Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser redirects + services disabled in Win 7


  • This topic is locked This topic is locked
2 replies to this topic

#1 chilean

chilean

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:32 AM

Posted 16 July 2011 - 01:05 AM

I am pretty sure I have malware, as my computer is having the following two problems:

1. Search engine links in Internet Explorer and Chrome are randomly, not always, being redirected to sites like www.thewebtimes.net and www.goingonearth.com.
2. Microsoft Security Essentials is disabled, and Windows will not let me re-enabled it. If I try to turn on services like Windows Security Center (and other services like Windows Defender) on in services.msc, they are instantly disabled. If I try to open msseces.exe, it automatically closes.

If it helps, I am pretty sure the computer was first infected between 6-10 PM Eastern Time on 7/15. I have tried running Spybot, MalwareBytes, and Super Anti-Spyware, and these problems still persist.

Here is my DDS log:

DDS (Ver_2011-07-14.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_23
Run by user1 at 1:50:10 on 2011-07-16
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.2559 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Automation Anywhere 6.0\Automation Anywhere Service.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Automation Anywhere 6.0\AAService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\System32\vds.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\user1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = g.msn.com/USCON/1
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\user1\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{7EDF4999-BD81-4AE5-A311-231CAF1CD7C7} : NameServer = 68.28.114.91 68.28.122.93
TCP: Interfaces\{C8A1A621-57A0-4BF5-BFD5-47A3F85A617F} : DHCPNameServer = 18.0.0.1 18.0.0.3
TCP: Interfaces\{F26FBE42-0275-4E57-8F2B-64BD80C4F4D3} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F26FBE42-0275-4E57-8F2B-64BD80C4F4D3}\140707C65602E4564777F627B602361323561336 : DHCPNameServer = 10.0.1.1
TCP: Interfaces\{F26FBE42-0275-4E57-8F2B-64BD80C4F4D3}\16474777966696 : DHCPNameServer = 192.168.5.1
TCP: Interfaces\{F26FBE42-0275-4E57-8F2B-64BD80C4F4D3}\655435059414723502055524C49434 : DHCPNameServer = 172.18.1.30
TCP: Interfaces\{F26FBE42-0275-4E57-8F2B-64BD80C4F4D3}\84166716E616 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{F26FBE42-0275-4E57-8F2B-64BD80C4F4D3}\9555354594E414D2651494F4F5E4564777F627B6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F26FBE42-0275-4E57-8F2B-64BD80C4F4D3}\A593750533 : DHCPNameServer = 192.168.1.1 71.250.0.12
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RtHDVCpl] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-Run: [QuickSet] "C:\Program Files\Dell\QuickSet\QuickSet.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\pbl1el3k.default\
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\user1\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-9-1 55280]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2011-4-18 189440]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-12 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-4 128384]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-9-1 98208]
R2 Automation Anywhere Service 6.0;Automation Anywhere Service 6.0;C:\Program Files (x86)\Automation Anywhere 6.0\Automation Anywhere Service.exe [2010-3-2 880640]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-9-1 705856]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-9-1 2320920]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\System32\drivers\bcmvwl64.sys [2010-9-1 20984]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-9-1 172704]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-9-1 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-9-1 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-9-1 271872]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-9-1 74280]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2010-4-24 721768]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2010-4-24 269672]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2010-4-24 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2010-4-24 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-2 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-2 136176]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2011-4-18 40832]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 84864]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-9-1 245792]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-26 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2011-07-16 05:36:50 -------- d-----w- C:\_OTL
2011-07-16 05:21:17 35712 ----a-w- C:\Windows\SysWow64\drivers\BlackBox.sys
2011-07-16 04:44:30 -------- d-----w- C:\Windows\pss
2011-07-16 03:48:58 -------- d-----w- C:\Program Files (x86)\EASEUS
2011-07-16 03:44:09 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-07-16 03:44:09 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-07-16 03:33:33 388096 ----a-r- C:\Users\user1\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-16 03:33:33 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-07-16 02:55:58 -------- d-----w- C:\Users\user1\restoration
2011-07-16 01:20:17 -------- d-----w- C:\Users\user1\AppData\Roaming\SUPERAntiSpyware.com
2011-07-16 01:20:17 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-07-16 01:20:13 -------- d-----w- C:\ProgramData\!SASCORE
2011-07-16 01:20:06 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-07-16 00:56:43 65536 --sha-r- C:\Windows\SysWow64\C_1146J.dll
2011-07-16 00:45:50 -------- d-----w- C:\Windows\en
2011-07-15 20:27:59 -------- d-----w- C:\Users\user1\filetypes
2011-07-15 20:22:39 -------- d-----w- C:\Program Files\CCleaner
2011-07-15 16:34:36 -------- d-----w- C:\Users\user1\AppData\Local\SoftGrid Client
2011-07-15 16:34:32 -------- d-----w- C:\Users\user1\AppData\Roaming\SoftGrid Client
2011-07-15 15:33:38 -------- d-----w- C:\Users\user1\AppData\Roaming\SAS
2011-07-15 15:14:25 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-07-15 15:14:25 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2011-07-15 15:14:24 144384 ----a-w- C:\Windows\System32\cdd.dll
2011-07-15 15:14:21 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2011-07-15 15:14:17 1495040 ----a-w- C:\Windows\SysWow64\ExplorerFrame.dll
2011-07-15 15:14:16 1863680 ----a-w- C:\Windows\System32\ExplorerFrame.dll
2011-07-15 15:14:14 229888 ----a-w- C:\Windows\System32\XpsRasterService.dll
2011-07-15 15:14:14 135168 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll
2011-07-15 15:14:08 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2011-07-15 14:56:21 3216552 ----a-w- C:\Users\user1\ccsetup308.exe
2011-07-15 14:55:54 1353470 ----a-w- C:\Users\user1\pc-decrapifier-2.2.6.exe
2011-07-15 14:45:52 -------- d-----w- C:\Postings
2011-07-15 14:43:45 -------- d-----w- C:\SASPrograms
2011-07-15 14:43:36 -------- d-----w- C:\SASData
2011-07-15 14:40:53 8873296 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9213DFAC-CC71-441C-888C-E1EB6512F16D}\mpengine.dll
2011-07-15 14:40:40 -------- d-----w- C:\Users\user1\AppData\Roaming\Malwarebytes
2011-07-15 14:39:57 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-15 14:39:56 -------- d-----w- C:\ProgramData\Malwarebytes
2011-07-15 14:39:53 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-07-15 14:39:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-07-15 14:37:46 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-07-15 14:37:45 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-07-15 14:37:45 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-07-15 14:35:36 -------- d-----w- C:\Users\user1\AppData\Local\Mozilla
2011-07-15 14:35:17 601424 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3046F27A-58BA-43A2-8513-8DD163171AAB}\gapaengine.dll
2011-07-15 14:31:08 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-07-15 14:30:53 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-07-15 14:30:43 374664 ----a-w- C:\Windows\System32\drivers\netio.sys
2011-07-15 14:26:50 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CB4F81FF-FA14-4B99-A347-227E0DE7BF9B}\mpengine.dll
2011-07-15 14:26:50 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-07-15 14:02:44 -------- d-----w- C:\Users\user1\AppData\Local\Google
2011-07-15 13:53:23 3134464 ----a-w- C:\Windows\System32\win32k.sys
2011-07-15 13:49:55 -------- d-----w- C:\Program Files\Dell Support Center
2011-07-15 13:44:41 -------- d-----w- C:\Users\user1\AppData\Roaming\PCDr
2011-07-15 13:37:03 -------- d-----w- C:\Users\user1\My Backup Files
2011-07-15 13:32:45 -------- d-----w- C:\Users\user1\AppData\Local\Best Buy pc app
2011-07-11 15:05:16 -------- d-----w- C:\Users\user1\AppData\Roaming\Dell
2011-07-11 15:05:04 -------- d-----w- C:\Users\user1\AppData\Local\Stardock_Corporation
2011-07-11 15:05:03 -------- d-----w- C:\Users\user1\AppData\Local\Deployment
2011-07-11 15:05:03 -------- d-----w- C:\Users\user1\AppData\Local\Apps
2011-07-07 17:20:45 -------- d-sh--w- C:\found.000
2011-06-16 18:49:36 102400 ----a-w- C:\Windows\System32\drivers\dfsc.sys
2011-06-16 18:49:27 499712 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-06-16 18:49:27 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-06-16 18:49:21 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-06-16 18:49:20 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-06-16 18:49:20 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-06-16 18:42:03 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2011-06-16 18:42:03 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2011-06-16 18:42:02 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-06-16 18:42:02 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-06-16 18:41:56 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-06-16 18:41:56 399872 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-06-16 18:41:56 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-06-16 18:41:50 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2011-06-16 18:41:50 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-06-16 18:41:43 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-06-16 18:41:43 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
.
==================== Find3M ====================
.
2011-06-02 06:45:22 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-06-02 06:45:22 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-06-02 06:45:22 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-06-02 06:44:54 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-02 06:42:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-06-02 06:39:54 422400 ----a-w- C:\Windows\System32\KernelBase.dll
2011-06-02 06:35:56 338944 ----a-w- C:\Windows\System32\conhost.exe
2011-06-02 05:59:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-06-02 05:56:28 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-06-02 05:56:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-06-02 05:54:51 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-06-02 05:54:50 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-06-02 03:51:00 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-06-02 03:50:59 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-06-02 03:45:49 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-02 03:45:49 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-02 03:45:49 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-02 03:45:49 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-24 11:21:59 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:34:20 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:34:20 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:34:00 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:32:46 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-05-04 05:30:38 2326016 ----a-w- C:\Windows\System32\tquery.dll
2011-05-04 05:28:07 779264 ----a-w- C:\Windows\System32\mssvp.dll
2011-05-04 05:28:07 2228224 ----a-w- C:\Windows\System32\mssrch.dll
2011-05-04 05:28:06 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2011-05-04 05:28:06 491520 ----a-w- C:\Windows\System32\mssph.dll
2011-05-04 05:28:06 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2011-05-04 05:24:09 593408 ----a-w- C:\Windows\System32\SearchIndexer.exe
2011-05-04 05:24:09 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2011-05-04 05:24:09 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2011-05-04 04:53:10 1553920 ----a-w- C:\Windows\SysWow64\tquery.dll
2011-05-04 04:52:59 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2011-05-04 04:52:59 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2011-05-04 04:52:59 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2011-05-04 04:52:59 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2011-05-04 04:52:59 1401856 ----a-w- C:\Windows\SysWow64\mssrch.dll
2011-05-04 04:52:12 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:52:12 428032 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2011-05-04 04:52:12 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2011-04-27 19:25:24 84864 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2011-04-22 20:18:47 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-04-18 17:18:50 40832 ----a-w- C:\Windows\System32\drivers\MpNWMon.sys
2011-04-18 17:18:50 189440 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
.
============= FINISH: 1:50:26.30 ===============

Edited by chilean, 16 July 2011 - 01:17 AM.


BC AdBot (Login to Remove)

 


#2 chilean

chilean
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:32 AM

Posted 16 July 2011 - 09:10 AM

Hello.

I was searching through this forum, and I found another thread with an issue identical to mind. ComboFix was the suggested fix there, and it worked perfectly.

Edited by chilean, 16 July 2011 - 09:11 AM.


#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:32 PM

Posted 16 July 2011 - 04:41 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users