BleepingComputer.com: unable to run Run DDS

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

unable to run Run DDS

#16 User is offline   zonk59 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 14
  • Joined: 18-March 11

Posted 29 March 2011 - 07:02 PM

try, try, again ComboFix 11-03-28.05 - zonk 03/29/2011 20:17:24.2.2 - x64 MINIMAL Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.4062.2973 [GMT -3:00] Running from: C:\ComboFix.exe AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: COMODO Firewall *Enabled* {5F676F4C-DD6D-A47C-12D6-C449366C71EE} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: COMODO Defense+ *Enabled/Updated* {DC3D0F8D-B138-AAAA-0339-560EB3387C28} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-29 ))))))))))))))))))))))))))))))) . . 2011-03-29 23:20 . 2011-03-29 23:20 -------- d-----w- c:\users\zonk\AppData\Local\temp 2011-03-29 23:20 . 2011-03-29 23:20 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-03-29 20:31 . 2011-03-15 01:17 8424784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{01862F09-F25A-42A1-8D82-FA6F2F000D39}\mpengine.dll 2011-03-29 00:28 . 2010-12-17 21:42 601424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{52CB0828-5E58-4663-981A-D00B2DB39B51}\gapaengine.dll 2011-03-28 23:46 . 2011-03-28 23:46 -------- dc-h--w- c:\programdata\{8790345A-AF70-4319-B9E7-AAA25C6DCD42} 2011-03-28 23:46 . 2011-03-28 23:47 -------- d-----w- c:\programdata\Lavasoft 2011-03-28 23:46 . 2011-03-28 23:46 -------- d-----w- c:\program files (x86)\Lavasoft 2011-03-28 00:30 . 2011-03-28 00:30 -------- d-----w- C:\VritualRoot 2011-03-27 19:05 . 2011-03-28 21:41 -------- d-----w- c:\program files (x86)\OLT 2011-03-26 19:40 . 2011-03-26 19:40 -------- d-----w- c:\programdata\InstallMate 2011-03-26 19:40 . 2011-03-26 19:40 -------- d-----w- c:\program files (x86)\BillP Studios 2011-03-25 11:19 . 2010-12-17 21:42 601424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2011-03-23 23:55 . 2011-03-29 05:07 -------- d-----w- c:\users\zonk\SecurityScans 2011-03-23 21:43 . 2010-12-20 21:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2011-03-23 21:05 . 2011-03-23 21:01 1006764 ----a-w- C:\rkill.exe 2011-03-23 20:01 . 2011-03-23 20:01 -------- d-----w- c:\program files\COMODO 2011-03-22 22:45 . 2011-02-22 13:53 1149440 ----a-w- c:\windows\system32\FntCache.dll 2011-03-22 22:45 . 2011-02-22 14:47 479744 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-03-22 22:45 . 2011-02-22 14:13 288768 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll 2011-03-22 22:45 . 2011-02-22 13:53 1555968 ----a-w- c:\windows\system32\DWrite.dll 2011-03-22 22:45 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll 2011-03-22 21:55 . 2011-03-22 21:55 74703 ----a-w- c:\windows\SysWow64\mfc45.dll 2011-03-22 19:11 . 2011-03-22 19:11 -------- d-----w- c:\users\zonk\AppData\Roaming\AVG10 2011-03-22 19:08 . 2011-03-22 19:08 -------- d--h--w- c:\programdata\Common Files 2011-03-22 18:51 . 2011-03-29 05:09 -------- d-----w- c:\programdata\MFAData 2011-03-21 22:37 . 2011-03-21 22:38 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2011-03-20 14:23 . 2011-03-20 14:23 -------- d-----w- c:\users\zonk\AppData\Roaming\IObit 2011-03-20 14:23 . 2011-02-23 19:50 32648 ----a-w- c:\windows\system32\SmartDefragBootTime.exe 2011-03-20 14:23 . 2011-02-23 20:04 18232 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys 2011-03-20 14:23 . 2011-03-20 14:23 -------- d-----w- c:\program files (x86)\IObit 2011-03-19 01:50 . 2011-02-22 16:57 74824 ----a-w- c:\windows\system32\drivers\TfSysMon.sys 2011-03-19 01:50 . 2011-02-22 16:57 41888 ----a-w- c:\windows\system32\drivers\TfNetMon.sys 2011-03-19 01:50 . 2011-02-22 16:57 65072 ----a-w- c:\windows\system32\drivers\TfFsMon.sys 2011-03-19 01:50 . 2011-03-19 01:50 -------- d-----w- c:\program files (x86)\ThreatFire 2011-03-19 01:50 . 2011-03-19 01:50 -------- d-----w- c:\programdata\PC Tools 2011-03-18 23:42 . 2011-03-29 05:09 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2011-03-18 23:21 . 2011-03-18 23:21 -------- d-----w- c:\program files (x86)\ESET 2011-03-16 00:58 . 2011-02-23 14:04 238968 ----a-w- c:\windows\system32\aswBoot.exe 2011-03-16 00:38 . 2011-03-16 00:38 -------- d-----w- c:\users\zonk\AppData\Roaming\WinPatrol 2011-03-15 23:44 . 2010-02-09 01:36 69000 ----a-w- c:\windows\system32\offreg.dll 2011-03-15 23:44 . 2010-02-09 00:59 56200 ----a-w- c:\windows\SysWow64\offreg.dll 2011-03-15 21:36 . 2011-03-15 21:36 -------- d-----w- c:\windows\system32\Macromed 2011-03-13 15:38 . 2011-03-13 15:38 -------- d-----w- c:\program files\Microsoft Baseline Security Analyzer 2 2011-03-12 01:11 . 2011-03-12 01:11 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll 2011-03-10 00:39 . 2011-03-10 00:39 -------- d-----w- c:\users\zonk\AppData\Local\FixItCenter 2011-03-10 00:35 . 2011-03-10 00:37 -------- d-----w- c:\windows\MATS 2011-03-10 00:35 . 2011-03-10 00:37 -------- d-----w- c:\program files\Microsoft Fix it Center 2011-03-09 00:24 . 2011-03-09 00:25 -------- d-----w- c:\users\zonk\AppData\Roaming\gtk-2.0 2011-03-09 00:24 . 2011-03-09 00:24 -------- d-----w- c:\users\zonk\.thumbnails 2011-03-09 00:16 . 2010-12-17 17:34 2425344 ----a-w- c:\windows\system32\mstscax.dll 2011-03-09 00:16 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\SysWow64\mstscax.dll 2011-03-09 00:16 . 2010-12-17 15:41 731136 ----a-w- c:\windows\system32\mstsc.exe 2011-03-09 00:16 . 2010-12-17 13:54 677888 ----a-w- c:\windows\SysWow64\mstsc.exe 2011-03-09 00:16 . 2010-12-29 19:01 416768 ----a-w- c:\windows\system32\sbe.dll 2011-03-09 00:16 . 2010-12-29 19:01 559616 ----a-w- c:\windows\system32\EncDec.dll 2011-03-09 00:16 . 2010-12-29 18:59 226816 ----a-w- c:\windows\system32\mpg2splt.ax 2011-03-09 00:16 . 2010-12-29 18:28 429056 ----a-w- c:\windows\SysWow64\EncDec.dll 2011-03-09 00:16 . 2010-12-29 19:01 210944 ----a-w- c:\windows\system32\sbeio.dll 2011-03-09 00:16 . 2010-12-29 18:28 322560 ----a-w- c:\windows\SysWow64\sbe.dll 2011-03-09 00:16 . 2010-12-29 18:28 153088 ----a-w- c:\windows\SysWow64\sbeio.dll 2011-03-09 00:16 . 2010-12-29 18:26 177664 ----a-w- c:\windows\SysWow64\mpg2splt.ax 2011-03-08 22:34 . 2011-03-08 22:34 -------- d-----w- c:\users\zonk\AppData\Roaming\SeriousBit 2011-03-07 22:21 . 2011-03-29 05:09 -------- d-----w- c:\programdata\Comodo 2011-03-07 21:44 . 2011-03-06 20:47 35227976 ----a-w- c:\program files (x86)\Windows Defender\cispremium_installer_x86.exe 2011-03-06 20:13 . 2011-02-05 06:20 94208 ----a-w- c:\program files (x86)\Internet Explorer\fr\iediag.resources.dll 2011-03-06 20:07 . 2011-03-06 20:07 -------- d-----w- c:\users\zonk\AppData\Local\Apps 2011-03-06 15:05 . 2011-03-06 15:26 -------- d-----w- c:\windows\Driver Cache 2011-03-06 14:17 . 2011-03-06 14:17 -------- d-----w- c:\users\zonk\AppData\Roaming\CyberLink 2011-03-06 14:17 . 2011-03-06 14:17 -------- d-----w- c:\users\Public\CyberLink . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-11 04:54 . 2010-07-25 14:03 97928 ----a-w- c:\windows\system32\IncContxMenu.dll 2011-03-11 04:53 . 2010-07-25 14:03 14848 ----a-w- c:\windows\system32\smrgdf.exe 2011-03-11 04:53 . 2010-07-25 14:03 45568 ----a-w- c:\windows\system32\iolobtdfg.exe 2011-03-06 14:22 . 2010-10-09 20:04 521448 ----a-w- c:\windows\system32\deployJava1.dll 2011-01-20 16:46 . 2011-02-09 23:24 900480 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2011-01-20 16:17 . 2011-02-09 23:25 366592 ----a-w- c:\windows\system32\winspool.drv 2011-01-20 16:17 . 2011-02-09 23:24 625152 ----a-w- c:\windows\system32\dxgi.dll 2011-01-20 16:16 . 2011-02-09 23:24 287232 ----a-w- c:\windows\system32\d3d10core.dll 2011-01-20 16:16 . 2011-02-09 23:24 327680 ----a-w- c:\windows\system32\d3d10_1core.dll 2011-01-20 16:16 . 2011-02-09 23:24 196096 ----a-w- c:\windows\system32\d3d10_1.dll 2011-01-20 16:16 . 2011-02-09 23:24 1268224 ----a-w- c:\windows\system32\d3d10.dll 2011-01-20 16:16 . 2011-02-09 23:24 748544 ----a-w- c:\windows\system32\stobject.dll 2011-01-20 16:16 . 2011-02-09 23:24 47104 ----a-w- c:\windows\system32\cdd.dll 2011-01-20 16:16 . 2011-02-09 23:24 3548672 ----a-w- c:\windows\system32\mf.dll 2011-01-20 16:16 . 2011-02-09 23:24 35840 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll 2011-01-20 16:14 . 2011-02-09 23:24 278528 ----a-w- c:\windows\system32\mfplat.dll 2011-01-20 16:14 . 2011-02-09 23:24 195072 ----a-w- c:\windows\system32\mfps.dll 2011-01-20 16:08 . 2011-02-09 23:25 478720 ----a-w- c:\windows\SysWow64\dxgi.dll 2011-01-20 16:08 . 2011-02-09 23:24 1029120 ----a-w- c:\windows\SysWow64\d3d10.dll 2011-01-20 16:08 . 2011-02-09 23:24 189952 ----a-w- c:\windows\SysWow64\d3d10core.dll 2011-01-20 16:08 . 2011-02-09 23:24 160768 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2011-01-20 16:08 . 2011-02-09 23:24 219648 ----a-w- c:\windows\SysWow64\d3d10_1core.dll 2011-01-20 16:07 . 2011-02-09 23:24 258048 ----a-w- c:\windows\SysWow64\winspool.drv 2011-01-20 16:07 . 2011-02-09 23:24 586240 ----a-w- c:\windows\SysWow64\stobject.dll 2011-01-20 16:06 . 2011-02-09 23:24 2873344 ----a-w- c:\windows\SysWow64\mf.dll 2011-01-20 16:04 . 2011-02-09 23:24 209920 ----a-w- c:\windows\SysWow64\mfplat.dll 2011-01-20 16:04 . 2011-02-09 23:24 98816 ----a-w- c:\windows\SysWow64\mfps.dll 2011-01-20 15:01 . 2011-02-09 23:25 3068416 ----a-w- c:\windows\system32\xpsservices.dll 2011-01-20 15:01 . 2011-02-09 23:25 1653760 ----a-w- c:\windows\system32\XpsPrint.dll 2011-01-20 14:59 . 2011-02-09 23:24 1032192 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe 2011-01-20 14:58 . 2011-02-09 23:24 1461760 ----a-w- c:\windows\system32\OpcServices.dll 2011-01-20 14:57 . 2011-02-09 23:24 231936 ----a-w- c:\windows\system32\XpsRasterService.dll 2011-01-20 14:42 . 2011-02-09 23:24 1257984 ----a-w- c:\windows\system32\MFH264Dec.dll 2011-01-20 14:41 . 2011-02-09 23:24 428544 ----a-w- c:\windows\system32\MFHEAACdec.dll 2011-01-20 14:40 . 2011-02-09 23:24 345088 ----a-w- c:\windows\system32\mfreadwrite.dll 2011-01-20 14:40 . 2011-02-09 23:24 34304 ----a-w- c:\windows\system32\mfpmp.exe 2011-01-20 14:40 . 2011-02-09 23:24 377344 ----a-w- c:\windows\system32\mfmp4src.dll 2011-01-20 14:37 . 2011-02-09 23:25 2002944 ----a-w- c:\windows\system32\d3d10warp.dll 2011-01-20 14:35 . 2011-02-09 23:24 566272 ----a-w- c:\windows\system32\d3d10level9.dll 2011-01-20 14:28 . 2011-02-09 23:25 1554432 ----a-w- c:\windows\SysWow64\xpsservices.dll 2011-01-20 14:27 . 2011-02-09 23:25 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll 2011-01-20 14:25 . 2011-02-09 23:25 847360 ----a-w- c:\windows\SysWow64\OpcServices.dll 2011-01-20 14:24 . 2011-02-09 23:24 135680 ----a-w- c:\windows\SysWow64\XpsRasterService.dll 2011-01-20 14:15 . 2011-02-09 23:24 979456 ----a-w- c:\windows\SysWow64\MFH264Dec.dll 2011-01-20 14:14 . 2011-02-09 23:24 357376 ----a-w- c:\windows\SysWow64\MFHEAACdec.dll 2011-01-20 14:14 . 2011-02-09 23:24 302592 ----a-w- c:\windows\SysWow64\mfmp4src.dll 2011-01-20 14:14 . 2011-02-09 23:24 261632 ----a-w- c:\windows\SysWow64\mfreadwrite.dll 2011-01-20 14:12 . 2011-02-09 23:25 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2011-01-20 14:11 . 2011-02-09 23:24 486400 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2011-01-20 14:06 . 2011-02-09 23:24 834048 ----a-w- c:\windows\system32\d2d1.dll 2011-01-20 13:47 . 2011-02-09 23:24 683008 ----a-w- c:\windows\SysWow64\d2d1.dll 2011-01-13 10:20 . 2010-10-10 01:10 7844688 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-01-08 09:03 . 2011-02-09 21:11 48128 ----a-w- c:\windows\system32\atmlib.dll 2011-01-08 08:47 . 2011-02-09 21:11 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2011-01-08 06:45 . 2011-02-09 21:11 367104 ----a-w- c:\windows\system32\atmfd.dll 2011-01-08 06:28 . 2011-02-09 21:11 292352 ----a-w- c:\windows\SysWow64\atmfd.dll 2011-01-06 20:36 . 2011-01-06 20:36 89840 ----a-w- c:\windows\system32\drivers\inspect.sys 2011-01-06 20:36 . 2011-01-06 20:36 38864 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2011-01-06 20:36 . 2011-01-06 20:36 250008 ----a-w- c:\windows\system32\drivers\cmdGuard.sys 2011-01-06 20:36 . 2011-01-06 20:36 14184 ----a-w- c:\windows\system32\drivers\cmderd.sys 2010-12-31 14:16 . 2011-02-09 21:12 2757632 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "iolo Startup"="c:\program files (x86)\iolo\Common\Lib\ioloLManager.exe" [2011-03-11 434360] "QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032] "ThreatFire"="c:\program files (x86)\ThreatFire\TFTray.exe" [2011-02-22 378128] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "GrpConv"="grpconv -o" [X] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoFileSharing"= 1 (0x1) "NoPrintSharing"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R1 aswSnx;aswSnx; [x] R1 aswSP;aswSP; [x] R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110225.002\BHDrvx64.sys [2011-02-25 1124472] R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x] R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [x] R1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110303.001\IDSvia64.sys [2010-11-09 476792] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1205000.07D\Ironx64.SYS [x] R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NISx64\1205000.07D\SYMTDIV.SYS [x] R2 aswFsBlk;aswFsBlk; [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-02-07 193840] R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-03-11 724152] R2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-03-11 724152] R2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe [2010-11-24 130000] R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-03-26 341328] R2 ThreatFire;ThreatFire;c:\program files (x86)\ThreatFire\TFService.exe service [x] R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x] R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [2010-11-16 343856] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x] R3 Nbdrv;NetBalancer Service;c:\windows\system32\DRIVERS\nbdrv.sys [x] R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [x] R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768] S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1205000.07D\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1205000.07D\SYMEFA64.SYS [x] S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x] S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x] S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - ECACHE . Contents of the 'Scheduled Tasks' folder . 2011-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3753171281-177551788-2684807853-1001UA.job - c:\users\zonk\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-27 19:01] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2008-01-24 685568] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-28 2096424] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-18 8866120] "WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\WinPatrol.exe" [2011-03-16 325000] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\guard64.dll . ------- Supplementary Scan ------- . uStart Page = hxxp://exclusive.bellaliant.net/home.jsp uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cnnb TCP: {46853A1B-FC8F-43E8-A257-60855A16501B} = 156.154.70.22,156.154.71.22 TCP: {B0F0C11A-5B88-4E53-B7A7-2818C42E62D8} = 156.154.70.22,156.154.71.22 FF - ProfilePath - c:\users\zonk\AppData\Roaming\Mozilla\Firefox\Profiles\zvfc4oju.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.livestrong.com/ FF - prefs.js: network.proxy.ftp - 127.0.0.1 FF - prefs.js: network.proxy.ftp_port - 8118 FF - prefs.js: network.proxy.gopher - 127.0.0.1 FF - prefs.js: network.proxy.gopher_port - 8118 FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 8118 FF - prefs.js: network.proxy.socks - 127.0.0.1 FF - prefs.js: network.proxy.socks_port - 8118 FF - prefs.js: network.proxy.ssl - 127.0.0.1 FF - prefs.js: network.proxy.ssl_port - 8118 FF - prefs.js: network.proxy.type - 0 . . ------- File Associations ------- . JSEFile=NOTEPAD.EXE %1 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-RunOnce- - (no file) . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.5.0.125\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ThreatFire] "AlternateImagePath"="" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_3_162_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_3_162_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Swearware\backup\winsock2\Parameters] @DACL=(02 0000) @SACL= "WinSock_Registry_Version"="2.0" "Current_NameSpace_Catalog"="NameSpace_Catalog5" "Current_Protocol_Catalog"="Protocol_Catalog9" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Completion time: 2011-03-29 20:22:08 ComboFix-quarantined-files.txt 2011-03-29 23:22 ComboFix2.txt 2011-03-29 23:15 . Pre-Run: 206,079,225,856 bytes free Post-Run: 206,013,550,592 bytes free . - - End Of File - - CD0C92AB9D10475FC1A27FCC100C5870

ComboFix 11-03-28.05 - zonk 03/29/2011 20:17:24.2.2 - x64 MINIMAL Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.4062.2973 [GMT -3:00] Running from: C:\ComboFix.exe AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: COMODO Firewall *Enabled* {5F676F4C-DD6D-A47C-12D6-C449366C71EE} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: COMODO Defense+ *Enabled/Updated* {DC3D0F8D-B138-AAAA-0339-560EB3387C28} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-29 ))))))))))))))))))))))))))))))) . . 2011-03-29 23:20 . 2011-03-29 23:20 -------- d-----w- c:\users\zonk\AppData\Local\temp 2011-03-29 23:20 . 2011-03-29 23:20 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-03-29 20:31 . 2011-03-15 01:17 8424784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{01862F09-F25A-42A1-8D82-FA6F2F000D39}\mpengine.dll 2011-03-29 00:28 . 2010-12-17 21:42 601424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{52CB0828-5E58-4663-981A-D00B2DB39B51}\gapaengine.dll 2011-03-28 23:46 . 2011-03-28 23:46 -------- dc-h--w- c:\programdata\{8790345A-AF70-4319-B9E7-AAA25C6DCD42} 2011-03-28 23:46 . 2011-03-28 23:47 -------- d-----w- c:\programdata\Lavasoft 2011-03-28 23:46 . 2011-03-28 23:46 -------- d-----w- c:\program files (x86)\Lavasoft 2011-03-28 00:30 . 2011-03-28 00:30 -------- d-----w- C:\VritualRoot 2011-03-27 19:05 . 2011-03-28 21:41 -------- d-----w- c:\program files (x86)\OLT 2011-03-26 19:40 . 2011-03-26 19:40 -------- d-----w- c:\programdata\InstallMate 2011-03-26 19:40 . 2011-03-26 19:40 -------- d-----w- c:\program files (x86)\BillP Studios 2011-03-25 11:19 . 2010-12-17 21:42 601424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2011-03-23 23:55 . 2011-03-29 05:07 -------- d-----w- c:\users\zonk\SecurityScans 2011-03-23 21:43 . 2010-12-20 21:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2011-03-23 21:05 . 2011-03-23 21:01 1006764 ----a-w- C:\rkill.exe 2011-03-23 20:01 . 2011-03-23 20:01 -------- d-----w- c:\program files\COMODO 2011-03-22 22:45 . 2011-02-22 13:53 1149440 ----a-w- c:\windows\system32\FntCache.dll 2011-03-22 22:45 . 2011-02-22 14:47 479744 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-03-22 22:45 . 2011-02-22 14:13 288768 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll 2011-03-22 22:45 . 2011-02-22 13:53 1555968 ----a-w- c:\windows\system32\DWrite.dll 2011-03-22 22:45 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll 2011-03-22 21:55 . 2011-03-22 21:55 74703 ----a-w- c:\windows\SysWow64\mfc45.dll 2011-03-22 19:11 . 2011-03-22 19:11 -------- d-----w- c:\users\zonk\AppData\Roaming\AVG10 2011-03-22 19:08 . 2011-03-22 19:08 -------- d--h--w- c:\programdata\Common Files 2011-03-22 18:51 . 2011-03-29 05:09 -------- d-----w- c:\programdata\MFAData 2011-03-21 22:37 . 2011-03-21 22:38 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2011-03-20 14:23 . 2011-03-20 14:23 -------- d-----w- c:\users\zonk\AppData\Roaming\IObit 2011-03-20 14:23 . 2011-02-23 19:50 32648 ----a-w- c:\windows\system32\SmartDefragBootTime.exe 2011-03-20 14:23 . 2011-02-23 20:04 18232 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys 2011-03-20 14:23 . 2011-03-20 14:23 -------- d-----w- c:\program files (x86)\IObit 2011-03-19 01:50 . 2011-02-22 16:57 74824 ----a-w- c:\windows\system32\drivers\TfSysMon.sys 2011-03-19 01:50 . 2011-02-22 16:57 41888 ----a-w- c:\windows\system32\drivers\TfNetMon.sys 2011-03-19 01:50 . 2011-02-22 16:57 65072 ----a-w- c:\windows\system32\drivers\TfFsMon.sys 2011-03-19 01:50 . 2011-03-19 01:50 -------- d-----w- c:\program files (x86)\ThreatFire 2011-03-19 01:50 . 2011-03-19 01:50 -------- d-----w- c:\programdata\PC Tools 2011-03-18 23:42 . 2011-03-29 05:09 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2011-03-18 23:21 . 2011-03-18 23:21 -------- d-----w- c:\program files (x86)\ESET 2011-03-16 00:58 . 2011-02-23 14:04 238968 ----a-w- c:\windows\system32\aswBoot.exe 2011-03-16 00:38 . 2011-03-16 00:38 -------- d-----w- c:\users\zonk\AppData\Roaming\WinPatrol 2011-03-15 23:44 . 2010-02-09 01:36 69000 ----a-w- c:\windows\system32\offreg.dll 2011-03-15 23:44 . 2010-02-09 00:59 56200 ----a-w- c:\windows\SysWow64\offreg.dll 2011-03-15 21:36 . 2011-03-15 21:36 -------- d-----w- c:\windows\system32\Macromed 2011-03-13 15:38 . 2011-03-13 15:38 -------- d-----w- c:\program files\Microsoft Baseline Security Analyzer 2 2011-03-12 01:11 . 2011-03-12 01:11 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll 2011-03-10 00:39 . 2011-03-10 00:39 -------- d-----w- c:\users\zonk\AppData\Local\FixItCenter 2011-03-10 00:35 . 2011-03-10 00:37 -------- d-----w- c:\windows\MATS 2011-03-10 00:35 . 2011-03-10 00:37 -------- d-----w- c:\program files\Microsoft Fix it Center 2011-03-09 00:24 . 2011-03-09 00:25 -------- d-----w- c:\users\zonk\AppData\Roaming\gtk-2.0 2011-03-09 00:24 . 2011-03-09 00:24 -------- d-----w- c:\users\zonk\.thumbnails 2011-03-09 00:16 . 2010-12-17 17:34 2425344 ----a-w- c:\windows\system32\mstscax.dll 2011-03-09 00:16 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\SysWow64\mstscax.dll 2011-03-09 00:16 . 2010-12-17 15:41 731136 ----a-w- c:\windows\system32\mstsc.exe 2011-03-09 00:16 . 2010-12-17 13:54 677888 ----a-w- c:\windows\SysWow64\mstsc.exe 2011-03-09 00:16 . 2010-12-29 19:01 416768 ----a-w- c:\windows\system32\sbe.dll 2011-03-09 00:16 . 2010-12-29 19:01 559616 ----a-w- c:\windows\system32\EncDec.dll 2011-03-09 00:16 . 2010-12-29 18:59 226816 ----a-w- c:\windows\system32\mpg2splt.ax 2011-03-09 00:16 . 2010-12-29 18:28 429056 ----a-w- c:\windows\SysWow64\EncDec.dll 2011-03-09 00:16 . 2010-12-29 19:01 210944 ----a-w- c:\windows\system32\sbeio.dll 2011-03-09 00:16 . 2010-12-29 18:28 322560 ----a-w- c:\windows\SysWow64\sbe.dll 2011-03-09 00:16 . 2010-12-29 18:28 153088 ----a-w- c:\windows\SysWow64\sbeio.dll 2011-03-09 00:16 . 2010-12-29 18:26 177664 ----a-w- c:\windows\SysWow64\mpg2splt.ax 2011-03-08 22:34 . 2011-03-08 22:34 -------- d-----w- c:\users\zonk\AppData\Roaming\SeriousBit 2011-03-07 22:21 . 2011-03-29 05:09 -------- d-----w- c:\programdata\Comodo 2011-03-07 21:44 . 2011-03-06 20:47 35227976 ----a-w- c:\program files (x86)\Windows Defender\cispremium_installer_x86.exe 2011-03-06 20:13 . 2011-02-05 06:20 94208 ----a-w- c:\program files (x86)\Internet Explorer\fr\iediag.resources.dll 2011-03-06 20:07 . 2011-03-06 20:07 -------- d-----w- c:\users\zonk\AppData\Local\Apps 2011-03-06 15:05 . 2011-03-06 15:26 -------- d-----w- c:\windows\Driver Cache 2011-03-06 14:17 . 2011-03-06 14:17 -------- d-----w- c:\users\zonk\AppData\Roaming\CyberLink 2011-03-06 14:17 . 2011-03-06 14:17 -------- d-----w- c:\users\Public\CyberLink . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-11 04:54 . 2010-07-25 14:03 97928 ----a-w- c:\windows\system32\IncContxMenu.dll 2011-03-11 04:53 . 2010-07-25 14:03 14848 ----a-w- c:\windows\system32\smrgdf.exe 2011-03-11 04:53 . 2010-07-25 14:03 45568 ----a-w- c:\windows\system32\iolobtdfg.exe 2011-03-06 14:22 . 2010-10-09 20:04 521448 ----a-w- c:\windows\system32\deployJava1.dll 2011-01-20 16:46 . 2011-02-09 23:24 900480 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2011-01-20 16:17 . 2011-02-09 23:25 366592 ----a-w- c:\windows\system32\winspool.drv 2011-01-20 16:17 . 2011-02-09 23:24 625152 ----a-w- c:\windows\system32\dxgi.dll 2011-01-20 16:16 . 2011-02-09 23:24 287232 ----a-w- c:\windows\system32\d3d10core.dll 2011-01-20 16:16 . 2011-02-09 23:24 327680 ----a-w- c:\windows\system32\d3d10_1core.dll 2011-01-20 16:16 . 2011-02-09 23:24 196096 ----a-w- c:\windows\system32\d3d10_1.dll 2011-01-20 16:16 . 2011-02-09 23:24 1268224 ----a-w- c:\windows\system32\d3d10.dll 2011-01-20 16:16 . 2011-02-09 23:24 748544 ----a-w- c:\windows\system32\stobject.dll 2011-01-20 16:16 . 2011-02-09 23:24 47104 ----a-w- c:\windows\system32\cdd.dll 2011-01-20 16:16 . 2011-02-09 23:24 3548672 ----a-w- c:\windows\system32\mf.dll 2011-01-20 16:16 . 2011-02-09 23:24 35840 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll 2011-01-20 16:14 . 2011-02-09 23:24 278528 ----a-w- c:\windows\system32\mfplat.dll 2011-01-20 16:14 . 2011-02-09 23:24 195072 ----a-w- c:\windows\system32\mfps.dll 2011-01-20 16:08 . 2011-02-09 23:25 478720 ----a-w- c:\windows\SysWow64\dxgi.dll 2011-01-20 16:08 . 2011-02-09 23:24 1029120 ----a-w- c:\windows\SysWow64\d3d10.dll 2011-01-20 16:08 . 2011-02-09 23:24 189952 ----a-w- c:\windows\SysWow64\d3d10core.dll 2011-01-20 16:08 . 2011-02-09 23:24 160768 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2011-01-20 16:08 . 2011-02-09 23:24 219648 ----a-w- c:\windows\SysWow64\d3d10_1core.dll 2011-01-20 16:07 . 2011-02-09 23:24 258048 ----a-w- c:\windows\SysWow64\winspool.drv 2011-01-20 16:07 . 2011-02-09 23:24 586240 ----a-w- c:\windows\SysWow64\stobject.dll 2011-01-20 16:06 . 2011-02-09 23:24 2873344 ----a-w- c:\windows\SysWow64\mf.dll 2011-01-20 16:04 . 2011-02-09 23:24 209920 ----a-w- c:\windows\SysWow64\mfplat.dll 2011-01-20 16:04 . 2011-02-09 23:24 98816 ----a-w- c:\windows\SysWow64\mfps.dll 2011-01-20 15:01 . 2011-02-09 23:25 3068416 ----a-w- c:\windows\system32\xpsservices.dll 2011-01-20 15:01 . 2011-02-09 23:25 1653760 ----a-w- c:\windows\system32\XpsPrint.dll 2011-01-20 14:59 . 2011-02-09 23:24 1032192 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe 2011-01-20 14:58 . 2011-02-09 23:24 1461760 ----a-w- c:\windows\system32\OpcServices.dll 2011-01-20 14:57 . 2011-02-09 23:24 231936 ----a-w- c:\windows\system32\XpsRasterService.dll 2011-01-20 14:42 . 2011-02-09 23:24 1257984 ----a-w- c:\windows\system32\MFH264Dec.dll 2011-01-20 14:41 . 2011-02-09 23:24 428544 ----a-w- c:\windows\system32\MFHEAACdec.dll 2011-01-20 14:40 . 2011-02-09 23:24 345088 ----a-w- c:\windows\system32\mfreadwrite.dll 2011-01-20 14:40 . 2011-02-09 23:24 34304 ----a-w- c:\windows\system32\mfpmp.exe 2011-01-20 14:40 . 2011-02-09 23:24 377344 ----a-w- c:\windows\system32\mfmp4src.dll 2011-01-20 14:37 . 2011-02-09 23:25 2002944 ----a-w- c:\windows\system32\d3d10warp.dll 2011-01-20 14:35 . 2011-02-09 23:24 566272 ----a-w- c:\windows\system32\d3d10level9.dll 2011-01-20 14:28 . 2011-02-09 23:25 1554432 ----a-w- c:\windows\SysWow64\xpsservices.dll 2011-01-20 14:27 . 2011-02-09 23:25 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll 2011-01-20 14:25 . 2011-02-09 23:25 847360 ----a-w- c:\windows\SysWow64\OpcServices.dll 2011-01-20 14:24 . 2011-02-09 23:24 135680 ----a-w- c:\windows\SysWow64\XpsRasterService.dll 2011-01-20 14:15 . 2011-02-09 23:24 979456 ----a-w- c:\windows\SysWow64\MFH264Dec.dll 2011-01-20 14:14 . 2011-02-09 23:24 357376 ----a-w- c:\windows\SysWow64\MFHEAACdec.dll 2011-01-20 14:14 . 2011-02-09 23:24 302592 ----a-w- c:\windows\SysWow64\mfmp4src.dll 2011-01-20 14:14 . 2011-02-09 23:24 261632 ----a-w- c:\windows\SysWow64\mfreadwrite.dll 2011-01-20 14:12 . 2011-02-09 23:25 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2011-01-20 14:11 . 2011-02-09 23:24 486400 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2011-01-20 14:06 . 2011-02-09 23:24 834048 ----a-w- c:\windows\system32\d2d1.dll 2011-01-20 13:47 . 2011-02-09 23:24 683008 ----a-w- c:\windows\SysWow64\d2d1.dll 2011-01-13 10:20 . 2010-10-10 01:10 7844688 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-01-08 09:03 . 2011-02-09 21:11 48128 ----a-w- c:\windows\system32\atmlib.dll 2011-01-08 08:47 . 2011-02-09 21:11 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2011-01-08 06:45 . 2011-02-09 21:11 367104 ----a-w- c:\windows\system32\atmfd.dll 2011-01-08 06:28 . 2011-02-09 21:11 292352 ----a-w- c:\windows\SysWow64\atmfd.dll 2011-01-06 20:36 . 2011-01-06 20:36 89840 ----a-w- c:\windows\system32\drivers\inspect.sys 2011-01-06 20:36 . 2011-01-06 20:36 38864 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2011-01-06 20:36 . 2011-01-06 20:36 250008 ----a-w- c:\windows\system32\drivers\cmdGuard.sys 2011-01-06 20:36 . 2011-01-06 20:36 14184 ----a-w- c:\windows\system32\drivers\cmderd.sys 2010-12-31 14:16 . 2011-02-09 21:12 2757632 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "iolo Startup"="c:\program files (x86)\iolo\Common\Lib\ioloLManager.exe" [2011-03-11 434360] "QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032] "ThreatFire"="c:\program files (x86)\ThreatFire\TFTray.exe" [2011-02-22 378128] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "GrpConv"="grpconv -o" [X] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoFileSharing"= 1 (0x1) "NoPrintSharing"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R1 aswSnx;aswSnx; [x] R1 aswSP;aswSP; [x] R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110225.002\BHDrvx64.sys [2011-02-25 1124472] R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x] R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [x] R1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110303.001\IDSvia64.sys [2010-11-09 476792] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1205000.07D\Ironx64.SYS [x] R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NISx64\1205000.07D\SYMTDIV.SYS [x] R2 aswFsBlk;aswFsBlk; [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-02-07 193840] R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-03-11 724152] R2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-03-11 724152] R2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe [2010-11-24 130000] R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-03-26 341328] R2 ThreatFire;ThreatFire;c:\program files (x86)\ThreatFire\TFService.exe service [x] R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x] R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [2010-11-16 343856] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x] R3 Nbdrv;NetBalancer Service;c:\windows\system32\DRIVERS\nbdrv.sys [x] R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [x] R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768] S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1205000.07D\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1205000.07D\SYMEFA64.SYS [x] S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x] S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x] S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - ECACHE . Contents of the 'Scheduled Tasks' folder . 2011-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3753171281-177551788-2684807853-1001UA.job - c:\users\zonk\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-27 19:01] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2008-01-24 685568] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-28 2096424] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-18 8866120] "WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\WinPatrol.exe" [2011-03-16 325000] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\guard64.dll . ------- Supplementary Scan ------- . uStart Page = hxxp://exclusive.bellaliant.net/home.jsp uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cnnb TCP: {46853A1B-FC8F-43E8-A257-60855A16501B} = 156.154.70.22,156.154.71.22 TCP: {B0F0C11A-5B88-4E53-B7A7-2818C42E62D8} = 156.154.70.22,156.154.71.22 FF - ProfilePath - c:\users\zonk\AppData\Roaming\Mozilla\Firefox\Profiles\zvfc4oju.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.livestrong.com/ FF - prefs.js: network.proxy.ftp - 127.0.0.1 FF - prefs.js: network.proxy.ftp_port - 8118 FF - prefs.js: network.proxy.gopher - 127.0.0.1 FF - prefs.js: network.proxy.gopher_port - 8118 FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 8118 FF - prefs.js: network.proxy.socks - 127.0.0.1 FF - prefs.js: network.proxy.socks_port - 8118 FF - prefs.js: network.proxy.ssl - 127.0.0.1 FF - prefs.js: network.proxy.ssl_port - 8118 FF - prefs.js: network.proxy.type - 0 . . ------- File Associations ------- . JSEFile=NOTEPAD.EXE %1 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-RunOnce- - (no file) . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.5.0.125\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ThreatFire] "AlternateImagePath"="" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_3_162_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_3_162_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Swearware\backup\winsock2\Parameters] @DACL=(02 0000) @SACL= "WinSock_Registry_Version"="2.0" "Current_NameSpace_Catalog"="NameSpace_Catalog5" "Current_Protocol_Catalog"="Protocol_Catalog9" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Completion time: 2011-03-29 20:22:08 ComboFix-quarantined-files.txt 2011-03-29 23:22 ComboFix2.txt 2011-03-29 23:15 . Pre-Run: 206,079,225,856 bytes free Post-Run: 206,013,550,592 bytes free . - - End Of File - - CD0C92AB9D10475FC1A27FCC100C5870

#17 User is offline   m0le 

  • I know the drill!
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 29,103
  • Joined: 24-July 08
  • Gender:Male
  • Location:London, UK

Posted 29 March 2011 - 07:27 PM

Okay, I can fortunately see what I need from that log. :)

Please scan with ESET next

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.

  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology

  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

If no log is generated that means nothing was found. Please let me know if this happens.
If I have helped you fix your PC then please donate. Thanks

Posted Image
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#18 User is offline   zonk59 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 14
  • Joined: 18-March 11

Posted 30 March 2011 - 05:07 PM

Hello The ESET scan did not produce a file, it did not indicate that it found anything. (sorry for the jumbled txt in the last post, no idea why that is happening). Thanks again

#19 User is offline   m0le 

  • I know the drill!
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 29,103
  • Joined: 24-July 08
  • Gender:Male
  • Location:London, UK

Posted 30 March 2011 - 05:56 PM

Yes, I would like to know what you did differently the second time to correct the problem of the formatting.

How is the machine running now?
If I have helped you fix your PC then please donate. Thanks

Posted Image
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#20 User is offline   zonk59 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 14
  • Joined: 18-March 11

Posted 01 April 2011 - 03:03 PM

hello The the first time I pasted in the text I hit the space bar a couple of times to add space to type in after I pasted the text. The 2nd time I pasted the text without adding the space... that's the only differance that I can recal. The computer is workin ok, downloads are a bit slower some how, could that be a result of using Comodo instead of Norton for a firewall. Based on what you have seen, or is it that I hve pooched my operating system?

#21 User is offline   m0le 

  • I know the drill!
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 29,103
  • Joined: 24-July 08
  • Gender:Male
  • Location:London, UK

Posted 01 April 2011 - 07:37 PM

It might be the settings that are off.

Take a look at Comodo's settings article here

Thanks for the insight into the formatting issue. I think that the space bar broke the formatting code and wrapped it together. I'm going to test that later. For now though...

You're clean. Good stuff! :thumbup2:

Let's do some clearing up

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
    (For Vista/Windows 7 please click Start -> All Programs -> Accessories -> Run)
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between "Combofix" and "/")
  • Please follow the prompts to uninstall Combofix.
  • You will then receive a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
This will uninstall Combofix and anything associated with it.


We Need to Clean Up our Mess
Download and Run OTC

We will now remove the tools we used during this fix using OTC.

  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.
------------------------------------------------------------------------------------------------------------------------

Here's some advice on how you can keep your PC clean


Use and update your AntiVirus Software

You must have a good antivirus. There are plenty to choose from but I personally recommend the free options of Avast and Avira Antivir. If you want to purchase a security program then I recommend any of the following: AVG, Norton, McAfee, Kaspersky and ESET Nod32.

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

Use this next program to check for updates for programs already on your system. Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically, make sure that updates on any that are flagged are carried out as soon as possible


It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Installing this or another recommended program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.


Finally, here's a treasure trove of antivirus, antimalware and antispyware resources


That's it zonk59, happy surfing!

Cheers.

m0le
If I have helped you fix your PC then please donate. Thanks

Posted Image
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#22 User is offline   m0le 

  • I know the drill!
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 29,103
  • Joined: 24-July 08
  • Gender:Male
  • Location:London, UK

Posted 06 April 2011 - 06:48 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
If I have helped you fix your PC then please donate. Thanks

Posted Image
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

Share this topic:


  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users