows\system32\cdd.dll

2011-10-25 18:38 . 2011-10-25 18:38 -------- d-----w- c:\program files (x86)\KeywordBlueprint2

2011-10-24 02:23 . 2011-10-24 02:23 -------- d-----w- c:\program files (x86)\Aruhat Technologies Pvt. Ltd

2011-10-22 01:05 . 2011-10-22 01:05 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll

2011-10-22 01:04 . 2011-10-22 01:04 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2011-10-22 01:04 . 2011-10-22 01:04 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2011-10-19 16:50 . 2011-10-19 16:50 -------- d-----w- c:\users\John\AppData\Roaming\CommissionBlueprint.KeywordBlueprint2.E611A7DFA7A14643DD636F3114ECD771F85A61E0.1

2011-10-17 02:55 . 2011-10-17 02:55 18139008 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-14 00:10 . 2011-10-12 00:38 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2011-11-14 00:10 . 2011-10-12 00:38 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2011-11-14 00:09 . 2011-10-12 00:37 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2011-10-28 04:18 . 2011-06-30 00:28 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-12 00:37 . 2011-10-12 00:37 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-09-06 19:30 . 2011-09-06 19:30 45904 ----a-w- c:\windows\SysWow64\sbbd.exe

2011-09-06 19:30 . 2011-05-10 22:27 45904 ----a-w- c:\windows\system32\sbbd.exe

2011-08-30 00:36 . 2011-08-30 00:36 71256 ----a-w- c:\windows\system32\drivers\sbapifs.sys

2011-08-30 00:36 . 2011-08-30 00:36 101720 ----a-w- c:\windows\SysWow64\drivers\SBREDrv.sys

2011-08-30 00:36 . 2011-05-10 22:27 55384 ----a-w- c:\windows\system32\drivers\sbredrv.sys

2011-08-27 05:40 . 2011-10-12 05:51 331776 ----a-w- c:\windows\system32\oleacc.dll

2011-08-27 05:40 . 2011-10-12 05:51 861184 ----a-w- c:\windows\system32\oleaut32.dll

2011-08-27 04:43 . 2011-10-12 05:51 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll

2011-08-27 04:43 . 2011-10-12 05:51 233472 ----a-w- c:\windows\SysWow64\oleacc.dll

2011-08-17 05:32 . 2011-10-12 05:51 613888 ----a-w- c:\windows\system32\psisdecd.dll

2011-08-17 05:27 . 2011-10-12 05:51 108032 ----a-w- c:\windows\system32\psisrndr.ax

2011-08-17 05:27 . 2011-10-12 05:51 75776 ----a-w- c:\windows\system32\MSDvbNP.ax

2011-08-17 05:27 . 2011-10-12 05:51 288256 ----a-w- c:\windows\system32\MSNP.ax

2011-08-17 05:27 . 2011-10-12 05:51 104960 ----a-w- c:\windows\system32\Mpeg2Data.ax

2011-08-17 04:26 . 2011-10-12 05:51 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll

2011-08-17 04:22 . 2011-10-12 05:51 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax

2011-08-17 04:22 . 2011-10-12 05:51 72704 ----a-w- c:\windows\SysWow64\Mpeg2Data.ax

2011-08-17 04:22 . 2011-10-12 05:51 59904 ----a-w- c:\windows\SysWow64\MSDvbNP.ax

2011-08-17 04:22 . 2011-10-12 05:51 204288 ----a-w- c:\windows\SysWow64\MSNP.ax

.

.

((((((((((((((((((((((((((((( SnapShot@2011-11-13_07.15.26 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-14 04:54 . 2011-11-15 01:01 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2011-11-13 06:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2011-11-13 06:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2011-11-15 01:01 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2011-11-13 06:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2011-11-15 01:01 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 05:10 . 2011-11-15 01:01 38372 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 04:46 . 2011-11-14 04:08 80352 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2011-11-14 22:17 . 2011-11-14 22:17 74240 c:\windows\Installer\8956711.msi

+ 2010-08-06 16:50 . 2011-11-15 00:57 3136 c:\windows\system32\wdi\ERCQueuedResolutions.dat

- 2010-08-06 16:50 . 2011-11-09 03:01 3136 c:\windows\system32\wdi\ERCQueuedResolutions.dat

- 2011-11-13 06:17 . 2011-11-13 06:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-11-15 00:59 . 2011-11-15 00:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-11-13 06:17 . 2011-11-13 06:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-11-15 00:59 . 2011-11-15 00:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2010-07-01 05:57 . 2011-11-14 17:33 347196 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

- 2009-07-14 02:36 . 2011-11-12 23:12 727974 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-11-15 01:05 727974 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-11-15 01:05 147114 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2011-11-12 23:12 147114 c:\windows\system32\perfc009.dat

- 2009-07-14 05:01 . 2011-11-13 01:27 438488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2011-11-15 00:57 438488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-05-10 22:49 . 2011-11-15 00:57 3543172 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2888607521-20579777-1717240660-1000-12288.dat

- 2009-07-14 02:34 . 2011-11-13 06:37 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

+ 2009-07-14 02:34 . 2011-11-15 01:29 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Speed Typing"="c:\program files (x86)\Invention Pilot\Speed Typing\STyping.exe" [2002-12-12 101376]

"Jing"="c:\program files (x86)\TechSmith\Jing\Jing.exe" [2010-08-19 3069192]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 5495680]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]

"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2010-02-22 95560]

"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]

"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-01-24 136416]

"Memeo AutoSync"="c:\program files (x86)\Memeo\AutoSync\MemeoLauncher2.exe" [2010-04-16 144608]

"Memeo Send"="c:\program files (x86)\Memeo\Memeo Send\MemeoLauncher.exe" [2010-07-20 236816]

"Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]

"iolo Startup"="c:\program files (x86)\iolo\Common\Lib\ioloLManager.exe" [2011-08-08 606392]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]

"SBAMTray"="c:\program files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe" [2011-09-27 1357136]

"FAStartup"="" [bU]

.

c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

TimeLeft.lnk - c:\program files (x86)\TimeLeft3\TimeLeft.exe [2011-10-5 2051880]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]

2010-02-22 20:24 144712 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-16 183560]

R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [x]

R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-09-21 315664]

R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 61976]

R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]

R4 SQLAgent$ADCENTERDESKTOP;SQL Server Agent (ADCENTERDESKTOP);c:\program files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-08-30 55384]

S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-02 89600]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-02-22 2409800]

S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-08-08 722616]

S2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe [2010-04-14 1052328]

S2 lxebCATSCustConnectService;lxebCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe [2010-04-14 45736]

S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-01-24 25824]

S2 MSSQL$ADCENTERDESKTOP;SQL Server (ADCENTERDESKTOP);c:\program files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\sqlservr.exe [2009-03-30 57617752]

S2 SBAMSvc;VIPRE Antivirus;c:\program files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe [2011-09-06 2804280]

S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]

S2 SBPIMSvc;SB Recovery Service;c:\program files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe [2011-09-06 181584]

S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]

S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]

S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [x]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 97033634

*Deregistered* - 97033634

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2888607521-20579777-1717240660-1000Core.job

- c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-09 06:23]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-20 487424]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-07 166424]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-07 391192]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-07 413720]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-09-21 1926928]

"lxebmon.exe"="c:\program files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe" [2010-05-05 770728]

"EzPrint"="c:\program files (x86)\Lexmark Pro200-S500 Series\ezprint.exe" [2010-05-05 148280]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://google.com/

uInternet Settings,ProxyServer = 171.66.3.181:3128

uInternet Settings,ProxyOverride = <local>;*.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\1lze15yw.default\

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=

FF - prefs.js: network.proxy.http - 211.222.202.109

FF - prefs.js: network.proxy.http_port - 80

FF - prefs.js: network.proxy.ssl - 72.44.82.146

FF - prefs.js: network.proxy.ssl_port - 3128

FF - prefs.js: network.proxy.type - 0

.

.

------- File Associations -------

.

JSEFile=NOTEPAD.EXE %1

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{0FE6B2D5-5183-42C0-B225-FAC1B9955366} - (no file)

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2888607521-20579777-1717240660-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-2888607521-20579777-1717240660-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-11-14 20:26:07

ComboFix-quarantined-files.txt 2011-11-15 04:26

ComboFix2.txt 2011-11-13 07:33

ComboFix3.txt 2011-11-11 21:16

ComboFix4.txt 2011-11-09 17:01

.

Pre-Run: 231,975,989,248 bytes free

Post-Run: 231,599,415,296 bytes free

.

- - End Of File - - FC65B9BF594F05D46C01605CEAA82FD1

Link to post
Share on other sites

19:07:36.0171 7012 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15

19:07:36.0507 7012 ============================================================

19:07:36.0507 7012 Current date / time: 2011/11/14 19:07:36.0507

19:07:36.0507 7012 SystemInfo:

19:07:36.0507 7012

19:07:36.0507 7012 OS Version: 6.1.7600 ServicePack: 0.0

19:07:36.0507 7012 Product type: Workstation

19:07:36.0508 7012 ComputerName: JOHN-PC

19:07:36.0508 7012 UserName: John

19:07:36.0508 7012 Windows directory: C:\Windows

19:07:36.0508 7012 System windows directory: C:\Windows

19:07:36.0508 7012 Running under WOW64

19:07:36.0508 7012 Processor architecture: Intel x64

19:07:36.0508 7012 Number of processors: 4

19:07:36.0508 7012 Page size: 0x1000

19:07:36.0508 7012 Boot type: Normal boot

19:07:36.0508 7012 ============================================================

19:07:37.0926 7012 Initialize success

19:08:03.0827 2708 ============================================================

19:08:03.0827 2708 Scan started

19:08:03.0827 2708 Mode: Manual;

19:08:03.0827 2708 ============================================================

19:08:06.0890 2708 1394ohci (69aa89a20dee08bfa650aab6ce37bd10) C:\Windows\system32\DRIVERS\1394ohci.sys

19:08:06.0899 2708 1394ohci - ok

19:08:06.0936 2708 Acceler (c49c56b35bfc6cda8d1fdcad2885568f) C:\Windows\system32\DRIVERS\Acceler.sys

19:08:06.0948 2708 Acceler - ok

19:08:06.0987 2708 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

19:08:06.0993 2708 ACPI - ok

19:08:07.0022 2708 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

19:08:07.0044 2708 AcpiPmi - ok

19:08:07.0088 2708 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

19:08:07.0111 2708 adp94xx - ok

19:08:07.0175 2708 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

19:08:07.0203 2708 adpahci - ok

19:08:07.0213 2708 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

19:08:07.0251 2708 adpu320 - ok

19:08:07.0300 2708 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys

19:08:07.0303 2708 AFD - ok

19:08:07.0313 2708 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

19:08:07.0329 2708 agp440 - ok

19:08:07.0344 2708 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

19:08:07.0361 2708 aliide - ok

19:08:07.0370 2708 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

19:08:07.0377 2708 amdide - ok

19:08:07.0385 2708 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

19:08:07.0399 2708 AmdK8 - ok

19:08:07.0409 2708 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

19:08:07.0435 2708 AmdPPM - ok

19:08:07.0454 2708 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys

19:08:07.0472 2708 amdsata - ok

19:08:07.0487 2708 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

19:08:07.0518 2708 amdsbs - ok

19:08:07.0567 2708 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys

19:08:07.0573 2708 amdxata - ok

19:08:07.0605 2708 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

19:08:07.0623 2708 AppID - ok

19:08:07.0647 2708 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

19:08:07.0653 2708 arc - ok

19:08:07.0664 2708 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

19:08:07.0675 2708 arcsas - ok

19:08:07.0700 2708 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

19:08:07.0714 2708 AsyncMac - ok

19:08:07.0733 2708 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

19:08:07.0740 2708 atapi - ok

19:08:07.0788 2708 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

19:08:07.0802 2708 b06bdrv - ok

19:08:07.0819 2708 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

19:08:07.0841 2708 b57nd60a - ok

19:08:07.0867 2708 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

19:08:07.0878 2708 Beep - ok

19:08:07.0911 2708 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

19:08:07.0915 2708 blbdrive - ok

19:08:07.0958 2708 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys

19:08:07.0963 2708 bowser - ok

19:08:07.0972 2708 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

19:08:07.0985 2708 BrFiltLo - ok

19:08:07.0994 2708 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

19:08:07.0997 2708 BrFiltUp - ok

19:08:08.0011 2708 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

19:08:08.0028 2708 Brserid - ok

19:08:08.0037 2708 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

19:08:08.0048 2708 BrSerWdm - ok

19:08:08.0058 2708 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

19:08:08.0066 2708 BrUsbMdm - ok

19:08:08.0077 2708 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

19:08:08.0086 2708 BrUsbSer - ok

19:08:08.0123 2708 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys

19:08:08.0129 2708 BthEnum - ok

19:08:08.0143 2708 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

19:08:08.0160 2708 BTHMODEM - ok

19:08:08.0185 2708 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

19:08:08.0188 2708 BthPan - ok

19:08:08.0227 2708 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\system32\Drivers\BTHport.sys

19:08:08.0251 2708 BTHPORT - ok

19:08:08.0280 2708 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\system32\Drivers\BTHUSB.sys

19:08:08.0286 2708 BTHUSB - ok

19:08:08.0322 2708 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys

19:08:08.0330 2708 btwaudio - ok

19:08:08.0356 2708 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\DRIVERS\btwavdt.sys

19:08:08.0365 2708 btwavdt - ok

19:08:08.0395 2708 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys

19:08:08.0406 2708 btwl2cap - ok

19:08:08.0427 2708 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys

19:08:08.0430 2708 btwrchid - ok

19:08:08.0551 2708 catchme - ok

19:08:08.0569 2708 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

19:08:08.0587 2708 cdfs - ok

19:08:08.0605 2708 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

19:08:08.0625 2708 cdrom - ok

19:08:08.0654 2708 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

19:08:08.0671 2708 circlass - ok

19:08:08.0713 2708 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

19:08:08.0718 2708 CLFS - ok

19:08:08.0759 2708 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

19:08:08.0773 2708 CmBatt - ok

19:08:08.0786 2708 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

19:08:08.0796 2708 cmdide - ok

19:08:08.0834 2708 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys

19:08:08.0852 2708 CNG - ok

19:08:08.0875 2708 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

19:08:09.0249 2708 Compbatt - ok

19:08:09.0264 2708 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

19:08:09.0277 2708 CompositeBus - ok

19:08:09.0294 2708 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

19:08:09.0307 2708 crcdisk - ok

19:08:09.0351 2708 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys

19:08:09.0372 2708 CtClsFlt - ok

19:08:09.0403 2708 dc3d (26c9db5fb11aa1c90ca4b7a986cca4f3) C:\Windows\system32\DRIVERS\dc3d.sys

19:08:09.0424 2708 dc3d - ok

19:08:09.0504 2708 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys

19:08:09.0511 2708 DfsC - ok

19:08:09.0551 2708 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

19:08:09.0557 2708 discache - ok

19:08:09.0587 2708 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

19:08:09.0603 2708 Disk - ok

19:08:09.0642 2708 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

19:08:09.0659 2708 drmkaud - ok

19:08:09.0715 2708 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys

19:08:09.0749 2708 DXGKrnl - ok

19:08:09.0854 2708 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

19:08:09.0950 2708 ebdrv - ok

19:08:09.0984 2708 ElRawDisk (d38a883309e04b9fbffe1aca60ea3bbf) C:\Windows\system32\drivers\ElRawDsk.sys

19:08:09.0994 2708 ElRawDisk - ok

19:08:10.0024 2708 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

19:08:10.0051 2708 elxstor - ok

19:08:10.0063 2708 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

19:08:10.0074 2708 ErrDev - ok

19:08:10.0112 2708 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

19:08:10.0126 2708 exfat - ok

19:08:10.0154 2708 FACAP (2c1d443e14f376e8331f52f135dca9ef) C:\Windows\system32\DRIVERS\facap.sys

19:08:10.0164 2708 FACAP - ok

19:08:10.0192 2708 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

19:08:10.0207 2708 fastfat - ok

19:08:10.0220 2708 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

19:08:10.0232 2708 fdc - ok

19:08:10.0262 2708 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

19:08:10.0276 2708 FileInfo - ok

19:08:10.0298 2708 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

19:08:10.0308 2708 Filetrace - ok

19:08:10.0319 2708 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

19:08:10.0332 2708 flpydisk - ok

19:08:10.0353 2708 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

19:08:10.0360 2708 FltMgr - ok

19:08:10.0375 2708 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

19:08:10.0380 2708 FsDepends - ok

19:08:10.0394 2708 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

19:08:10.0409 2708 Fs_Rec - ok

19:08:10.0447 2708 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

19:08:10.0453 2708 fvevol - ok

19:08:10.0466 2708 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

19:08:10.0480 2708 gagp30kx - ok

19:08:10.0516 2708 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

19:08:10.0521 2708 GEARAspiWDM - ok

19:08:10.0544 2708 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

19:08:10.0557 2708 hcw85cir - ok

19:08:10.0588 2708 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

19:08:10.0593 2708 HDAudBus - ok

19:08:10.0633 2708 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

19:08:10.0646 2708 HECIx64 - ok

19:08:10.0654 2708 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

19:08:10.0666 2708 HidBatt - ok

19:08:10.0676 2708 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

19:08:10.0681 2708 HidBth - ok

19:08:10.0690 2708 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

19:08:10.0696 2708 HidIr - ok

19:08:10.0717 2708 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

19:08:10.0722 2708 HidUsb - ok

19:08:10.0740 2708 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

19:08:10.0751 2708 HpSAMD - ok

19:08:10.0781 2708 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

19:08:10.0786 2708 HTTP - ok

19:08:10.0803 2708 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

19:08:10.0804 2708 hwpolicy - ok

19:08:10.0839 2708 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

19:08:10.0857 2708 i8042prt - ok

19:08:10.0904 2708 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys

19:08:10.0930 2708 iaStorV - ok

19:08:11.0143 2708 igfx (09ce164afa8483e41808784d7fca154e) C:\Windows\system32\DRIVERS\igdkmd64.sys

19:08:11.0664 2708 igfx - ok

19:08:11.0834 2708 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

19:08:11.0855 2708 iirsp - ok

19:08:11.0891 2708 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys

19:08:11.0908 2708 Impcd - ok

19:08:11.0948 2708 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys

19:08:11.0979 2708 IntcDAud - ok

19:08:12.0004 2708 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

19:08:12.0020 2708 intelide - ok

19:08:12.0042 2708 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

19:08:12.0044 2708 intelppm - ok

19:08:12.0067 2708 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

19:08:12.0083 2708 IpFilterDriver - ok

19:08:12.0096 2708 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

19:08:12.0108 2708 IPMIDRV - ok

19:08:12.0118 2708 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

19:08:12.0129 2708 IPNAT - ok

19:08:12.0142 2708 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

19:08:12.0151 2708 IRENUM - ok

19:08:12.0161 2708 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

19:08:12.0170 2708 isapnp - ok

19:08:12.0195 2708 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

19:08:12.0218 2708 iScsiPrt - ok

19:08:12.0230 2708 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

19:08:12.0239 2708 kbdclass - ok

19:08:12.0261 2708 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

19:08:12.0273 2708 kbdhid - ok

19:08:12.0301 2708 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys

19:08:12.0309 2708 KSecDD - ok

19:08:12.0350 2708 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys

19:08:12.0366 2708 KSecPkg - ok

19:08:12.0388 2708 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

19:08:12.0402 2708 ksthunk - ok

19:08:12.0439 2708 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

19:08:12.0455 2708 lltdio - ok

19:08:12.0490 2708 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

19:08:12.0512 2708 LSI_FC - ok

19:08:12.0522 2708 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

19:08:12.0527 2708 LSI_SAS - ok

19:08:12.0536 2708 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

19:08:12.0551 2708 LSI_SAS2 - ok

19:08:12.0562 2708 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

19:08:12.0567 2708 LSI_SCSI - ok

19:08:12.0584 2708 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

19:08:12.0599 2708 luafv - ok

19:08:12.0615 2708 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

19:08:12.0627 2708 megasas - ok

19:08:12.0656 2708 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

19:08:12.0680 2708 MegaSR - ok

19:08:12.0700 2708 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

19:08:12.0707 2708 Modem - ok

19:08:12.0722 2708 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

19:08:12.0723 2708 monitor - ok

19:08:12.0763 2708 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

19:08:12.0768 2708 mouclass - ok

19:08:12.0781 2708 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

19:08:12.0788 2708 mouhid - ok

19:08:12.0809 2708 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

19:08:12.0810 2708 mountmgr - ok

19:08:12.0820 2708 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

19:08:12.0842 2708 mpio - ok

19:08:12.0877 2708 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

19:08:12.0892 2708 mpsdrv - ok

19:08:12.0905 2708 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

19:08:12.0921 2708 MRxDAV - ok

19:08:12.0965 2708 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys

19:08:12.0981 2708 mrxsmb - ok

19:08:13.0013 2708 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys

19:08:13.0032 2708 mrxsmb10 - ok

19:08:13.0057 2708 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys

19:08:13.0065 2708 mrxsmb20 - ok

19:08:13.0107 2708 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys

19:08:13.0134 2708 msahci - ok

19:08:13.0148 2708 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

19:08:13.0155 2708 msdsm - ok

19:08:13.0199 2708 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

19:08:13.0211 2708 Msfs - ok

19:08:13.0221 2708 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

19:08:13.0226 2708 mshidkmdf - ok

19:08:13.0250 2708 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

19:08:13.0254 2708 msisadrv - ok

19:08:13.0282 2708 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

19:08:13.0302 2708 MSKSSRV - ok

19:08:13.0311 2708 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

19:08:13.0320 2708 MSPCLOCK - ok

19:08:13.0331 2708 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

19:08:13.0341 2708 MSPQM - ok

19:08:13.0372 2708 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

19:08:13.0384 2708 MsRPC - ok

19:08:13.0402 2708 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

19:08:13.0404 2708 mssmbios - ok

19:08:13.0417 2708 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

19:08:13.0423 2708 MSTEE - ok

19:08:13.0444 2708 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

19:08:13.0468 2708 MTConfig - ok

19:08:13.0492 2708 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

19:08:13.0505 2708 Mup - ok

19:08:13.0537 2708 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

19:08:13.0545 2708 NativeWifiP - ok

19:08:13.0572 2708 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

19:08:13.0577 2708 NDIS - ok

19:08:13.0595 2708 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

19:08:13.0605 2708 NdisCap - ok

19:08:13.0784 2708 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

19:08:13.0801 2708 NdisTapi - ok

19:08:13.0826 2708 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

19:08:13.0832 2708 Ndisuio - ok

19:08:13.0857 2708 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

19:08:13.0872 2708 NdisWan - ok

19:08:13.0893 2708 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

19:08:13.0899 2708 NDProxy - ok

19:08:13.0926 2708 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

19:08:13.0944 2708 NetBIOS - ok

19:08:13.0975 2708 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

19:08:13.0977 2708 NetBT - ok

19:08:14.0186 2708 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys

19:08:14.0383 2708 NETw5s64 - ok

19:08:14.0413 2708 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

19:08:14.0418 2708 nfrd960 - ok

19:08:14.0448 2708 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

19:08:14.0458 2708 Npfs - ok

19:08:14.0486 2708 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

19:08:14.0486 2708 nsiproxy - ok

19:08:14.0561 2708 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys

19:08:14.0617 2708 Ntfs - ok

19:08:14.0649 2708 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys

19:08:14.0662 2708 NuidFltr - ok

19:08:14.0683 2708 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

19:08:14.0689 2708 Null - ok

19:08:14.0702 2708 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys

19:08:14.0714 2708 nvraid - ok

19:08:14.0730 2708 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys

19:08:14.0743 2708 nvstor - ok

19:08:14.0759 2708 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

19:08:14.0775 2708 nv_agp - ok

19:08:14.0811 2708 O2MDGRDR (8c2953537ca19dfaa67d612407e0f33e) C:\Windows\system32\DRIVERS\o2mdgx64.sys

19:08:14.0819 2708 O2MDGRDR - ok

19:08:14.0846 2708 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

19:08:14.0860 2708 ohci1394 - ok

19:08:14.0884 2708 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

19:08:14.0898 2708 Parport - ok

19:08:14.0918 2708 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

19:08:14.0924 2708 partmgr - ok

19:08:14.0966 2708 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

19:08:14.0986 2708 pci - ok

19:08:15.0008 2708 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

19:08:15.0024 2708 pciide - ok

19:08:15.0040 2708 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

19:08:15.0052 2708 pcmcia - ok

19:08:15.0101 2708 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

19:08:15.0111 2708 pcw - ok

19:08:15.0160 2708 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

19:08:15.0176 2708 PEAUTH - ok

19:08:15.0222 2708 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

19:08:15.0236 2708 PptpMiniport - ok

19:08:15.0246 2708 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

19:08:15.0260 2708 Processor - ok

19:08:15.0286 2708 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

19:08:15.0287 2708 Psched - ok

19:08:15.0318 2708 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys

19:08:15.0325 2708 PxHlpa64 - ok

19:08:15.0377 2708 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

19:08:15.0425 2708 ql2300 - ok

19:08:15.0438 2708 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

19:08:15.0443 2708 ql40xx - ok

19:08:15.0457 2708 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

19:08:15.0463 2708 QWAVEdrv - ok

19:08:15.0490 2708 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

19:08:15.0509 2708 RasAcd - ok

19:08:15.0527 2708 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

19:08:15.0533 2708 RasAgileVpn - ok

19:08:15.0563 2708 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

19:08:15.0579 2708 Rasl2tp - ok

19:08:15.0600 2708 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

19:08:15.0613 2708 RasPppoe - ok

19:08:15.0629 2708 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

19:08:15.0642 2708 RasSstp - ok

19:08:15.0668 2708 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

19:08:15.0682 2708 rdbss - ok

19:08:15.0697 2708 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

19:08:15.0705 2708 rdpbus - ok

19:08:15.0727 2708 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

19:08:15.0728 2708 RDPCDD - ok

19:08:15.0748 2708 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

19:08:15.0749 2708 RDPENCDD - ok

19:08:15.0768 2708 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

19:08:15.0769 2708 RDPREFMP - ok

19:08:15.0780 2708 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

19:08:15.0948 2708 RDPWD - ok

19:08:15.0977 2708 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

19:08:15.0990 2708 rdyboost - ok

19:08:16.0030 2708 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

19:08:16.0046 2708 RFCOMM - ok

19:08:16.0102 2708 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys

19:08:16.0110 2708 RsFx0103 - ok

19:08:16.0124 2708 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

19:08:16.0147 2708 rspndr - ok

19:08:16.0176 2708 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys

19:08:16.0187 2708 RTL8167 - ok

19:08:16.0339 2708 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

19:08:16.0344 2708 SASDIFSV - ok

19:08:16.0376 2708 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

19:08:16.0381 2708 SASKUTIL - ok

19:08:16.0427 2708 sbapifs (cd50ffb4c803c06d21ce3569489b7929) C:\Windows\system32\DRIVERS\sbapifs.sys

19:08:16.0441 2708 sbapifs - ok

19:08:16.0458 2708 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

19:08:16.0475 2708 sbp2port - ok

19:08:16.0516 2708 SBRE (2f58125ad1bb90959f9634c7ac36d230) C:\Windows\system32\drivers\SBREdrv.sys

19:08:16.0523 2708 SBRE - ok

19:08:16.0574 2708 SbTis (f9955774a6bf0a5ca696f591c7b80a79) C:\Windows\system32\drivers\sbtis.sys

19:08:16.0587 2708 SbTis - ok

19:08:16.0614 2708 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

19:08:16.0634 2708 scfilter - ok

19:08:16.0669 2708 sdbus (84e00908975faf79e91282ed8fb88c2f) C:\Windows\system32\DRIVERS\sdbus.sys

19:08:16.0849 2708 sdbus - ok

19:08:16.0893 2708 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

19:08:16.0907 2708 secdrv - ok

19:08:16.0933 2708 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

19:08:16.0940 2708 Serenum - ok

19:08:16.0950 2708 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

19:08:16.0954 2708 Serial - ok

19:08:16.0963 2708 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

19:08:16.0982 2708 sermouse - ok

19:08:17.0002 2708 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

19:08:17.0012 2708 sffdisk - ok

19:08:17.0026 2708 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

19:08:17.0030 2708 sffp_mmc - ok

19:08:17.0039 2708 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys

19:08:17.0042 2708 sffp_sd - ok

19:08:17.0051 2708 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

19:08:17.0059 2708 sfloppy - ok

19:08:17.0082 2708 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

19:08:17.0090 2708 SiSRaid2 - ok

19:08:17.0099 2708 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

19:08:17.0111 2708 SiSRaid4 - ok

19:08:17.0138 2708 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

19:08:17.0152 2708 Smb - ok

19:08:17.0192 2708 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

19:08:17.0197 2708 spldr - ok

19:08:17.0256 2708 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys

19:08:17.0270 2708 srv - ok

19:08:17.0310 2708 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys

19:08:17.0326 2708 srv2 - ok

19:08:17.0372 2708 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys

19:08:17.0384 2708 srvnet - ok

19:08:17.0407 2708 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

19:08:17.0411 2708 stexstor - ok

19:08:17.0439 2708 STHDA (caf5a9708671b14b9670260735b22c4e) C:\Windows\system32\DRIVERS\stwrt64.sys

19:08:17.0463 2708 STHDA - ok

19:08:17.0479 2708 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

19:08:17.0485 2708 swenum - ok

19:08:17.0530 2708 SynTP (39d4b4343ba70e4b32c4531bd075b9f6) C:\Windows\system32\DRIVERS\SynTP.sys

19:08:17.0566 2708 SynTP - ok

19:08:17.0646 2708 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys

19:08:17.0768 2708 Tcpip - ok

19:08:17.0808 2708 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys

19:08:17.0826 2708 TCPIP6 - ok

19:08:17.0846 2708 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

19:08:17.0861 2708 tcpipreg - ok

19:08:17.0873 2708 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

19:08:17.0877 2708 TDPIPE - ok

19:08:17.0887 2708 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

19:08:17.0899 2708 TDTCP - ok

19:08:17.0915 2708 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

19:08:17.0930 2708 tdx - ok

19:08:17.0948 2708 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

19:08:18.0126 2708 TermDD - ok

19:08:18.0188 2708 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

19:08:18.0203 2708 tssecsrv - ok

19:08:18.0222 2708 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

19:08:18.0234 2708 tunnel - ok

19:08:18.0257 2708 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys

19:08:18.0684 2708 TurboB - ok

19:08:18.0695 2708 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

19:08:18.0699 2708 uagp35 - ok

19:08:18.0729 2708 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys

19:08:18.0953 2708 udfs - ok

19:08:18.0969 2708 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

19:08:19.0002 2708 uliagpkx - ok

19:08:19.0023 2708 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

19:08:19.0037 2708 umbus - ok

19:08:19.0048 2708 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

19:08:19.0056 2708 UmPass - ok

19:08:19.0093 2708 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys

19:08:19.0110 2708 usbaudio - ok

19:08:19.0149 2708 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys

19:08:19.0166 2708 usbccgp - ok

19:08:19.0190 2708 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

19:08:19.0197 2708 usbcir - ok

19:08:19.0223 2708 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys

19:08:19.0229 2708 usbehci - ok

19:08:19.0265 2708 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys

19:08:19.0285 2708 usbhub - ok

19:08:19.0312 2708 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys

19:08:19.0319 2708 usbohci - ok

19:08:19.0333 2708 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

19:08:19.0347 2708 usbprint - ok

19:08:19.0373 2708 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

19:08:19.0390 2708 usbscan - ok

19:08:19.0417 2708 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS

19:08:19.0437 2708 USBSTOR - ok

19:08:19.0450 2708 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys

19:08:19.0464 2708 usbuhci - ok

19:08:19.0496 2708 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys

19:08:19.0513 2708 usbvideo - ok

19:08:19.0571 2708 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

19:08:19.0575 2708 vdrvroot - ok

19:08:19.0587 2708 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

19:08:19.0599 2708 vga - ok

19:08:19.0614 2708 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

19:08:19.0617 2708 VgaSave - ok

19:08:19.0629 2708 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

19:08:19.0643 2708 vhdmp - ok

19:08:19.0653 2708 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

19:08:19.0665 2708 viaide - ok

19:08:19.0684 2708 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

19:08:19.0699 2708 volmgr - ok

19:08:19.0725 2708 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

19:08:19.0727 2708 volmgrx - ok

19:08:19.0751 2708 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

19:08:19.0762 2708 volsnap - ok

19:08:19.0775 2708 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

19:08:19.0783 2708 vsmraid - ok

19:08:19.0805 2708 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

19:08:19.0817 2708 vwifibus - ok

19:08:19.0841 2708 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

19:08:19.0847 2708 vwififlt - ok

19:08:19.0868 2708 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

19:08:19.0869 2708 vwifimp - ok

19:08:19.0887 2708 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

19:08:19.0892 2708 WacomPen - ok

19:08:19.0911 2708 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

19:08:19.0924 2708 WANARP - ok

19:08:19.0928 2708 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

19:08:19.0932 2708 Wanarpv6 - ok

19:08:19.0953 2708 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

19:08:19.0961 2708 Wd - ok

19:08:19.0989 2708 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

19:08:20.0016 2708 Wdf01000 - ok

19:08:20.0053 2708 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

19:08:20.0058 2708 WfpLwf - ok

19:08:20.0080 2708 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys

19:08:20.0102 2708 WimFltr - ok

19:08:20.0126 2708 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

19:08:20.0305 2708 WIMMount - ok

19:08:20.0366 2708 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

19:08:20.0368 2708 WmiAcpi - ok

19:08:20.0401 2708 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

19:08:20.0420 2708 ws2ifsl - ok

19:08:20.0484 2708 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys

19:08:20.0707 2708 WudfPf - ok

19:08:20.0747 2708 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys

19:08:20.0946 2708 WUDFRd - ok

19:08:20.0974 2708 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

19:08:20.0987 2708 \Device\Harddisk0\DR0 - ok

19:08:20.0991 2708 Boot (0x1200) (47a2b6601a482770db82e6c7c1fb0314) \Device\Harddisk0\DR0\Partition0

19:08:20.0992 2708 \Device\Harddisk0\DR0\Partition0 - ok

19:08:21.0004 2708 Boot (0x1200) (6a6b0afbb8807427dc183bf4c2febbff) \Device\Harddisk0\DR0\Partition1

19:08:21.0005 2708 \Device\Harddisk0\DR0\Partition1 - ok

19:08:21.0006 2708 ============================================================

19:08:21.0006 2708 Scan finished

19:08:21.0006 2708 ============================================================

19:08:21.0115 1092 Detected object count: 0

19:08:21.0115 1092 Actual detected object count: 0

Results of screen317's Security Check version 0.99.26

Windows 7 x64 (UAC is disabled!)

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

VIPRE Antivirus

iolo technologies' System Mechanic

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 22

Out of date Java installed!

Mozilla Firefox (8.0.)

````````````````````````````````

Process Check:

objlist.exe by Laurent

iolo Common Lib ioloServiceManager.exe

``````````End of Log````````````

I was getting unknown music and search hijacks before running the above. So symptoms as we speak.

JV

Link to post
Share on other sites

Thanks for your help D-FRED-BROWN

No problem! :)

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

Driver::

97033634

File::

c:\windows\system32\drivers\97033634.sys

c:\windows\SYSWOW64\drivers\97033634.sys

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now ;)

Link to post
Share on other sites

Google searches are still getting redirected.

ComboFix 11-11-15.06 - John 11/15/2011 16:12:54.5.4 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3765.2218 [GMT -8:00]

Running from: c:\users\John\Desktop\ComboFix.exe

Command switches used :: c:\users\John\Desktop\CFScript.txt

AV: Sunbelt VIPRE *Enabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}

SP: Sunbelt VIPRE *Enabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\system32\drivers\97033634.sys"

"c:\windows\SYSWOW64\drivers\97033634.sys"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_97033634

.

.

((((((((((((((((((((((((( Files Created from 2011-10-16 to 2011-11-16 )))))))))))))))))))))))))))))))

.

.

2011-11-16 00:44 . 2011-11-16 00:44 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-11-15 01:27 . 2011-11-15 01:27 -------- d-----w- c:\users\John\AppData\Local\Traffic_Mystic_IM_Solutio

2011-11-14 22:18 . 2011-11-14 22:18 -------- d-----w- c:\program files (x86)\Market Samurai

2011-11-14 00:09 . 2011-11-14 00:09 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2011-11-13 05:37 . 2011-11-13 05:37 -------- d-----w- c:\users\John\AppData\Roaming\SUPERAntiSpyware.com

2011-11-13 05:37 . 2011-11-13 05:37 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-11-13 05:37 . 2011-11-13 05:37 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-11-12 19:26 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll

2011-11-12 19:26 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll

2011-11-12 19:26 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-11-12 19:25 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys

2011-11-10 01:29 . 2011-11-10 01:29 -------- d-----w- c:\users\John\AppData\Roaming\YourLocalShorcut

2011-11-10 01:29 . 2011-11-10 01:29 -------- d-----w- c:\program files (x86)\ Your Local Shortcut

2011-11-09 04:23 . 2011-11-12 22:17 -------- d-----w- c:\programdata\Kaspersky Lab

2011-10-28 04:38 . 2011-10-28 04:38 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2011-10-28 04:38 . 2011-10-28 04:38 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2011-10-28 04:38 . 2011-10-28 04:38 144384 ----a-w- c:\windows\system32\cdd.dll

2011-10-25 18:38 . 2011-10-25 18:38 -------- d-----w- c:\program files (x86)\KeywordBlueprint2

2011-10-24 02:23 . 2011-10-24 02:23 -------- d-----w- c:\program files (x86)\Aruhat Technologies Pvt. Ltd

2011-10-22 01:05 . 2011-10-22 01:05 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll

2011-10-22 01:04 . 2011-10-22 01:04 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2011-10-22 01:04 . 2011-10-22 01:04 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2011-10-19 16:50 . 2011-10-19 16:50 -------- d-----w- c:\users\John\AppData\Roaming\CommissionBlueprint.KeywordBlueprint2.E611A7DFA7A14643DD636F3114ECD771F85A61E0.1

2011-10-17 02:55 . 2011-10-17 02:55 18139008 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-14 00:10 . 2011-10-12 00:38 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2011-11-14 00:10 . 2011-10-12 00:38 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2011-11-14 00:09 . 2011-10-12 00:37 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2011-10-28 04:18 . 2011-06-30 00:28 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-12 00:37 . 2011-10-12 00:37 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-09-06 19:30 . 2011-09-06 19:30 45904 ----a-w- c:\windows\SysWow64\sbbd.exe

2011-09-06 19:30 . 2011-05-10 22:27 45904 ----a-w- c:\windows\system32\sbbd.exe

2011-08-30 00:36 . 2011-08-30 00:36 71256 ----a-w- c:\windows\system32\drivers\sbapifs.sys

2011-08-30 00:36 . 2011-08-30 00:36 101720 ----a-w- c:\windows\SysWow64\drivers\SBREDrv.sys

2011-08-30 00:36 . 2011-05-10 22:27 55384 ----a-w- c:\windows\system32\drivers\sbredrv.sys

2011-08-27 05:40 . 2011-10-12 05:51 331776 ----a-w- c:\windows\system32\oleacc.dll

2011-08-27 05:40 . 2011-10-12 05:51 861184 ----a-w- c:\windows\system32\oleaut32.dll

2011-08-27 04:43 . 2011-10-12 05:51 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll

2011-08-27 04:43 . 2011-10-12 05:51 233472 ----a-w- c:\windows\SysWow64\oleacc.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-11-13_07.15.26 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-14 04:54 . 2011-11-16 00:50 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2011-11-13 06:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2011-11-13 06:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2011-11-16 00:50 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2011-11-13 06:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2011-11-16 00:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 05:10 . 2011-11-16 00:50 38468 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-07-04 07:13 . 2011-11-16 00:50 17552 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2888607521-20579777-1717240660-1000_UserData.bin

+ 2009-07-14 04:46 . 2011-11-14 04:08 80352 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2011-11-14 22:17 . 2011-11-14 22:17 74240 c:\windows\Installer\8956711.msi

+ 2010-08-06 16:50 . 2011-11-15 00:57 3136 c:\windows\system32\wdi\ERCQueuedResolutions.dat

- 2010-08-06 16:50 . 2011-11-09 03:01 3136 c:\windows\system32\wdi\ERCQueuedResolutions.dat

- 2011-11-13 06:17 . 2011-11-13 06:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-11-16 00:47 . 2011-11-16 00:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-11-16 00:47 . 2011-11-16 00:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-11-13 06:17 . 2011-11-13 06:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2010-07-01 05:57 . 2011-11-15 12:54 347668 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

- 2009-07-14 02:36 . 2011-11-12 23:12 727974 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-11-15 14:11 727974 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-11-15 14:11 147114 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2011-11-12 23:12 147114 c:\windows\system32\perfc009.dat

- 2009-07-14 05:01 . 2011-11-13 01:27 438488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2011-11-16 00:46 438488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-05-10 22:49 . 2011-11-16 00:47 3979152 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2888607521-20579777-1717240660-1000-12288.dat

- 2009-07-14 02:34 . 2011-11-13 06:37 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

+ 2009-07-14 02:34 . 2011-11-15 13:17 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Speed Typing"="c:\program files (x86)\Invention Pilot\Speed Typing\STyping.exe" [2002-12-12 101376]

"Jing"="c:\program files (x86)\TechSmith\Jing\Jing.exe" [2010-08-19 3069192]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 5495680]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]

"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2010-02-22 95560]

"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]

"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-01-24 136416]

"Memeo AutoSync"="c:\program files (x86)\Memeo\AutoSync\MemeoLauncher2.exe" [2010-04-16 144608]

"Memeo Send"="c:\program files (x86)\Memeo\Memeo Send\MemeoLauncher.exe" [2010-07-20 236816]

"Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]

"iolo Startup"="c:\program files (x86)\iolo\Common\Lib\ioloLManager.exe" [2011-08-08 606392]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]

"SBAMTray"="c:\program files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe" [2011-09-27 1357136]

"FAStartup"="" [bU]

.

c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

TimeLeft.lnk - c:\program files (x86)\TimeLeft3\TimeLeft.exe [2011-10-5 2051880]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]

2010-02-22 20:24 144712 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-16 183560]

R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [x]

R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-09-21 315664]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 61976]

R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]

R4 SQLAgent$ADCENTERDESKTOP;SQL Server Agent (ADCENTERDESKTOP);c:\program files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-08-30 55384]

S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-02 89600]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-02-22 2409800]

S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-08-08 722616]

S2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe [2010-04-14 1052328]

S2 lxebCATSCustConnectService;lxebCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe [2010-04-14 45736]

S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-01-24 25824]

S2 MSSQL$ADCENTERDESKTOP;SQL Server (ADCENTERDESKTOP);c:\program files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\sqlservr.exe [2009-03-30 57617752]

S2 SBAMSvc;VIPRE Antivirus;c:\program files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe [2011-09-06 2804280]

S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]

S2 SBPIMSvc;SB Recovery Service;c:\program files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe [2011-09-06 181584]

S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]

S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]

S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2888607521-20579777-1717240660-1000Core.job

- c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-09 06:23]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-20 487424]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-07 166424]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-07 391192]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-07 413720]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-09-21 1926928]

"lxebmon.exe"="c:\program files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe" [2010-05-05 770728]

"EzPrint"="c:\program files (x86)\Lexmark Pro200-S500 Series\ezprint.exe" [2010-05-05 148280]

"combofix"="c:\combofix\CF22415.3XE" [2009-07-14 344576]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://google.com/

uInternet Settings,ProxyServer = 171.66.3.181:3128

uInternet Settings,ProxyOverride = <local>;*.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\1lze15yw.default\

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=

FF - prefs.js: network.proxy.http - 211.222.202.109

FF - prefs.js: network.proxy.http_port - 80

FF - prefs.js: network.proxy.ssl - 72.44.82.146

FF - prefs.js: network.proxy.ssl_port - 3128

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{0FE6B2D5-5183-42C0-B225-FAC1B9955366} - (no file)

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2888607521-20579777-1717240660-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-2888607521-20579777-1717240660-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\windows\system32\DRIVERS\o2flash.exe

c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

c:\program files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe

c:\program files (x86)\Memeo\Memeo Send\MemeoSend.exe

c:\program files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe

c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe

c:\program files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe

c:\program files (x86)\Internet Explorer\iexplore.exe

c:\program files (x86)\Microsoft\BingBar\BingBar.exe

c:\program files (x86)\Microsoft\BingBar\BingApp.exe

.

**************************************************************************

.

Completion time: 2011-11-15 17:09:21 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-16 01:09

ComboFix2.txt 2011-11-15 04:26

ComboFix3.txt 2011-11-13 07:33

ComboFix4.txt 2011-11-11 21:16

ComboFix5.txt 2011-11-16 00:05

.

Pre-Run: 231,265,148,928 bytes free

Post-Run: 231,351,111,680 bytes free

.

- - End Of File - - CF5F74289D0EEBC88E85D50272F0C2B7

Link to post
Share on other sites

Hello again,

Do you recognize the following program names?

  • Market Samurai
  • Your Local Shortcut
  • Aruhat Technologies Pvt. Ltd
  • Traffic Mystic IM Solutions

Please let me know :).

------

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats is Unchecked and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

------

Download the latest version of Kaspersky Virus Removal Tool

  • Close all other applications and double-click and run the installer.
  • When the Kaspersky Virus Removal Tool starts, to the right of Security Level click Recommended, and select Settings.
  • In the window that opens (Autoscan), in the Scope tab place a checkmark to the left of Parse email formats.
  • Click the Additional tab and click to place a checkmark to the left of Deep scan, and click OK.
  • Select all the scanable items except for CD-ROM drives and click the Start scan button.
    6zvqld.gif
  • If malware is detected, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).
  • After the scan finishes, if any threat remains in the Scan window (Red exclamation point), click the Neutralize all button
  • In the window that opens, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).
  • If advised that a special disinfection procedure is required which demands system reboot: click the Ok button to close the window.
  • In the Scan window click the Reports button and select Save to file.
  • Name the report AVPT.txt, and save it to the Desktop.
  • Close AVPTool.
  • You will be prompted if you want to uninstall the program; click Yes.
  • You will then be prompted that to complete the uninstallation, the computer must be restarted. Select Yes to restart the system.
  • Copy and paste the first part of the report (Detected) that you saved in your next reply.

------

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

Reglock::

[HKEY_USERS\S-1-5-21-2888607521-20579777-1717240660-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

[HKEY_USERS\S-1-5-21-2888607521-20579777-1717240660-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now ;)

------

In your next reply, please include:

  • What programs from that list you recognize
  • ESET Online Scan log
  • Kaspersky AVP Tool log
  • The newly-created C:\ComboFix.txt

Also, please let me know how things are running now. :)

Link to post
Share on other sites

Hello,

I recognize the programs. Could not get ESET to run.

Still getting hijacked in both IE and Firefox.

thanks,

JV

ComboFix 11-11-15.06 - John 11/16/2011 6:58.6.4 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3765.2144 [GMT -8:00]

Running from: c:\users\John\Desktop\ComboFix.exe

Command switches used :: c:\users\John\Desktop\CFScript.txt

AV: Sunbelt VIPRE *Enabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}

SP: Sunbelt VIPRE *Enabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\LP

c:\program files (x86)\LP\227F\464.tmp

c:\program files (x86)\LP\227F\5169.tmp

c:\program files (x86)\LP\227F\6C87.tmp

c:\program files (x86)\LP\227F\77FE.tmp

c:\program files (x86)\LP\227F\92A1.tmp

c:\program files (x86)\LP\227F\F826.tmp

.

.

((((((((((((((((((((((((( Files Created from 2011-10-16 to 2011-11-16 )))))))))))))))))))))))))))))))

.

.

2011-11-16 15:33 . 2011-11-16 15:33 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-11-16 01:12 . 2011-11-16 14:15 -------- d-----w- c:\program files (x86)\CE870

2011-11-16 01:12 . 2011-11-16 01:12 -------- d-----w- c:\users\John\AppData\Roaming\FA6CE

2011-11-15 01:27 . 2011-11-15 01:27 -------- d-----w- c:\users\John\AppData\Local\Traffic_Mystic_IM_Solutio

2011-11-14 22:18 . 2011-11-14 22:18 -------- d-----w- c:\program files (x86)\Market Samurai

2011-11-14 00:09 . 2011-11-14 00:09 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2011-11-13 05:37 . 2011-11-13 05:37 -------- d-----w- c:\users\John\AppData\Roaming\SUPERAntiSpyware.com

2011-11-13 05:37 . 2011-11-13 05:37 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-11-13 05:37 . 2011-11-13 05:37 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-11-12 19:26 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll

2011-11-12 19:26 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll

2011-11-12 19:26 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-11-12 19:25 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys

2011-11-10 01:29 . 2011-11-10 01:29 -------- d-----w- c:\users\John\AppData\Roaming\YourLocalShorcut

2011-11-10 01:29 . 2011-11-10 01:29 -------- d-----w- c:\program files (x86)\ Your Local Shortcut

2011-11-09 04:23 . 2011-11-16 04:39 -------- d-----w- c:\programdata\Kaspersky Lab

2011-10-28 04:38 . 2011-10-28 04:38 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2011-10-28 04:38 . 2011-10-28 04:38 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2011-10-28 04:38 . 2011-10-28 04:38 144384 ----a-w- c:\windows\system32\cdd.dll

2011-10-25 18:38 . 2011-10-25 18:38 -------- d-----w- c:\program files (x86)\KeywordBlueprint2

2011-10-24 02:23 . 2011-10-24 02:23 -------- d-----w- c:\program files (x86)\Aruhat Technologies Pvt. Ltd

2011-10-22 01:05 . 2011-11-16 01:31 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll

2011-10-22 01:04 . 2011-11-16 01:31 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2011-10-22 01:04 . 2011-11-16 01:30 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2011-10-19 16:50 . 2011-10-19 16:50 -------- d-----w- c:\users\John\AppData\Roaming\CommissionBlueprint.KeywordBlueprint2.E611A7DFA7A14643DD636F3114ECD771F85A61E0.1

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-16 01:30 . 2011-10-12 00:37 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-11-14 00:10 . 2011-10-12 00:38 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2011-11-14 00:10 . 2011-10-12 00:38 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2011-11-14 00:09 . 2011-10-12 00:37 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2011-10-28 04:18 . 2011-06-30 00:28 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-09-06 19:30 . 2011-09-06 19:30 45904 ----a-w- c:\windows\SysWow64\sbbd.exe

2011-09-06 19:30 . 2011-05-10 22:27 45904 ----a-w- c:\windows\system32\sbbd.exe

2011-08-30 00:36 . 2011-08-30 00:36 71256 ----a-w- c:\windows\system32\drivers\sbapifs.sys

2011-08-30 00:36 . 2011-08-30 00:36 101720 ----a-w- c:\windows\SysWow64\drivers\SBREDrv.sys

2011-08-30 00:36 . 2011-05-10 22:27 55384 ----a-w- c:\windows\system32\drivers\sbredrv.sys

2011-08-27 05:40 . 2011-10-12 05:51 331776 ----a-w- c:\windows\system32\oleacc.dll

2011-08-27 05:40 . 2011-10-12 05:51 861184 ----a-w- c:\windows\system32\oleaut32.dll

2011-08-27 04:43 . 2011-10-12 05:51 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll

2011-08-27 04:43 . 2011-10-12 05:51 233472 ----a-w- c:\windows\SysWow64\oleacc.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-11-13_07.15.26 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-14 04:54 . 2011-11-16 15:39 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2011-11-13 06:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2011-11-13 06:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2011-11-16 15:39 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2011-11-13 06:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2011-11-16 15:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 05:10 . 2011-11-16 14:19 38570 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-07-04 07:13 . 2011-11-16 00:50 17552 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2888607521-20579777-1717240660-1000_UserData.bin

+ 2009-07-14 04:46 . 2011-11-14 04:08 80352 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2011-11-14 22:17 . 2011-11-14 22:17 74240 c:\windows\Installer\8956711.msi

+ 2010-08-06 16:50 . 2011-11-15 00:57 3136 c:\windows\system32\wdi\ERCQueuedResolutions.dat

- 2010-08-06 16:50 . 2011-11-09 03:01 3136 c:\windows\system32\wdi\ERCQueuedResolutions.dat

- 2011-11-13 06:17 . 2011-11-13 06:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-11-16 15:36 . 2011-11-16 15:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-11-16 15:36 . 2011-11-16 15:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-11-13 06:17 . 2011-11-13 06:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2010-07-01 05:57 . 2011-11-15 12:54 347668 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

- 2009-07-14 02:36 . 2011-11-12 23:12 727974 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-11-15 14:11 727974 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2011-11-12 23:12 147114 c:\windows\system32\perfc009.dat

+ 2009-07-14 02:36 . 2011-11-15 14:11 147114 c:\windows\system32\perfc009.dat

- 2011-08-27 23:51 . 2011-11-09 03:02 266176 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-08-27 23:51 . 2011-11-16 14:12 266176 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2009-07-14 05:01 . 2011-11-16 15:35 438488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2011-11-13 01:27 438488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-05-10 22:49 . 2011-11-16 15:35 5118852 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2888607521-20579777-1717240660-1000-12288.dat

- 2009-07-14 02:34 . 2011-11-13 06:37 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

+ 2009-07-14 02:34 . 2011-11-16 15:50 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Speed Typing"="c:\program files (x86)\Invention Pilot\Speed Typing\STyping.exe" [2002-12-12 101376]

"Jing"="c:\program files (x86)\TechSmith\Jing\Jing.exe" [2010-08-19 3069192]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 5495680]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]

"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2010-02-22 95560]

"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]

"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-01-24 136416]

"Memeo AutoSync"="c:\program files (x86)\Memeo\AutoSync\MemeoLauncher2.exe" [2010-04-16 144608]

"Memeo Send"="c:\program files (x86)\Memeo\Memeo Send\MemeoLauncher.exe" [2010-07-20 236816]

"Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]

"iolo Startup"="c:\program files (x86)\iolo\Common\Lib\ioloLManager.exe" [2011-08-08 606392]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]

"SBAMTray"="c:\program files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe" [2011-09-27 1357136]

"FAStartup"="" [bU]

.

c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

TimeLeft.lnk - c:\program files (x86)\TimeLeft3\TimeLeft.exe [2011-10-5 2051880]

_uninst_42015122.lnk - c:\users\John\AppData\Local\Temp\_uninst_42015122.bat [N/A]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HideSCAHealth"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]

2010-02-22 20:24 144712 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-16 183560]

R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [x]

R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-09-21 315664]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 61976]

R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]

R4 SQLAgent$ADCENTERDESKTOP;SQL Server Agent (ADCENTERDESKTOP);c:\program files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-08-30 55384]

S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-02 89600]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-02-22 2409800]

S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-08-08 722616]

S2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe [2010-04-14 1052328]

S2 lxebCATSCustConnectService;lxebCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe [2010-04-14 45736]

S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-01-24 25824]

S2 MSSQL$ADCENTERDESKTOP;SQL Server (ADCENTERDESKTOP);c:\program files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\sqlservr.exe [2009-03-30 57617752]

S2 SBAMSvc;VIPRE Antivirus;c:\program files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe [2011-09-06 2804280]

S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]

S2 SBPIMSvc;SB Recovery Service;c:\program files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe [2011-09-06 181584]

S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]

S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]

S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2888607521-20579777-1717240660-1000Core.job

- c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-09 06:23]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-20 487424]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-07 166424]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-07 391192]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-07 413720]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-09-21 1926928]

"lxebmon.exe"="c:\program files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe" [2010-05-05 770728]

"EzPrint"="c:\program files (x86)\Lexmark Pro200-S500 Series\ezprint.exe" [2010-05-05 148280]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://google.com/

uInternet Settings,ProxyServer = http=127.0.0.1:50242

uInternet Settings,ProxyOverride = <local>;*.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\1lze15yw.default\

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 57050

FF - prefs.js: network.proxy.ssl - 72.44.82.146

FF - prefs.js: network.proxy.ssl_port - 3128

FF - prefs.js: network.proxy.type - 1

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{0FE6B2D5-5183-42C0-B225-FAC1B9955366} - (no file)

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\windows\system32\DRIVERS\o2flash.exe

c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe

c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

c:\program files (x86)\Internet Explorer\iexplore.exe

c:\program files (x86)\Microsoft\BingBar\BingBar.exe

c:\program files (x86)\Microsoft\BingBar\BingApp.exe

c:\program files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe

c:\program files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe

c:\program files (x86)\Memeo\Memeo Send\MemeoSend.exe

.

**************************************************************************

.

Completion time: 2011-11-16 08:09:01 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-16 16:08

ComboFix2.txt 2011-11-16 01:09

ComboFix3.txt 2011-11-15 04:26

ComboFix4.txt 2011-11-13 07:33

ComboFix5.txt 2011-11-16 14:50

.

Pre-Run: 230,661,746,688 bytes free

Post-Run: 230,775,173,120 bytes free

.

- - End Of File - - DEA3A5B74D51393E2F8803CA8220611C

Status: Deleted (events: 34)

11/15/2011 9:03:04 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{18034DC4-1A6D-4B18-A10D-FA445E0A8064}_ENC2 High

11/15/2011 9:03:04 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{18034DC4-1A6D-4B18-A10D-FA445E0A8064}_ENC2//PE-Crypt.XorPE High

11/15/2011 9:03:04 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{15B19923-CC84-4FB2-A452-3980F93B1061}_ENC2 High

11/15/2011 9:03:04 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{15B19923-CC84-4FB2-A452-3980F93B1061}_ENC2//PE-Crypt.XorPE High

11/15/2011 9:03:05 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{20D2A4F2-A097-434D-9D6C-D73A93829B51}_ENC2 High

11/15/2011 9:03:05 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{20D2A4F2-A097-434D-9D6C-D73A93829B51}_ENC2//PE-Crypt.XorPE High

11/15/2011 9:03:05 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{21ED7D59-E947-4EA2-863C-ECA945C0129B}_ENC2 High

11/15/2011 9:03:05 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{21ED7D59-E947-4EA2-863C-ECA945C0129B}_ENC2//PE-Crypt.XorPE High

11/15/2011 9:03:06 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{2A6E8C3D-0F80-4271-89C7-C8F5FC72A723}_ENC2 High

11/15/2011 9:03:06 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{2A6E8C3D-0F80-4271-89C7-C8F5FC72A723}_ENC2//PE-Crypt.XorPE High

11/15/2011 9:03:08 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{363EBE25-DA9F-4AFD-B0D0-81DF9E729142}_ENC2 High

11/15/2011 9:03:08 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{363EBE25-DA9F-4AFD-B0D0-81DF9E729142}_ENC2//PE-Crypt.XorPE High

11/15/2011 9:03:13 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{3FE6B6D0-A0D4-4681-B975-64FA365D1AE9}_ENC2 High

11/15/2011 9:03:13 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{3FE6B6D0-A0D4-4681-B975-64FA365D1AE9}_ENC2//PE-Crypt.XorPE High

11/15/2011 9:03:22 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{7ACDC400-3731-42F7-99C5-41122749B3BD}_ENC2 High

11/15/2011 9:03:18 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{A73A933C-A5EA-4994-AE64-261D7E62126E}_ENC2 High

11/15/2011 9:03:18 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{A73A933C-A5EA-4994-AE64-261D7E62126E}_ENC2//PE-Crypt.XorPE High

11/15/2011 9:09:21 PM Deleted Trojan program Trojan-Downloader.Java.Agent.oq C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\6587b9c1-1ba2c8d1 High

11/15/2011 9:09:22 PM Deleted Trojan program Trojan-Downloader.Java.Agent.oq C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\6587b9c1-4cbf6e44 High

11/15/2011 9:09:22 PM Deleted Trojan program Trojan-Downloader.Java.Agent.oq C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\6587b9c1-4de7a1c1 High

11/15/2011 9:09:23 PM Deleted Trojan program Trojan-Downloader.Java.Agent.oq C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\6587b9c1-58ab123e High

11/15/2011 9:09:23 PM Deleted Trojan program Trojan-Downloader.Java.Agent.oq C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\6587b9c1-704024e0 High

11/15/2011 9:09:23 PM Deleted Trojan program Trojan-Downloader.Java.Agent.oq C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\6587b9c1-72112017 High

11/15/2011 9:09:43 PM Deleted Trojan program Trojan.Win32.Jorik.Gbot.rsl C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\592c988d-390cff99 High

11/15/2011 9:09:51 PM Deleted Trojan program Trojan-Downloader.Java.Agent.oq C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\1afc2624-355d4be3 High

11/15/2011 9:09:51 PM Deleted Trojan program Trojan-Downloader.Java.Agent.oq C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\1afc2624-3d9f5d02 High

11/15/2011 9:09:51 PM Deleted Trojan program Trojan-Downloader.Java.Agent.oq C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\1afc2624-4c73f2ac High

11/15/2011 9:09:51 PM Deleted Trojan program Trojan-Downloader.Java.Agent.oq C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\1afc2624-5dffa626 High

11/15/2011 9:09:51 PM Deleted Trojan program Trojan-Downloader.Java.Agent.oq C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\1afc2624-5ec67f94 High

11/15/2011 9:09:51 PM Deleted Trojan program Trojan-Downloader.Java.Agent.oq C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\1afc2624-668b1e2a High

11/15/2011 9:09:52 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\669c2aad-1b963022 High

11/15/2011 9:09:52 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\669c2aad-435d9649 High

11/16/2011 6:23:45 AM Deleted Trojan program Trojan.Win32.Jorik.Gbot.rsv C:\Program Files (x86)\CE870\lvvm.exe High

11/16/2011 6:23:45 AM Deleted Trojan program Trojan.Win32.Jorik.Gbot.rsl C:\Program Files (x86)\LP\227F\619.exe High

Status: Absent (events: 2)

11/15/2011 9:04:03 PM Not found Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{7ACDC400-3731-42F7-99C5-41122749B3BD}_ENC2//PE-Crypt.XorPE High

11/16/2011 6:24:03 AM Not found Trojan program Trojan.Win32.Jorik.Downloader.lw C:\Program Files (x86)\LP\227F\704F.tmp High

Status: Disinfected (events: 18)

11/15/2011 9:09:26 PM Disinfected Trojan program Exploit.Java.CVE-2010-0842.o C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\5767c64c-12ba39e9 High

11/15/2011 9:09:26 PM Disinfected Trojan program Exploit.Java.CVE-2010-0842.o C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\5767c64c-12ba39e9/a.class High

11/15/2011 9:09:50 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.df C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\3d237503-4b0d3fbf High

11/15/2011 9:09:50 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.df C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\3d237503-4b0d3fbf/bingo/nikon.class High

11/15/2011 9:09:52 PM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.cu C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\2dc5a3ae-72a6ec46 High

11/15/2011 9:09:52 PM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.cu C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\2dc5a3ae-72a6ec46/folder/Glocker.class High

11/15/2011 9:09:52 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.df C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5a220905-53ddb49f High

11/15/2011 9:09:52 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.df C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5a220905-53ddb49f/bingo/nikon.class High

11/15/2011 9:09:52 PM Disinfected Trojan program Trojan-Downloader.Java.Small.t C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\17390232-31e5b1b8 High

11/15/2011 9:09:52 PM Disinfected Trojan program Trojan-Downloader.Java.Small.t C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\17390232-31e5b1b8/Start.class High

11/15/2011 9:09:53 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.df C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\1fd93878-3d1b420a High

11/15/2011 9:09:53 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.df C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\1fd93878-3d1b420a/bingo/nikon.class High

11/15/2011 9:09:53 PM Disinfected Trojan program Trojan-Downloader.Java.Small.t C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\5ffcab9-41b244c1 High

11/15/2011 9:09:53 PM Disinfected Trojan program Trojan-Downloader.Java.Small.t C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\5ffcab9-41b244c1/Start.class High

11/15/2011 9:09:53 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.en C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\485c8386-5d59f05d High

11/15/2011 9:09:53 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.en C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\485c8386-5d59f05d/json/Parser.class High

11/15/2011 9:09:53 PM Disinfected Trojan program Trojan-Downloader.Java.Small.t C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\5fe2eefe-6a5b7262 High

11/15/2011 9:09:53 PM Disinfected Trojan program Trojan-Downloader.Java.Small.t C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\5fe2eefe-6a5b7262/Start.class High

Status: Vulnerability (events: 3)

11/15/2011 10:46:18 PM Vulnerability vulnerability http://www.securelist.com/en/advisories/46512 C:\Program Files\Java\jre6\bin\java.exe Low

11/15/2011 10:52:00 PM Vulnerability vulnerability http://www.securelist.com/en/advisories/46512 C:\Program Files (x86)\Java\jre6\bin\java.exe Low

11/16/2011 6:00:35 AM Vulnerability vulnerability http://www.securelist.com/en/advisories/46339 c:\Program Files (x86)\iTunes\iTunes.exe Low

Link to post
Share on other sites

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

Folder::

c:\program files (x86)\CE870

c:\users\John\AppData\Roaming\FA6CE

Reboot::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now ;)

Link to post
Share on other sites

Still getting the occasional redirect.

ComboFix 11-11-16.02 - John 11/16/2011 16:28:12.7.4 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3765.984 [GMT -8:00]

Running from: c:\combofix\ComboFix.exe

Command switches used :: c:\users\John\Desktop\CFScript.txt

AV: Sunbelt VIPRE *Enabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}

SP: Sunbelt VIPRE *Enabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\CE870

c:\program files (x86)\CE870\lvvm.exe

c:\users\John\AppData\Roaming\FA6CE

c:\users\John\AppData\Roaming\Google\{0B8D6FDE-D846-4DFD-A423-3F3D1E4BAA0A}\LicenseValidator.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-10-17 to 2011-11-17 )))))))))))))))))))))))))))))))

.

.

2011-11-17 01:02 . 2011-11-17 01:02 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-11-16 23:51 . 2011-11-16 23:51 1117 ----a-w- c:\windows\~clD12D.tmp

2011-11-16 22:47 . 2011-11-16 22:47 442368 --sh--w- c:\program files (x86)\Common Files\mhik.exe

2011-11-15 01:27 . 2011-11-15 01:27 -------- d-----w- c:\users\John\AppData\Local\Traffic_Mystic_IM_Solutio

2011-11-14 22:18 . 2011-11-14 22:18 -------- d-----w- c:\program files (x86)\Market Samurai

2011-11-14 00:09 . 2011-11-14 00:09 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2011-11-13 05:37 . 2011-11-13 05:37 -------- d-----w- c:\users\John\AppData\Roaming\SUPERAntiSpyware.com

2011-11-13 05:37 . 2011-11-13 05:37 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-11-13 05:37 . 2011-11-13 05:37 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-11-12 19:26 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll

2011-11-12 19:26 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll

2011-11-12 19:26 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-11-12 19:25 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys

2011-11-10 01:29 . 2011-11-10 01:29 -------- d-----w- c:\users\John\AppData\Roaming\YourLocalShorcut

2011-11-10 01:29 . 2011-11-10 01:29 -------- d-----w- c:\program files (x86)\ Your Local Shortcut

2011-11-09 04:23 . 2011-11-16 04:39 -------- d-----w- c:\programdata\Kaspersky Lab

2011-10-28 04:38 . 2011-10-28 04:38 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2011-10-28 04:38 . 2011-10-28 04:38 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2011-10-28 04:38 . 2011-10-28 04:38 144384 ----a-w- c:\windows\system32\cdd.dll

2011-10-25 18:38 . 2011-10-25 18:38 -------- d-----w- c:\program files (x86)\KeywordBlueprint2

2011-10-24 02:23 . 2011-10-24 02:23 -------- d-----w- c:\program files (x86)\Aruhat Technologies Pvt. Ltd

2011-10-22 01:05 . 2011-11-16 01:31 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll

2011-10-22 01:04 . 2011-11-16 01:31 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2011-10-22 01:04 . 2011-11-16 01:30 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2011-10-19 16:50 . 2011-10-19 16:50 -------- d-----w- c:\users\John\AppData\Roaming\CommissionBlueprint.KeywordBlueprint2.E611A7DFA7A14643DD636F3114ECD771F85A61E0.1

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-16 01:30 . 2011-10-12 00:37 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-11-14 00:10 . 2011-10-12 00:38 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2011-11-14 00:10 . 2011-10-12 00:38 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2011-11-14 00:09 . 2011-10-12 00:37 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2011-10-28 04:18 . 2011-06-30 00:28 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-09-06 19:30 . 2011-09-06 19:30 45904 ----a-w- c:\windows\SysWow64\sbbd.exe

2011-09-06 19:30 . 2011-05-10 22:27 45904 ----a-w- c:\windows\system32\sbbd.exe

2011-08-30 00:36 . 2011-08-30 00:36 71256 ----a-w- c:\windows\system32\drivers\sbapifs.sys

2011-08-30 00:36 . 2011-08-30 00:36 101720 ----a-w- c:\windows\SysWow64\drivers\SBREDrv.sys

2011-08-30 00:36 . 2011-05-10 22:27 55384 ----a-w- c:\windows\system32\drivers\sbredrv.sys

2011-08-27 05:40 . 2011-10-12 05:51 331776 ----a-w- c:\windows\system32\oleacc.dll

2011-08-27 05:40 . 2011-10-12 05:51 861184 ----a-w- c:\windows\system32\oleaut32.dll

2011-08-27 04:43 . 2011-10-12 05:51 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll

2011-08-27 04:43 . 2011-10-12 05:51 233472 ----a-w- c:\windows\SysWow64\oleacc.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-11-13_07.15.26 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-11-16 22:47 . 2011-11-16 22:47 49129 c:\windows\SysWOW64\winlog.dat

+ 2009-07-14 04:54 . 2011-11-16 23:05 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2011-11-13 06:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2011-11-13 06:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2011-11-16 23:05 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2011-11-16 23:05 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2011-11-13 06:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 05:10 . 2011-11-17 01:07 38812 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-07-04 07:13 . 2011-11-17 01:07 17968 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2888607521-20579777-1717240660-1000_UserData.bin

+ 2010-06-30 17:11 . 2011-11-16 21:08 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-06-30 17:11 . 2011-11-11 23:56 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-06-30 17:11 . 2011-11-11 23:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-06-30 17:11 . 2011-11-16 21:08 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-11-16 21:08 . 2011-11-16 21:08 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011111620111117\index.dat

+ 2009-07-14 04:54 . 2011-11-16 21:08 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-11-16 21:08 . 2011-11-16 21:08 49120 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT

+ 2009-07-14 04:46 . 2011-11-14 04:08 80352 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2011-11-14 22:17 . 2011-11-14 22:17 74240 c:\windows\Installer\8956711.msi

+ 2010-08-06 16:50 . 2011-11-15 00:57 3136 c:\windows\system32\wdi\ERCQueuedResolutions.dat

- 2010-08-06 16:50 . 2011-11-09 03:01 3136 c:\windows\system32\wdi\ERCQueuedResolutions.dat

- 2011-11-13 06:17 . 2011-11-13 06:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-11-17 01:05 . 2011-11-17 01:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-11-17 01:05 . 2011-11-17 01:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-11-13 06:17 . 2011-11-13 06:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2010-07-01 05:57 . 2011-11-16 22:29 347908 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

- 2009-07-14 02:36 . 2011-11-12 23:12 727974 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-11-15 14:11 727974 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2011-11-12 23:12 147114 c:\windows\system32\perfc009.dat

+ 2009-07-14 02:36 . 2011-11-15 14:11 147114 c:\windows\system32\perfc009.dat

- 2011-08-27 23:51 . 2011-11-09 03:02 266176 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-08-27 23:51 . 2011-11-16 14:12 266176 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2009-07-14 05:01 . 2011-11-13 01:27 438488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2011-11-17 01:04 438488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-05-10 22:49 . 2011-11-17 01:04 5265292 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2888607521-20579777-1717240660-1000-12288.dat

- 2009-07-14 02:34 . 2011-11-13 06:37 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

+ 2009-07-14 02:34 . 2011-11-16 23:40 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Speed Typing"="c:\program files (x86)\Invention Pilot\Speed Typing\STyping.exe" [2002-12-12 101376]

"Jing"="c:\program files (x86)\TechSmith\Jing\Jing.exe" [2010-08-19 3069192]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 5495680]

"cftmon"="c:\program files (x86)\Common Files\mhik.exe" [2011-11-16 442368]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]

"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2010-02-22 95560]

"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]

"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-01-24 136416]

"Memeo AutoSync"="c:\program files (x86)\Memeo\AutoSync\MemeoLauncher2.exe" [2010-04-16 144608]

"Memeo Send"="c:\program files (x86)\Memeo\Memeo Send\MemeoLauncher.exe" [2010-07-20 236816]

"Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]

"iolo Startup"="c:\program files (x86)\iolo\Common\Lib\ioloLManager.exe" [2011-08-08 606392]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]

"SBAMTray"="c:\program files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe" [2011-09-27 1357136]

"FAStartup"="" [bU]

.

c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

TimeLeft.lnk - c:\program files (x86)\TimeLeft3\TimeLeft.exe [2011-10-5 2051880]

_uninst_42015122.lnk - c:\users\John\AppData\Local\Temp\_uninst_42015122.bat [N/A]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HideSCAHealth"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]

2010-02-22 20:24 144712 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-16 183560]

R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [x]

R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-09-21 315664]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 61976]

R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]

R4 SQLAgent$ADCENTERDESKTOP;SQL Server Agent (ADCENTERDESKTOP);c:\program files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-08-30 55384]

S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-02 89600]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-02-22 2409800]

S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-08-08 722616]

S2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe [2010-04-14 1052328]

S2 lxebCATSCustConnectService;lxebCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe [2010-04-14 45736]

S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-01-24 25824]

S2 MSSQL$ADCENTERDESKTOP;SQL Server (ADCENTERDESKTOP);c:\program files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\sqlservr.exe [2009-03-30 57617752]

S2 SBAMSvc;VIPRE Antivirus;c:\program files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe [2011-09-06 2804280]

S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]

S2 SBPIMSvc;SB Recovery Service;c:\program files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe [2011-09-06 181584]

S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]

S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]

S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2888607521-20579777-1717240660-1000Core.job

- c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-09 06:23]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-20 487424]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-07 166424]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-07 391192]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-07 413720]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-09-21 1926928]

"lxebmon.exe"="c:\program files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe" [2010-05-05 770728]

"EzPrint"="c:\program files (x86)\Lexmark Pro200-S500 Series\ezprint.exe" [2010-05-05 148280]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://google.com/

uInternet Settings,ProxyServer = http=127.0.0.1:50242

uInternet Settings,ProxyOverride = <local>;*.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\1lze15yw.default\

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 50242

FF - prefs.js: network.proxy.ssl - 72.44.82.146

FF - prefs.js: network.proxy.ssl_port - 3128

FF - prefs.js: network.proxy.type - 1

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{0FE6B2D5-5183-42C0-B225-FAC1B9955366} - (no file)

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-KeApplet - c:\users\John\AppData\Roaming\Google\{0B8D6FDE-D846-4DFD-A423-3F3D1E4BAA0A}\LicenseValidator.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\windows\system32\DRIVERS\o2flash.exe

c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

c:\program files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe

c:\program files (x86)\Memeo\Memeo Send\MemeoSend.exe

c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe

c:\program files (x86)\Internet Explorer\iexplore.exe

c:\program files (x86)\Microsoft\BingBar\BingBar.exe

c:\program files (x86)\Microsoft\BingBar\BingApp.exe

.

**************************************************************************

.

Completion time: 2011-11-16 17:26:12 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-17 01:26

ComboFix2.txt 2011-11-16 16:09

ComboFix3.txt 2011-11-16 01:09

ComboFix4.txt 2011-11-15 04:26

ComboFix5.txt 2011-11-17 00:20

.

Pre-Run: 226,818,342,912 bytes free

Post-Run: 229,659,213,824 bytes free

.

- - End Of File - - 452AEE5B867A26CAA83CCBF401FA53DC

Link to post
Share on other sites

Please go to http://www.virustotal.com, click on Browse, and upload the following file/s for analysis: You will only be able to have one file scanned at a time.

c:\program files (x86)\Common Files\mhik.exe

Then click Submit. Allow the file to be scanned, and then please copy/paste the results here for me to see.

If Jotti is busy, please go to http://virusscan.jotti.org

Link to post
Share on other sites

[ArcaVir]

2011-11-17 Found nothing

[Frisk F-Prot Antivirus]

2011-11-16 Found nothing

[Avast! antivirus]

2011-11-16 Found nothing

[F-Secure Anti-Virus]

2011-11-16 Gen:Variant.Graftor.1148

[Grisoft AVG Anti-Virus]

2011-11-16 Found nothing

[ikarus]

2011-11-17 Win32.SuspectCrc

[Avira AntiVir]

2011-11-16 Found nothing

[Kaspersky Anti-Virus]

2011-11-17 Found nothing

[softwin BitDefender]

2011-11-16 Gen:Variant.Graftor.1148

[Panda Antivirus]

2011-11-16 Found nothing

[ClamAV]

2011-11-17 Found nothing

[Quick Heal]

2011-11-16 Found nothing

[CPsecure]

2011-11-17 Found nothing

[sophos]

2011-11-17 Found nothing

[Dr.Web]

2011-11-17 Found nothing

[VirusBlokAda VBA32]

2011-11-15 Found nothing

[Emsisoft Anti-Malware]

2011-11-17 Win32.SuspectCrc!IK

[VirusBuster]

2011-11-16 Found nothing

[ESET]

2011-11-16 Found nothing

Link to post
Share on other sites

Here's the page url

http://www.virustotal.com/file-scan/report.html?id=c256ee5580386b2a72112bd1b70cd95806f04e408402506353bc616181dd0fec-1321500335

Antivirus Version Last Update Result

AhnLab-V3 2011.11.16.00 2011.11.16 Trojan/Win32.VBKrypt

AntiVir 7.11.17.203 2011.11.16 -

Antiy-AVL 2.0.3.7 2011.11.16 -

Avast 6.0.1289.0 2011.11.16 -

AVG 10.0.0.1190 2011.11.16 -

BitDefender 7.2 2011.11.16 Gen:Variant.Graftor.1148

ByteHero 1.0.0.1 2011.11.14 -

ClamAV 0.97.3.0 2011.11.16 -

Commtouch 5.3.2.6 2011.11.16 -

Comodo 10778 2011.11.14 -

DrWeb 5.0.2.03300 2011.11.16 -

Emsisoft 5.1.0.11 2011.11.16 -

eSafe 7.0.17.0 2011.11.16 -

eTrust-Vet 37.0.9569 2011.11.16 -

F-Prot 4.6.5.141 2011.11.16 -

F-Secure 9.0.16440.0 2011.11.16 Gen:Variant.Graftor.1148

Fortinet 4.3.370.0 2011.11.16 -

GData 22 2011.11.16 Gen:Variant.Graftor.1148

Ikarus T3.1.1.109.0 2011.11.16 -

Jiangmin 13.0.900 2011.11.16 -

K7AntiVirus 9.119.5474 2011.11.16 -

Kaspersky 9.0.0.837 2011.11.16 -

McAfee 5.400.0.1158 2011.11.16 -

McAfee-GW-Edition 2010.1D 2011.11.16 -

Microsoft 1.7801 2011.11.16 -

NOD32 6636 2011.11.16 -

Norman 6.07.13 2011.11.16 -

nProtect 2011-11-16.01 2011.11.16 Gen:Variant.Graftor.1148

Panda 10.0.3.5 2011.11.16 -

PCTools 8.0.0.5 2011.11.16 -

Prevx 3.0 2011.11.17 -

Rising 23.84.02.02 2011.11.16 -

Sophos 4.71.0 2011.11.16 -

SUPERAntiSpyware 4.40.0.1006 2011.11.16 -

Symantec 20111.2.0.82 2011.11.16 -

TheHacker 6.7.0.1.343 2011.11.16 -

TrendMicro 9.500.0.1008 2011.11.16 -

TrendMicro-HouseCall 9.500.0.1008 2011.11.16 -

VBA32 3.12.16.4 2011.11.15 -

VIPRE 11062 2011.11.16 -

ViRobot 2011.11.16.4776 2011.11.16 -

VirusBuster 14.1.66.1 2011.11.16 -

Additional information

MD5 : 4109ba339dc84ed593bdd243fee3b9ec

SHA1 : d072b3aa139f34409491dbc92b8b42873679d3fe

SHA256: c256ee5580386b2a72112bd1b70cd95806f04e408402506353bc616181dd0fec

ssdeep: 6144:IX82cOnzNAkQmCtLe9+OGiTvNq05GSYT6m1Az/Hr3o3x0qPjTuAX+FxdPWQ/NiW:wdfn5A

HDti+XiTvNq0GxA2jTuAuFtn

File size : 442368 bytes

First seen: 2011-11-17 03:25:35

Last seen : 2011-11-17 03:25:35

Magic: MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit

TrID:

Win32 Executable Microsoft Visual Basic 6 (96.9%)

Generic Win/DOS Executable (1.5%)

DOS Executable Generic (1.5%)

Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

sigcheck:

publisher....: Durham Addressograph

copyright....: Louise Rankin Bingham Canterbu Mongolia Nelson Frisian Laguerre

product......: Tokyo Cunningham CeciliaDuffySelena Naomi SteinbergMcLeanMao

description..: MuensterHimalaya Matthew MysoreKathy AmadeusHoyt

original name: qqb.exe

internal name: qqb

file version.: 5.06.0005

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

PEiD: -

PEInfo: PE structure information

[[ basic data ]]

entrypointaddress: 0x1478

timedatestamp....: 0x4EC400C1 (Wed Nov 16 18:28:17 2011)

machinetype......: 0x14C (Intel I386)

[[ 3 section(s) ]]

name, viradd, virsiz, rawdsiz, ntropy, md5

.text, 0x1000, 0x68058, 0x69000, 7.9, 49be0b7f8d285b1d14dea0d64d5ff657

.data, 0x6A000, 0xDAC, 0x1000, 0.0, 620f0b67a91f7f74151bc5be745b7110

.rsrc, 0x6B000, 0x5D0, 0x1000, 1.39, 2cf0707697998edc3249bda08c0872d8

[[ 1 import(s) ]]

msvbvm60.dll: _CIcos, _adj_fptan, __vbaVarMove, __vbaVarVargNofree, __vbaFreeVar, __vbaStrVarMove, __vbaFreeVarList, _adj_fdiv_m64, _adj_fprem1, -, __vbaStrCat, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, -, __vbaAryDestruct, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaRefVarAry, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaStrCmp, __vbaVarTstEq, __vbaAryConstruct2, DllFunctionCall, __vbaFpUI1, __vbaRedimPreserve, _adj_fpatan, __vbaRedim, EVENT_SINK_Release, __vbaUI1I2, _CIsqrt, EVENT_SINK_QueryInterface, __vbaUI1I4, __vbaExceptHandler, -, __vbaStrToUnicode, _adj_fprem, _adj_fdivr_m64, __vbaFPException, __vbaUbound, __vbaStrVarVal, __vbaVarCat, -, _CIlog, __vbaErrorOverflow, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, -, __vbaFreeStrList, __vbaDerefAry1, _adj_fdivr_m32, _adj_fdiv_r, -, __vbaI4Var, __vbaAryLock, __vbaVarDup, __vbaStrToAnsi, __vbaFpI4, _CIatan, __vbaStrMove, __vbaAryCopy, -, __vbaStrVarCopy, _allmul, _CItan, __vbaAryUnlock, _CIexp, __vbaFreeStr, __vbaFreeObj, __vbaI4ErrVar

Androguard:

-

ExifTool:

file metadata

CharacterSet: Unicode

CodeSize: 430080

CompanyName: Durham Addressograph

EntryPoint: 0x1478

FileDescription: MuensterHimalaya Matthew MysoreKathy AmadeusHoyt

FileFlagsMask: 0x0000

FileOS: Win32

FileSize: 432 kB

FileSubtype: 0

FileType: Win32 EXE

FileVersion: 5.06.0005

FileVersionNumber: 5.6.0.5

ImageVersion: 5.6

InitializedDataSize: 8192

InternalName: qqb

LanguageCode: English (U.S.)

LegalCopyright: Louise Rankin Bingham Canterbu Mongolia Nelson Frisian Laguerre

LinkerVersion: 6.0

MIMEType: application/octet-stream

MachineType: Intel 386 or later, and compatibles

OSVersion: 4.0

ObjectFileType: Executable application

OriginalFilename: qqb.exe

PEType: PE32

ProductName: Tokyo Cunningham CeciliaDuffySelena Naomi SteinbergMcLeanMao

ProductVersion: 5.06.0005

ProductVersionNumber: 5.6.0.5

Subsystem: Windows GUI

SubsystemVersion: 4.0

TimeStamp: 2011:11:16 19:28:17+01:00

UninitializedDataSize: 0

Link to post
Share on other sites

My apologies for the delay,

please try the following:

The Kaspersky Rescue Disk is a bootable CD based version of Kaspersky Antivirus.

The download is in ISO format.

If you are not sure how to burn an image, please read How to write a CD/DVD image or ISO. If you need a FREE utility to burn the ISO image, download and use ImgBurn.

Download the Kaspersky Rescue Disk:

http://rescuedisk.kaspersky-labs.com/rescuedisk/updatable/ .

  • Burn the Kaspersky Rescue Disk ISO image to CD.
  • Insert the Kaspersky Rescue Disk CD into your CD/DVD drive and boot the computer (you may need to change the boot sequence in your system's BIOS to boot from the CD/DVD drive).
  • Follow the instructions in the initial text screen to press Enter to start Kaspersky AntiVirus.
  • Select your language (or wait a few seconds for the default English to load).
  • Your screen may go blank for several minutes while the program loads.
  • After the Kaspersky Rescue Disk loads, the database will be updated (if you have network connectivity)
    • Click the Update tab to view the update progress.
    • When the update has completed, click the Scan tab.

    [*]Place a checkmark in all the available drives to scan the entire system.

    [*]Click the "Security level" option, and select options.

    • Make sure "All Files" is selected
    • Under "Scan of compound files" ensure all options are selected and click the OK button.

    [*]Click the "On threat detection" option

    • Select "Do not prompt", "Disinfect", and "Delete if disinfection fails".

    [*]Click the "Start scan" button.

    [*]When the scan has completed, click the Reports button.

    • Click the Save button, and select your System drive (normally your C: drive)
    • In the "File name" box, name the file krd-log and click the Save button.
    • Click Close to close the Reports window.

    [*]Click the Exit button to close the Rescue Disk program and confirm.

    In the lower left of the screen, left-click the red K button, select Logout, and confirm.

    [*]The computer will shut down.

    [*]Restart the computer and reboot normally.

    [*]Please post the log (krd-log.txt) in your next reply.

Link to post
Share on other sites

Give it another try. If it doesn't work, try one of these:

These are links to Anti-virus vendors that offer free LiveCD or Rescue CD files that are used to boot from for repair of unbootable and damaged systems, rescue data, scan the system for virus infections. Burn it as an image to a disk to get a bootable CD. All (except Avira) are in the ISO Image file format. Avira uses an EXE that has built-in CD burning capability.

If you are not sure how to burn an image, please read How to write a CD/DVD image or ISO. If you need a FREE utility to burn the ISO image, download and use ImgBurn.

Let me know how it goes.

Link to post
Share on other sites

  • 2 weeks later...
  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.