Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Security Center and Google Redirect issues


  • Please log in to reply
31 replies to this topic

#1 poageboy

poageboy

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:45 AM

Posted 10 July 2011 - 09:45 PM

Hello brilliant volunteers who will hopefully know how to fix the malady affecting my computer!

Recently, after downloading some programs to convert video files into formats usable by an iPhone, I realized that my Google search engine results were being redirected to trash/useless sites that were not the intended destination. I should have been more careful downloading sketchy software like that, but I have realized my mistake and am now focused on fixing it.

Additionally, the windows security center service, which is normally set to run automatically, was disabled. Trying to start it from the message I received in the system tray gave me a "The Windows Security Center service can't be started," error message. Manually starting the service from the services window starts the service momentarily, but before i can try to run Microsoft Security Essentials the service is disabled again.

I've tried running malwarebytes and bitdefender. Malwarebytes found some infected files, but didn't fix the problem, and bitdefender seems to think my computer is fine...

I've attached a HijackThis log and the attach.txt recommended in the guidebook. Below is a copy of my DDS.txt contents.

Thanks for your time, computer saviors!


DDS.txt:

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Patrick at 22:30:52 on 2011-07-10
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2139 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Soluto\SolutoService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Soluto\soluto.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files (x86)\DesktopEarth\DesktopEarth.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Patrick\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = https://www.usaa.com/inet/ent_logon/Logon?redirectjsp=true
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=userinit.exe,
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [Google Update] "C:\Users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Patrick\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DESKTO~1.LNK - C:\Users\Patrick\AppData\Roaming\Microsoft\Installer\{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}\_C1A9BF9D98647632ED5172.exe
StartupFolder: C:\Users\Patrick\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FIFA10~1.LNK - C:\Program Files (x86)\EA Sports\FIFA 10\Support\EAregister.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
TCP: Interfaces\{C71C57ED-15F4-47A9-AE76-C3306D02EE25} : NameServer = 68.105.28.11,68.105.29.12
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\eyyjwbbs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.netflix.com/WiHome
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Patrick\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Users\Patrick\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: C:\Windows\system32\TVUAx\npTVUAx.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Soluto;Soluto;C:\Windows\system32\DRIVERS\Soluto.sys --> C:\Windows\system32\DRIVERS\Soluto.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-6-4 2214504]
R2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2011-6-26 376352]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-5-20 378472]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-27 136176]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-27 136176]
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;C:\Windows\System32\drivers\libusb0.sys [2010-8-6 16896]
S3 LiveTurbineMessageService;Turbine Message Service - Live;C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineMessageService.exe [2009-9-9 267760]
S3 LiveTurbineNetworkService;Turbine Network Service - Live;C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineNetworkService.exe [2009-9-9 218608]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-07-11 01:44:33 -------- d-----w- C:\Windows\System32\SPReview
2011-07-10 20:04:36 -------- d-----w- C:\ProgramData\Kaspersky Lab
2011-07-10 19:55:51 -------- d-----w- C:\Users\Patrick\AppData\Roaming\QuickScan
2011-07-10 19:55:41 -------- d-----w- C:\ProgramData\Kaspersky Lab Setup Files
2011-07-10 19:00:27 106496 --sha-r- C:\Windows\SysWow64\KBDFI1H.dll
2011-07-10 07:22:16 8873296 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{738C58EA-9586-46AA-BCC3-CCCAEAB70301}\mpengine.dll
2011-07-07 15:36:59 800256 ----a-w- C:\Windows\System32\usp10.dll
2011-07-07 15:35:59 81920 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadcs.dll
2011-07-07 15:34:59 6144 ----a-w- C:\Windows\System32\drivers\en-US\IPMIDrv.sys.mui
2011-07-07 15:34:59 4608 ----a-w- C:\Windows\System32\drivers\en-US\kbdclass.sys.mui
2011-07-07 15:34:51 209920 ----a-w- C:\Windows\SysWow64\PkgMgr.exe
2011-07-07 15:34:51 189952 ----a-w- C:\Windows\SysWow64\wdscore.dll
2011-07-07 15:34:39 323072 ----a-w- C:\Windows\SysWow64\drvstore.dll
2011-07-07 15:34:39 257024 ----a-w- C:\Windows\SysWow64\dpx.dll
2011-07-07 15:34:36 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2011-07-07 15:34:36 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2011-07-07 15:32:28 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-07-07 15:32:28 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2011-07-07 15:32:28 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll
2011-07-07 15:32:16 933376 ----a-w- C:\Windows\System32\SmiEngine.dll
2011-07-07 15:32:10 199168 ----a-w- C:\Windows\System32\PkgMgr.exe
2011-07-07 15:31:39 422912 ----a-w- C:\Windows\System32\drvstore.dll
2011-07-07 15:31:39 399872 ----a-w- C:\Windows\System32\dpx.dll
2011-07-05 21:15:35 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-07-05 21:15:34 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-07-01 01:28:36 -------- d-----w- C:\Users\Patrick\AppData\Roaming\DVDVideoSoft
2011-07-01 01:28:35 -------- d-----w- C:\Program Files (x86)\Common Files\DVDVideoSoft
2011-07-01 01:28:34 -------- d-----w- C:\Program Files (x86)\DVDVideoSoft
2011-06-28 03:00:01 -------- d-----w- C:\Users\Patrick\AppData\Roaming\EVEMon
2011-06-28 02:59:55 -------- d-----w- C:\Program Files (x86)\EVEMon
2011-06-27 12:59:52 54728 ----a-w- C:\Windows\System32\drivers\Soluto.sys
2011-06-27 12:59:49 -------- d-----w- C:\Program Files\Soluto
2011-06-16 23:35:36 -------- d-----w- C:\Users\Patrick\AppData\Local\The Witcher 2
2011-06-16 23:20:14 -------- d-----w- C:\Program Files (x86)\The Witcher 2
2011-06-14 01:57:00 -------- d-----w- C:\Program Files\iPod
2011-06-14 01:56:59 -------- d-----w- C:\Program Files\iTunes
2011-06-14 01:56:59 -------- d-----w- C:\Program Files (x86)\iTunes
2011-06-14 01:55:42 -------- d-----w- C:\Program Files\Bonjour
2011-06-14 01:55:42 -------- d-----w- C:\Program Files (x86)\Bonjour
.
==================== Find3M ====================
.
2011-07-11 01:50:31 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-07-11 01:50:31 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-06-29 12:07:56 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-11 01:14:56 280768 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-06-11 01:14:56 280768 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-06-11 01:13:52 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-05-29 13:11:30 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-29 13:11:20 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-05-28 03:06:58 3135488 ----a-w- C:\Windows\System32\win32k.sys
2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-05-21 02:35:28 304744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2011-05-10 12:06:08 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2011-05-10 12:06:08 4517664 ----a-w- C:\Windows\System32\usbaaplrc.dll
2011-05-04 08:52:22 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll
2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll
2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll
2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll
2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll
2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll
2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2011-05-03 05:29:29 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-05-03 04:30:02 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-04-29 03:06:10 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-04-29 03:05:49 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-04-29 03:05:37 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-04-27 02:40:40 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-04-27 02:39:40 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-04-27 02:39:37 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-04-25 05:33:51 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-04-25 02:34:03 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-04-23 01:29:25 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-04-23 01:19:19 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-04-22 23:35:56 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-04-22 23:25:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-04-22 22:15:29 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-04-13 22:40:10 4284416 ----a-w- C:\Windows\SysWow64\GPhotos.scr
.
============= FINISH: 22:31:31.14 ===============

EDIT: Please be patient. There are over 330 unanswered topics in this forum at present and the current average wait time to receive help is 10 days. ~Budapest

Attached Files


Edited by Budapest, 13 July 2011 - 04:17 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,669 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:45 AM

Posted 29 July 2011 - 05:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you!

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

First, I need to know if you still need help! To tell me this, please click on http://www.bleepingcomputer.com/logreply/408869 and follow the instructions there. If you do not still need help, this is all you need to do. If you do need help please continue below.

***************************************************

If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 poageboy

poageboy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:45 AM

Posted 29 July 2011 - 07:27 PM

Thanks for helping! When I first posted here I didn't understand the volume you lot had to go through. I really appreciate the work you all put into helping people with their computer issues.

The Problem:
Recently, after downloading some programs to convert video files into formats usable by an iPhone, I realized that my Google search engine results were being redirected to trash/useless sites that were not the intended destination. I should have been more careful downloading sketchy software like that, but I have realized my mistake and am now focused on fixing it.

Additionally, the windows security center service, which is normally set to run automatically, was disabled. Trying to start it from the message I received in the system tray gave me a "The Windows Security Center service can't be started," error message. Manually starting the service from the services window starts the service momentarily, but before i can try to run Microsoft Security Essentials the service is disabled again.

I've tried running malwarebytes and bitdefender. Malwarebytes found some infected files, but didn't fix the problem, and bitdefender seems to think my computer is fine...

I've attached a HijackThis log and the attach.txt recommended in the guidebook. Below is a copy of my DDS.txt contents.

EDIT:
I do have a copy of my original Windows install DVD. I am also moving this weekend, and may be unable to respond to posts until Sunday afternoon. Thanks for your time. You guys/gals are great.




.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Patrick at 20:20:38 on 2011-07-29
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2733 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Soluto\SolutoService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Soluto\soluto.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Users\Patrick\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files (x86)\DesktopEarth\DesktopEarth.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\taskeng.exe
C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = https://www.usaa.com/inet/ent_logon/Logon?redirectjsp=true
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=userinit.exe,
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [Google Update] "C:\Users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Patrick\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DESKTO~1.LNK - C:\Users\Patrick\AppData\Roaming\Microsoft\Installer\{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}\_C1A9BF9D98647632ED5172.exe
StartupFolder: C:\Users\Patrick\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FIFA10~1.LNK - C:\Program Files (x86)\EA Sports\FIFA 10\Support\EAregister.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
TCP: Interfaces\{C71C57ED-15F4-47A9-AE76-C3306D02EE25} : NameServer = 68.105.28.11,68.105.29.12
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\eyyjwbbs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.netflix.com/WiHome
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\Patrick\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Users\Patrick\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: C:\Windows\system32\TVUAx\npTVUAx.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Soluto;Soluto;C:\Windows\system32\DRIVERS\Soluto.sys --> C:\Windows\system32\DRIVERS\Soluto.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-6-4 2214504]
R2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2011-6-26 376352]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-5-20 378472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-27 136176]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-27 136176]
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;C:\Windows\System32\drivers\libusb0.sys [2010-8-6 16896]
S3 LiveTurbineMessageService;Turbine Message Service - Live;C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineMessageService.exe [2009-9-9 267760]
S3 LiveTurbineNetworkService;Turbine Network Service - Live;C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineNetworkService.exe [2009-9-9 218608]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-07-27 00:45:02 -------- d-----w- C:\Users\Patrick\AppData\Local\reakktor
2011-07-27 00:12:18 -------- d-----w- C:\Program Files (x86)\Gamigo
2011-07-26 23:12:52 -------- d-----w- C:\Program Files (x86)\Black Prophecy
2011-07-26 23:11:38 -------- d-----w- C:\Users\Patrick\AppData\Local\PMB Files
2011-07-26 23:11:37 -------- d-----w- C:\ProgramData\PMB Files
2011-07-26 23:11:28 -------- d-----w- C:\Program Files (x86)\Pando Networks
2011-07-19 01:26:58 -------- d-----w- C:\Program Files\Wizards of the Coast
2011-07-12 01:57:56 -------- d-----w- C:\Users\Patrick\AppData\Roaming\Hi-Rez Studios
2011-07-12 01:57:43 -------- d-----w- C:\Windows\B83FC356B7C0441F8A4DD71E088E7974.TMP
2011-07-11 01:44:33 -------- d-----w- C:\Windows\System32\SPReview
2011-07-10 20:04:36 -------- d-----w- C:\ProgramData\Kaspersky Lab
2011-07-10 19:55:51 -------- d-----w- C:\Users\Patrick\AppData\Roaming\QuickScan
2011-07-10 19:55:41 -------- d-----w- C:\ProgramData\Kaspersky Lab Setup Files
2011-07-10 19:00:27 106496 --sha-r- C:\Windows\SysWow64\KBDFI1H.dll
2011-07-10 07:22:16 8873296 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{738C58EA-9586-46AA-BCC3-CCCAEAB70301}\mpengine.dll
2011-07-07 15:36:59 800256 ----a-w- C:\Windows\System32\usp10.dll
2011-07-07 15:35:59 81920 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadcs.dll
2011-07-07 15:34:59 6144 ----a-w- C:\Windows\System32\drivers\en-US\IPMIDrv.sys.mui
2011-07-07 15:34:59 4608 ----a-w- C:\Windows\System32\drivers\en-US\kbdclass.sys.mui
2011-07-07 15:34:51 209920 ----a-w- C:\Windows\SysWow64\PkgMgr.exe
2011-07-07 15:34:51 189952 ----a-w- C:\Windows\SysWow64\wdscore.dll
2011-07-07 15:34:39 323072 ----a-w- C:\Windows\SysWow64\drvstore.dll
2011-07-07 15:34:39 257024 ----a-w- C:\Windows\SysWow64\dpx.dll
2011-07-07 15:34:36 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2011-07-07 15:34:36 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2011-07-07 15:32:28 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-07-07 15:32:28 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2011-07-07 15:32:28 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll
2011-07-07 15:32:16 933376 ----a-w- C:\Windows\System32\SmiEngine.dll
2011-07-07 15:32:10 199168 ----a-w- C:\Windows\System32\PkgMgr.exe
2011-07-07 15:31:39 422912 ----a-w- C:\Windows\System32\drvstore.dll
2011-07-07 15:31:39 399872 ----a-w- C:\Windows\System32\dpx.dll
2011-07-05 21:15:35 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-07-05 21:15:34 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-07-01 01:28:36 -------- d-----w- C:\Users\Patrick\AppData\Roaming\DVDVideoSoft
2011-07-01 01:28:35 -------- d-----w- C:\Program Files (x86)\Common Files\DVDVideoSoft
2011-07-01 01:28:34 -------- d-----w- C:\Program Files (x86)\DVDVideoSoft
.
==================== Find3M ====================
.
2011-07-11 01:50:31 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-07-11 01:50:31 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-06-29 12:07:56 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-26 17:34:52 54728 ----a-w- C:\Windows\System32\drivers\Soluto.sys
2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys
2011-06-11 01:14:56 280768 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-06-11 01:14:56 280768 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-06-11 01:13:52 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-06-03 06:57:45 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-06-03 06:57:45 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-06-03 06:57:45 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-06-03 06:57:44 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-03 06:57:38 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-06-03 06:53:33 338944 ----a-w- C:\Windows\System32\conhost.exe
2011-06-03 06:00:53 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-06-03 05:57:33 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-06-03 05:56:12 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-06-03 03:53:31 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-06-03 03:53:31 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-29 13:11:30 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-29 13:11:20 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-05-21 02:35:28 304744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2011-05-10 12:06:08 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2011-05-10 12:06:08 4517664 ----a-w- C:\Windows\System32\usbaaplrc.dll
2011-05-04 08:52:22 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll
2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll
2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll
2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll
2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll
2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll
2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2011-05-03 05:29:29 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-05-03 04:30:02 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
.
============= FINISH: 20:21:43.87 ===============

Attached Files



#4 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:10:45 AM

Posted 30 July 2011 - 09:58 AM

Hello, welcome to SpywareHammer.

I go by Hoov, and I will be helping you with your problem. I must ask you to do a few things for me.

First, tell me everything that you have done, if anything, to try and fix this problem.

Second, please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

Third, follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go.

Fourth, Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

Fifth, if we start this fix, I need you to stick with me until the end. Just because your computer is running better does not mean it is fixed.

Before we start trying to fix your computer, you need to make sure your data is backed up. Also let me know of any software you have running that encrypts your harddrive.

Now onto trying to fix your computer.

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#5 poageboy

poageboy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:45 AM

Posted 02 August 2011 - 10:25 AM

Thanks for the help Hoov. Just finished moving, and I finally got the computer set up. I will be ready to do whatever you ask from now till the problem is fixed. Thanks again.

Here is the TDSSKiller report:


2011/08/02 11:23:19.0684 3828 TDSS rootkit removing tool 2.5.13.0 Jul 29 2011 17:24:11
2011/08/02 11:23:19.0948 3828 ================================================================================
2011/08/02 11:23:19.0948 3828 SystemInfo:
2011/08/02 11:23:19.0948 3828
2011/08/02 11:23:19.0948 3828 OS Version: 6.1.7601 ServicePack: 1.0
2011/08/02 11:23:19.0948 3828 Product type: Workstation
2011/08/02 11:23:19.0948 3828 ComputerName: DOCKLE
2011/08/02 11:23:19.0948 3828 UserName: Patrick
2011/08/02 11:23:19.0948 3828 Windows directory: C:\Windows
2011/08/02 11:23:19.0948 3828 System windows directory: C:\Windows
2011/08/02 11:23:19.0948 3828 Running under WOW64
2011/08/02 11:23:19.0948 3828 Processor architecture: Intel x64
2011/08/02 11:23:19.0948 3828 Number of processors: 4
2011/08/02 11:23:19.0948 3828 Page size: 0x1000
2011/08/02 11:23:19.0948 3828 Boot type: Normal boot
2011/08/02 11:23:19.0948 3828 ================================================================================
2011/08/02 11:23:21.0029 3828 Initialize success
2011/08/02 11:23:22.0607 4360 ================================================================================
2011/08/02 11:23:22.0607 4360 Scan started
2011/08/02 11:23:22.0607 4360 Mode: Manual;
2011/08/02 11:23:22.0607 4360 ================================================================================
2011/08/02 11:23:24.0282 4360 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/08/02 11:23:24.0352 4360 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/08/02 11:23:24.0407 4360 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/08/02 11:23:24.0481 4360 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/08/02 11:23:24.0507 4360 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/08/02 11:23:24.0539 4360 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/08/02 11:23:24.0654 4360 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
2011/08/02 11:23:24.0787 4360 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/08/02 11:23:24.0898 4360 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/08/02 11:23:24.0916 4360 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/08/02 11:23:24.0941 4360 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/08/02 11:23:24.0963 4360 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/08/02 11:23:25.0020 4360 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
2011/08/02 11:23:25.0131 4360 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/08/02 11:23:25.0228 4360 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
2011/08/02 11:23:25.0287 4360 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/08/02 11:23:25.0348 4360 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/08/02 11:23:25.0368 4360 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/08/02 11:23:25.0484 4360 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/02 11:23:25.0576 4360 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/08/02 11:23:25.0609 4360 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
2011/08/02 11:23:25.0667 4360 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/08/02 11:23:25.0717 4360 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/08/02 11:23:25.0751 4360 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/08/02 11:23:25.0801 4360 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/08/02 11:23:25.0978 4360 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/02 11:23:26.0011 4360 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/08/02 11:23:26.0031 4360 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/08/02 11:23:26.0066 4360 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/08/02 11:23:26.0090 4360 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/08/02 11:23:26.0146 4360 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/08/02 11:23:26.0189 4360 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/08/02 11:23:26.0267 4360 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/08/02 11:23:26.0304 4360 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/02 11:23:26.0389 4360 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
2011/08/02 11:23:26.0451 4360 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/08/02 11:23:26.0533 4360 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/08/02 11:23:26.0585 4360 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/02 11:23:26.0636 4360 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/08/02 11:23:26.0692 4360 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/08/02 11:23:26.0720 4360 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/02 11:23:26.0804 4360 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/08/02 11:23:26.0826 4360 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/08/02 11:23:26.0909 4360 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
2011/08/02 11:23:27.0006 4360 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/08/02 11:23:27.0075 4360 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/08/02 11:23:27.0102 4360 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/08/02 11:23:27.0196 4360 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
2011/08/02 11:23:27.0295 4360 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
2011/08/02 11:23:27.0348 4360 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/08/02 11:23:27.0431 4360 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/08/02 11:23:27.0525 4360 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/02 11:23:27.0637 4360 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/08/02 11:23:27.0779 4360 ElbyCDIO (702d5606cf2199e0edea6f0e0d27cd10) C:\Windows\system32\Drivers\ElbyCDIO.sys
2011/08/02 11:23:27.0877 4360 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/08/02 11:23:27.0941 4360 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/08/02 11:23:28.0026 4360 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/08/02 11:23:28.0056 4360 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/08/02 11:23:28.0137 4360 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/02 11:23:28.0229 4360 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/08/02 11:23:28.0296 4360 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/08/02 11:23:28.0320 4360 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/02 11:23:28.0397 4360 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/08/02 11:23:28.0462 4360 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/08/02 11:23:28.0487 4360 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/02 11:23:28.0553 4360 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/08/02 11:23:28.0609 4360 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/08/02 11:23:28.0669 4360 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/08/02 11:23:28.0804 4360 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/08/02 11:23:28.0910 4360 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/08/02 11:23:28.0960 4360 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/08/02 11:23:28.0994 4360 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/08/02 11:23:29.0021 4360 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/08/02 11:23:29.0048 4360 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/08/02 11:23:29.0085 4360 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/02 11:23:29.0138 4360 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/08/02 11:23:29.0216 4360 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/08/02 11:23:29.0294 4360 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/08/02 11:23:29.0358 4360 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/08/02 11:23:29.0445 4360 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
2011/08/02 11:23:29.0493 4360 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/08/02 11:23:29.0621 4360 IntcAzAudAddService (e8017f1662d9142f45ceab694d013c00) C:\Windows\system32\drivers\RTKVHD64.sys
2011/08/02 11:23:29.0665 4360 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/08/02 11:23:29.0691 4360 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/02 11:23:29.0810 4360 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/02 11:23:29.0876 4360 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/08/02 11:23:29.0930 4360 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/08/02 11:23:29.0980 4360 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/08/02 11:23:30.0033 4360 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/08/02 11:23:30.0086 4360 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/08/02 11:23:30.0125 4360 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/02 11:23:30.0185 4360 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/02 11:23:30.0223 4360 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/02 11:23:30.0305 4360 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/08/02 11:23:30.0341 4360 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/08/02 11:23:30.0403 4360 libusb0 (6ef4b6a31d8ac172620bb9c5ae8602ed) C:\Windows\system32\DRIVERS\libusb0.sys
2011/08/02 11:23:30.0446 4360 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/08/02 11:23:30.0488 4360 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/02 11:23:30.0528 4360 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/08/02 11:23:30.0541 4360 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/08/02 11:23:30.0567 4360 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/08/02 11:23:30.0594 4360 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/08/02 11:23:30.0613 4360 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/08/02 11:23:30.0643 4360 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/08/02 11:23:30.0669 4360 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/08/02 11:23:30.0698 4360 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/08/02 11:23:30.0737 4360 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/02 11:23:30.0804 4360 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/02 11:23:30.0835 4360 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/02 11:23:30.0888 4360 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/08/02 11:23:30.0960 4360 MpFilter (e6ba8e5a4a871899e23d64573ef58ee9) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/08/02 11:23:31.0018 4360 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/08/02 11:23:31.0041 4360 MpNWMon (98b09a4f2c462441030b83a80a3f6fb3) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/08/02 11:23:31.0068 4360 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/02 11:23:31.0128 4360 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/08/02 11:23:31.0183 4360 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/02 11:23:31.0237 4360 mrxsmb10 (2086d463bd371d8a37d153897430916d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/02 11:23:31.0260 4360 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/02 11:23:31.0287 4360 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/08/02 11:23:31.0378 4360 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/08/02 11:23:31.0459 4360 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/08/02 11:23:31.0474 4360 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/08/02 11:23:31.0528 4360 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/08/02 11:23:31.0651 4360 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/02 11:23:31.0682 4360 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/02 11:23:31.0698 4360 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/08/02 11:23:31.0758 4360 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/08/02 11:23:31.0786 4360 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/08/02 11:23:31.0808 4360 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/08/02 11:23:31.0829 4360 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/08/02 11:23:31.0894 4360 MTsensor (6936198f2cc25b39cf5262436c80df46) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/08/02 11:23:31.0921 4360 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/08/02 11:23:32.0003 4360 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/02 11:23:32.0077 4360 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/08/02 11:23:32.0118 4360 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/08/02 11:23:32.0150 4360 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/02 11:23:32.0217 4360 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/02 11:23:32.0485 4360 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/02 11:23:32.0707 4360 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/08/02 11:23:33.0076 4360 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/02 11:23:33.0325 4360 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/02 11:23:33.0560 4360 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/08/02 11:23:33.0628 4360 NisDrv (3713e8452b88d3e0be095e06b6fbc776) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/08/02 11:23:33.0790 4360 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/08/02 11:23:33.0835 4360 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/02 11:23:33.0886 4360 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
2011/08/02 11:23:33.0933 4360 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/08/02 11:23:34.0004 4360 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
2011/08/02 11:23:34.0256 4360 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/08/02 11:23:34.0376 4360 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
2011/08/02 11:23:34.0429 4360 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
2011/08/02 11:23:34.0474 4360 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/08/02 11:23:34.0525 4360 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/08/02 11:23:34.0603 4360 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/08/02 11:23:34.0661 4360 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/08/02 11:23:34.0687 4360 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/08/02 11:23:34.0704 4360 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/08/02 11:23:34.0728 4360 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/08/02 11:23:34.0754 4360 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/08/02 11:23:34.0783 4360 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/08/02 11:23:34.0943 4360 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/02 11:23:34.0963 4360 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/08/02 11:23:35.0041 4360 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/02 11:23:35.0085 4360 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/08/02 11:23:35.0131 4360 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/08/02 11:23:35.0158 4360 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/02 11:23:35.0179 4360 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/02 11:23:35.0233 4360 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/08/02 11:23:35.0292 4360 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/02 11:23:35.0315 4360 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/02 11:23:35.0332 4360 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/02 11:23:35.0397 4360 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/02 11:23:35.0419 4360 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/08/02 11:23:35.0433 4360 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/02 11:23:35.0506 4360 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
2011/08/02 11:23:35.0540 4360 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/02 11:23:35.0558 4360 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/08/02 11:23:35.0626 4360 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
2011/08/02 11:23:35.0673 4360 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/08/02 11:23:35.0737 4360 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/08/02 11:23:35.0807 4360 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
2011/08/02 11:23:35.0842 4360 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/02 11:23:35.0905 4360 RT2500 (31db11c9b2ed9abaac8d07fd591820b4) C:\Windows\system32\DRIVERS\RT2500.sys
2011/08/02 11:23:35.0954 4360 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
2011/08/02 11:23:36.0004 4360 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/08/02 11:23:36.0062 4360 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/08/02 11:23:36.0093 4360 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/08/02 11:23:36.0126 4360 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/02 11:23:36.0156 4360 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/08/02 11:23:36.0213 4360 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/08/02 11:23:36.0267 4360 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/08/02 11:23:36.0289 4360 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/02 11:23:36.0310 4360 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/02 11:23:36.0336 4360 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/08/02 11:23:36.0379 4360 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/08/02 11:23:36.0399 4360 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/08/02 11:23:36.0430 4360 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/08/02 11:23:36.0498 4360 Soluto (f9369327409492097b0bb7ce86bd29de) C:\Windows\system32\DRIVERS\Soluto.sys
2011/08/02 11:23:36.0516 4360 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/08/02 11:23:36.0591 4360 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
2011/08/02 11:23:36.0591 4360 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
2011/08/02 11:23:36.0604 4360 sptd - detected LockedFile.Multi.Generic (1)
2011/08/02 11:23:36.0635 4360 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
2011/08/02 11:23:36.0669 4360 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/02 11:23:36.0695 4360 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/02 11:23:36.0739 4360 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/08/02 11:23:36.0799 4360 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
2011/08/02 11:23:36.0827 4360 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
2011/08/02 11:23:36.0884 4360 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/08/02 11:23:37.0020 4360 Tcpip (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\drivers\tcpip.sys
2011/08/02 11:23:37.0087 4360 TCPIP6 (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/02 11:23:37.0159 4360 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/02 11:23:37.0186 4360 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/08/02 11:23:37.0205 4360 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/08/02 11:23:37.0265 4360 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/02 11:23:37.0288 4360 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/08/02 11:23:37.0387 4360 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/02 11:23:37.0464 4360 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/08/02 11:23:37.0553 4360 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/02 11:23:37.0615 4360 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/08/02 11:23:37.0758 4360 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/02 11:23:37.0830 4360 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/02 11:23:37.0905 4360 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
2011/08/02 11:23:37.0927 4360 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/08/02 11:23:37.0966 4360 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
2011/08/02 11:23:37.0987 4360 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/02 11:23:38.0043 4360 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/08/02 11:23:38.0115 4360 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/02 11:23:38.0151 4360 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/02 11:23:38.0180 4360 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
2011/08/02 11:23:38.0216 4360 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/02 11:23:38.0296 4360 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/08/02 11:23:38.0322 4360 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
2011/08/02 11:23:38.0361 4360 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
2011/08/02 11:23:38.0401 4360 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/08/02 11:23:38.0428 4360 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/02 11:23:38.0449 4360 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/08/02 11:23:38.0500 4360 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/08/02 11:23:38.0527 4360 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/08/02 11:23:38.0566 4360 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
2011/08/02 11:23:38.0598 4360 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
2011/08/02 11:23:38.0629 4360 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/08/02 11:23:38.0694 4360 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/08/02 11:23:38.0722 4360 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/08/02 11:23:38.0803 4360 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/08/02 11:23:38.0825 4360 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/08/02 11:23:38.0856 4360 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/08/02 11:23:38.0940 4360 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/02 11:23:39.0005 4360 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/02 11:23:39.0114 4360 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/08/02 11:23:39.0155 4360 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/02 11:23:39.0208 4360 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/08/02 11:23:39.0228 4360 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/08/02 11:23:39.0355 4360 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/08/02 11:23:39.0476 4360 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/08/02 11:23:39.0532 4360 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/02 11:23:39.0610 4360 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/08/02 11:23:39.0651 4360 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/02 11:23:39.0781 4360 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
2011/08/02 11:23:39.0831 4360 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/08/02 11:23:39.0852 4360 Boot (0x1200) (64a1a62b1fe53b5b81cc2a038449dd43) \Device\Harddisk0\DR0\Partition0
2011/08/02 11:23:39.0858 4360 ================================================================================
2011/08/02 11:23:39.0858 4360 Scan finished
2011/08/02 11:23:39.0858 4360 ================================================================================
2011/08/02 11:23:39.0866 2124 Detected object count: 1
2011/08/02 11:23:39.0866 2124 Actual detected object count: 1
2011/08/02 11:23:43.0127 2124 LockedFile.Multi.Generic(sptd) - User select action: Skip

#6 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:10:45 AM

Posted 02 August 2011 - 10:37 AM

Open a command prompt (all programs > Accessories > Command Prompt) and type in
Ipconfig /all > ipconfig.txt and then hit enter. Then type in ipconfig.txt to open notepad with the log. Copy it and paste it in to your next response.

Are there any other problems or just the redirecting. Do you connect thru a router?
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#7 poageboy

poageboy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:45 AM

Posted 02 August 2011 - 03:00 PM

The biggest problem is not the redirect from google searches. After I ran a few virus removal tools (which did not seem to have an effect: see my first post), the google search issues waned away. It does not seem to be affecting the computer now. The main issue is that I cannot start Microsoft Security essentials, and I have 14 instances of svchost.exe running in the background all the time. When I try to start the windows security center service, which is normally set to run automatically, I get an error message saying "The Windows Security Center service can't be started." Manually starting the service from the services window starts the service momentarily, but before I can try to run Microsoft Security Essentials the service is disabled again.

Yes, I do connect through a router.





Windows IP Configuration

Host Name . . . . . . . . . . . . : Dockle
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Ralink RT2500 Wireless LAN Card
Physical Address. . . . . . . . . : 00-09-F3-71-F9-3B
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::8a9:358e:9e6:4ca1%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 268438003
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-3E-64-FB-00-23-54-F2-EA-7C
DNS Servers . . . . . . . . . . . : 68.105.28.11
68.105.29.12
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
Physical Address. . . . . . . . . : 00-23-54-F2-EA-7C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{C71C57ED-15F4-47A9-AE76-C3306D02EE25}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:1888:2bac:9d4b:f94a(Preferred)
Link-local IPv6 Address . . . . . : fe80::1888:2bac:9d4b:f94a%14(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{4D576E1C-5061-4D17-8CB7-C24101DB790B}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

#8 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:10:45 AM

Posted 02 August 2011 - 04:06 PM

* Anyone other than the originator of this thread, you would be best advised to not run combofix without guidance from someone trained in its use. It is a very powerful tool that can cause damage to your computer if used wrong.

Run comboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Also make sure you close all your browsers just before the instructions tell you to start the scanner.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#9 poageboy

poageboy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:45 AM

Posted 02 August 2011 - 04:41 PM

Okay, ran Combofix. Upon reboot, I remembered that there is an error message that pops up when logging into my account that says: "Windows could not connect to the System Event Norification Service service. This problem prevents standard users from logging onto the system..." Thanks again for you time, Hoov. I do appreciate it.

Here's the Combofix log:




ComboFix 11-08-02.03 - Patrick 08/02/2011 17:18:08.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2331 [GMT -4:00]
Running from: c:\users\Patrick\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-07-02 to 2011-08-02 )))))))))))))))))))))))))))))))
.
.
2011-08-02 21:28 . 2011-08-02 21:28 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-08-02 21:28 . 2011-08-02 21:28 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-08-02 21:28 . 2011-08-02 21:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-02 21:28 . 2011-08-02 21:28 -------- d-----w- c:\users\Amy\AppData\Local\temp
2011-08-02 21:28 . 2011-08-02 21:28 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-07-27 00:45 . 2011-07-27 00:45 -------- d-----w- c:\users\Patrick\AppData\Local\reakktor
2011-07-27 00:12 . 2011-07-27 00:12 -------- d-----w- c:\program files (x86)\Gamigo
2011-07-26 23:12 . 2011-07-26 23:13 -------- d-----w- c:\program files (x86)\Black Prophecy
2011-07-26 23:11 . 2011-08-02 21:29 -------- d-----w- c:\users\Patrick\AppData\Local\PMB Files
2011-07-26 23:11 . 2011-07-26 23:13 -------- d-----w- c:\programdata\PMB Files
2011-07-26 23:11 . 2011-07-26 23:11 -------- d-----w- c:\program files (x86)\Pando Networks
2011-07-19 01:26 . 2011-07-19 01:26 -------- d-----w- c:\program files\Wizards of the Coast
2011-07-12 01:57 . 2011-07-12 01:57 -------- d-----w- c:\users\Patrick\AppData\Roaming\Hi-Rez Studios
2011-07-12 01:57 . 2011-07-12 01:57 -------- d-----w- c:\windows\B83FC356B7C0441F8A4DD71E088E7974.TMP
2011-07-11 01:44 . 2011-07-11 01:44 -------- d-----w- c:\windows\system32\SPReview
2011-07-10 20:04 . 2011-07-10 20:04 -------- d-----w- c:\programdata\Kaspersky Lab
2011-07-10 19:55 . 2011-07-10 20:12 -------- d-----w- c:\users\Patrick\AppData\Roaming\QuickScan
2011-07-10 19:55 . 2011-07-10 19:55 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2011-07-10 19:00 . 2011-07-10 19:00 106496 --sha-r- c:\windows\SysWow64\KBDFI1H.dll
2011-07-10 07:22 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{738C58EA-9586-46AA-BCC3-CCCAEAB70301}\mpengine.dll
2011-07-07 15:36 . 2010-11-20 13:28 459248 ----a-w- c:\windows\system32\drivers\cng.sys
2011-07-07 15:35 . 2010-11-20 13:27 172544 ----a-w- c:\windows\system32\twext.dll
2011-07-07 15:34 . 2010-11-20 13:11 6144 ----a-w- c:\windows\system32\drivers\en-US\IPMIDrv.sys.mui
2011-07-07 15:34 . 2010-11-20 13:10 4608 ----a-w- c:\windows\system32\drivers\en-US\kbdclass.sys.mui
2011-07-07 15:34 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll
2011-07-07 15:34 . 2010-11-20 12:17 209920 ----a-w- c:\windows\SysWow64\PkgMgr.exe
2011-07-07 15:34 . 2010-11-20 12:18 323072 ----a-w- c:\windows\SysWow64\drvstore.dll
2011-07-07 15:34 . 2010-11-20 12:18 257024 ----a-w- c:\windows\SysWow64\dpx.dll
2011-07-07 15:34 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2011-07-07 15:34 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2011-07-07 15:32 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-07-07 15:32 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-07-07 15:32 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-07-07 15:32 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll
2011-07-07 15:32 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe
2011-07-07 15:31 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll
2011-07-07 15:31 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2011-07-05 21:15 . 2011-07-05 21:15 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-07-05 21:15 . 2011-07-05 21:15 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-07-05 08:43 . 2011-07-05 08:43 -------- d-----w- c:\program files (x86)\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-11 01:50 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-07-11 01:50 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-06-29 12:07 . 2011-05-22 01:40 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-26 17:34 . 2011-06-27 12:59 54728 ----a-w- c:\windows\system32\drivers\Soluto.sys
2011-06-11 01:14 . 2010-12-30 23:01 280768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-06-11 01:14 . 2010-12-30 23:00 280768 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-06-11 01:13 . 2010-12-30 23:00 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-06-07 17:10 . 2010-07-22 14:29 8873296 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-06-03 05:57 . 2011-07-12 20:18 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-29 13:11 . 2009-03-03 05:46 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-29 13:11 . 2009-09-09 01:08 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-25 06:09 . 2010-07-09 20:27 1016936 ----a-w- c:\windows\system32\nvvsvc.exe
2011-05-25 06:09 . 2010-07-09 20:27 3040872 ----a-w- c:\windows\system32\nvsvc64.dll
2011-05-25 06:09 . 2010-07-09 20:27 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-25 06:09 . 2010-01-12 04:19 61544 ----a-w- c:\windows\system32\nvshext.dll
2011-05-25 06:09 . 2011-06-04 18:19 739432 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-05-25 06:09 . 2011-06-04 18:18 67176 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-25 06:09 . 2011-06-04 18:18 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-05-25 06:09 . 2010-07-09 20:27 6300776 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-25 06:09 . 2009-07-13 21:59 8863336 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-05-25 06:09 . 2011-06-04 18:18 6555240 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-05-25 06:09 . 2011-06-04 18:18 22286952 ----a-w- c:\windows\system32\nvoglv64.dll
2011-05-25 06:09 . 2011-06-04 18:18 16456296 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2011-05-25 06:09 . 2011-06-04 18:18 15223912 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-05-25 06:09 . 2011-06-04 18:18 1496168 ----a-w- c:\windows\system32\nvdispco6420150.dll
2011-05-25 06:09 . 2011-06-04 18:18 1427048 ----a-w- c:\windows\system32\nvgenco642090.dll
2011-05-25 06:09 . 2011-06-04 18:18 13206120 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-05-25 06:09 . 2011-06-04 18:18 11992680 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-05-25 06:09 . 2011-06-04 18:18 2943592 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-25 06:09 . 2011-06-04 18:18 2804328 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2011-05-25 06:09 . 2011-06-04 18:18 7123560 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-25 06:09 . 2011-06-04 18:18 5301352 ----a-w- c:\windows\SysWow64\nvcuda.dll
2011-05-25 06:09 . 2011-06-04 18:18 2335848 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-05-25 06:09 . 2011-06-04 18:18 2212968 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-05-25 06:09 . 2011-06-04 18:18 2082408 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2011-05-25 06:09 . 2011-06-04 18:18 18583144 ----a-w- c:\windows\system32\nvcompiler.dll
2011-05-25 06:09 . 2011-06-04 18:18 13011560 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2011-05-25 06:09 . 2010-02-22 05:55 2644584 ----a-w- c:\windows\system32\nvapi64.dll
2011-05-24 11:42 . 2011-06-29 03:14 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:40 . 2011-06-29 03:14 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:40 . 2011-06-29 03:14 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:39 . 2011-06-29 03:14 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37 . 2011-06-29 03:14 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-05-21 02:35 . 2011-05-21 02:35 304744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2011-05-10 21:29 . 2011-05-10 21:29 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-05-10 21:29 . 2011-05-10 21:29 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-05-10 21:29 . 2011-05-10 21:29 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-05-10 21:29 . 2011-05-10 21:29 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-05-10 21:29 . 2011-05-10 21:29 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-05-10 21:29 . 2011-05-10 21:29 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-05-10 21:29 . 2011-05-10 21:29 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-05-10 21:29 . 2011-05-10 21:29 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-05-10 21:29 . 2011-05-10 21:29 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-05-10 21:29 . 2011-05-10 21:29 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-05-10 21:29 . 2011-05-10 21:29 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-05-10 21:29 . 2011-05-10 21:29 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-05-10 21:29 . 2011-05-10 21:29 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-05-10 21:29 . 2011-05-10 21:29 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-05-10 21:29 . 2011-05-10 21:29 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-05-10 21:29 . 2011-05-10 21:29 222208 ----a-w- c:\windows\system32\msls31.dll
2011-05-10 21:29 . 2011-05-10 21:29 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-05-10 21:29 . 2011-05-10 21:29 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-05-10 21:29 . 2011-05-10 21:29 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-05-10 21:29 . 2011-05-10 21:29 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-05-10 21:29 . 2011-05-10 21:29 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-05-10 21:29 . 2011-05-10 21:29 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-05-10 21:29 . 2011-05-10 21:29 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-05-10 21:29 . 2011-05-10 21:29 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-05-10 21:29 . 2011-05-10 21:29 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-05-10 21:29 . 2011-05-10 21:29 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-10 21:29 . 2011-05-10 21:29 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-05-10 21:29 . 2011-05-10 21:29 12288 ----a-w- c:\windows\system32\mshta.exe
2011-05-10 21:29 . 2011-05-10 21:29 114176 ----a-w- c:\windows\system32\admparse.dll
2011-05-10 21:29 . 2011-05-10 21:29 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-10 21:29 . 2011-05-10 21:29 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-05-10 21:29 . 2011-05-10 21:29 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-05-10 21:29 . 2011-05-10 21:29 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-05-10 21:29 . 2011-05-10 21:29 448512 ----a-w- c:\windows\system32\html.iec
2011-05-10 21:29 . 2011-05-10 21:29 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-10 21:29 . 2011-05-10 21:29 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-05-10 21:29 . 2011-05-10 21:29 160256 ----a-w- c:\windows\system32\wextract.exe
2011-05-10 21:29 . 2011-05-10 21:29 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-10 12:06 . 2011-05-10 12:06 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-05-10 12:06 . 2011-05-10 12:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-07-26 3077528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DesktopEarth AutoStart.lnk - c:\users\Patrick\AppData\Roaming\Microsoft\Installer\{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}\_C1A9BF9D98647632ED5172.exe [2010-7-4 29926]
FIFA 10 Registration.lnk - c:\program files (x86)\EA Sports\FIFA 10\Support\EAregister.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2010-10-3 117248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-18 136176]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-18 136176]
R3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\DRIVERS\libusb0.sys [2009-02-22 32808]
R3 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files (x86)\Turbine\Turbine Download Manager\TurbineMessageService.exe [2009-09-09 267760]
R3 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files (x86)\Turbine\Turbine Download Manager\TurbineNetworkService.exe [2009-09-09 218608]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2011-06-26 376352]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-21 378472]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - avgntflt
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-27 08:45]
.
2011-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-27 08:45]
.
2011-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1387087108-324953176-217419883-1000Core.job
- c:\users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-30 23:35]
.
2011-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1387087108-324953176-217419883-1000UA.job
- c:\users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-30 23:35]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.usaa.com/inet/ent_logon/Logon?redirectjsp=true
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: Interfaces\{C71C57ED-15F4-47A9-AE76-C3306D02EE25}: NameServer = 68.105.28.11,68.105.29.12
FF - ProfilePath - c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\eyyjwbbs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.netflix.com/WiHome
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8} - c:\program files (x86)\InstallShield Installation Information\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\Setup.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
AddRemove-{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8} - c:\program files (x86)\InstallShield Installation Information\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1387087108-324953176-217419883-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A9347AC6-5C4B-7269-6D75-73B2E6BA28E7}*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\DesktopEarth\DesktopEarth.exe
.
**************************************************************************
.
Completion time: 2011-08-02 17:37:53 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-02 21:37
.
Pre-Run: 30,273,810,432 bytes free
Post-Run: 30,502,707,200 bytes free
.
- - End Of File - - 99C7AE6DF476131B0491C56DF7EE2628

#10 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:10:45 AM

Posted 02 August 2011 - 05:53 PM

Did anything change? Did you used to have AVG installed? Any other AV scanners?
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#11 poageboy

poageboy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:45 AM

Posted 02 August 2011 - 10:29 PM

No, microsoft security essentials still won't start, and when i try to start the security center service, it is auto-disabled as soon as i start it. i also still have a bunch of svchost.exe processes sucking up my memory. i'm not sure about what av scanner i used before this one. definitely not avg. is there anything else i can do?

#12 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:10:45 AM

Posted 02 August 2011 - 10:37 PM

We really have not started getting into this. Just the opening salvoes.

I need you to go to the administration tools in Windows 7. They are in the Control Panel. Open the Admin tools, then open the event viewer. Over on the left hand side expand the window category and then click on System. Then up at the top click on Action and then click on Save Events As, type in system as the file name, make sure file type EVTX is selected, and then navigate so it will save the file to your desktop, then click save. Over on the left hand side and click on Application. Then up at the top click on Action and then click on Save Events As, type in application as the file name, make sure file type EVTX is selected, and then navigate so it will save the file to your desktop, then click save. Zip them both up into a single zip file, post them back here in your next reply as attachments.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#13 poageboy

poageboy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:45 AM

Posted 02 August 2011 - 11:21 PM

It keeps saying that the file is too big to upload...is there any other way to get that information to you?

Edited by poageboy, 02 August 2011 - 11:21 PM.


#14 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:10:45 AM

Posted 02 August 2011 - 11:26 PM

I am sending you a Private message on what to do with the logs.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#15 poageboy

poageboy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:45 AM

Posted 03 August 2011 - 07:43 AM

Morning Hoov.

Sent you the logs last night. When I woke up this morning and tried to get online, my computer informed me that I had only limited access. "Ah, must be our router again..." Then, I checked my roommates laptop, and it's working fine. Spent all morning resetting the router and modem, but my computer could never connect and get internet access, while my roommate's could. Not sure if this is related to the malware/virus issues, but I thought I'd keep you updated.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users