Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with TDSS / Google Redirect Virus


  • This topic is locked This topic is locked
5 replies to this topic

#1 Krugzilla

Krugzilla

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 26 July 2011 - 09:28 PM

Hello, I accidentally ran a program before scanning it and seem to have infected myself with a Google redirect virus. Whenever I try to search via google,I get redirected to all sorts of websites. For example if I search "tech" and go to techcrunch(dot)com, I instead get redirected to localdouble(dot)com .

I see you've got a lot of threads on this virus already, and I looked through them and tried what I could (excluding ComboFix). So far I've run MBAM, Spybot, TDSSkiller, Sophos Anti-rootkit, and probably a handful of others that I don't recall. I caught some stuff with spybot and tdsskiller, but it's all been cleaned now (problems persist unaffected).

Sadly nothing seems to work and I've run out of ideas, any help would be appreciated. Thanks in advance.

Important notes:
-I ran GMER but most of the options were greyed out, when I scanned it found nothing. I'm guessing this is because I'm on x64?
-I also ran ComboFix, it deleted 4 system files, restarted my computer, and my OS wouldn't boot. I had to go to a restore point (Combofix said it was making one, but there was only another a bit further back. I'll have to reinstall a few things, oh well.)

DDS.txt:
.
DDS (Ver_2011-06-23.01) - NTFSAMD64 
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_26
Run by Krugz at 21:46:51 on 2011-07-26
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.9207.6560 [GMT -4:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\Ventrilo\Ventrilo.exe
C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.27\deploy\LoLLauncher.exe
C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.67\deploy\LolClient.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [<NO NAME>] 
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
mRunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{262DAF68-07FB-4CCD-AAB5-1C69BC5BE5A9} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AC93C963-DDA2-4ACF-B42F-4D4F9C3B77F1} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64:     AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64:     Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO-X64:     Search Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [(Default)] 
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
mRunOnce-x64: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
mRunOnce-x64: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Krugz\AppData\Roaming\Mozilla\Firefox\Profiles\afsgvxj5.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Krugz\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-10-26 13336]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-7-20 366640]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-10-26 673088]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 danewFltr;NewDeathAdder Mouse;C:\Windows\system32\drivers\danew.sys --> C:\Windows\system32\drivers\danew.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;C:\Windows\system32\DRIVERS\wg111v3.sys --> C:\Windows\system32\DRIVERS\wg111v3.sys [?]
R3 VKbms;Virtual HID Minidriver;C:\Windows\system32\DRIVERS\VKbms.sys --> C:\Windows\system32\DRIVERS\VKbms.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe --> C:\Program Files\Dell\DellDock\DockLogin.exe [?]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-6-10 166384]
S2 SessionLauncher;SessionLauncher;C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S3 CYUSB;Cypress Generic USB Driver;C:\Windows\system32\Drivers\CYUSB.sys --> C:\Windows\system32\Drivers\CYUSB.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\Windows\system32\A05E.tmp --> C:\Windows\system32\A05E.tmp [?]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-6-10 1124848]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-6-10 309744]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
.
=============== Created Last 30 ================
.
2011-07-27 00:33:59	--------	d-----w-	C:\Program Files\glassfish-3.1
2011-07-27 00:31:21	--------	d-----w-	C:\Program Files\NetBeans 7.0
2011-07-26 18:31:36	--------	d-----w-	C:\ProgramData\Spybot - Search & Destroy
2011-07-26 18:31:36	--------	d-----w-	C:\Program Files (x86)\Spybot - Search & Destroy
2011-07-23 05:20:59	18816	------w-	C:\Windows\SysWow64\SAVRKBootTasks.sys
2011-07-23 04:57:14	6144	------w-	C:\Windows\System32\A05E.tmp
2011-07-23 04:56:46	6144	------w-	C:\Windows\System32\3240.tmp
2011-07-22 21:38:16	--------	d-----w-	C:\Users\Krugz\AppData\Local\AOL
2011-07-22 21:38:16	--------	d-----w-	C:\Users\Krugz\AppData\Local\AIM
2011-07-22 21:38:03	--------	d-----w-	C:\ProgramData\AIM
2011-07-22 21:38:01	--------	d-----w-	C:\Program Files (x86)\Common Files\Software Update Utility
2011-07-22 21:38:01	--------	d-----w-	C:\Program Files (x86)\AIM
2011-07-22 21:38:00	--------	d-----w-	C:\Program Files (x86)\Common Files\AOL
2011-07-21 02:35:23	--------	d-----w-	C:\Users\Krugz\AppData\Local\Electronic Arts
2011-07-21 01:56:49	--------	d-----w-	C:\Program Files (x86)\Avira
2011-07-21 01:50:05	--------	d-----w-	C:\Program Files (x86)\SigmaPlot
2011-07-21 01:00:58	--------	d-----we	C:\Windows\system64
2011-07-21 00:53:06	--------	d-----w-	C:\Program Files (x86)\Downloaded Installations
2011-07-19 00:23:51	--------	d-----w-	C:\Program Files (x86)\Steam
2011-07-06 21:52:00	--------	d-----w-	C:\Program Files (x86)\StarCraft II
2011-07-06 21:48:03	--------	d-----w-	C:\Users\Krugz\SC2-WingsOfLiberty-enUS-Installer
2011-07-06 21:47:51	--------	d-----w-	C:\Program Files (x86)\Common Files\Blizzard Entertainment
2011-07-02 10:35:16	40960	----a-r-	C:\Users\Krugz\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2011-07-02 10:35:16	40960	----a-r-	C:\Users\Krugz\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2011-06-30 23:47:04	982912	----a-w-	C:\Windows\System32\drivers\dxgkrnl.sys
2011-06-30 23:38:10	--------	d-----w-	C:\Users\Krugz\AppData\Local\ElevatedDiagnostics
2011-06-30 17:23:25	--------	d-----w-	C:\Windows\SysWow64\Wat
2011-06-30 17:23:25	--------	d-----w-	C:\Windows\System32\Wat
2011-06-30 17:02:05	3133952	----a-w-	C:\Windows\System32\win32k.sys
2011-06-30 17:01:57	1395712	----a-w-	C:\Windows\System32\mfc42.dll
2011-06-30 17:01:57	1359872	----a-w-	C:\Windows\System32\mfc42u.dll
2011-06-30 17:01:56	1164288	----a-w-	C:\Windows\SysWow64\mfc42u.dll
2011-06-30 17:01:56	1137664	----a-w-	C:\Windows\SysWow64\mfc42.dll
2011-06-30 13:33:51	83249512	----a-w-	C:\Program Files (x86)\Common Files\Windows Live\.cache\wlc8B21.tmp
2011-06-30 13:22:38	14744	----a-w-	C:\Users\Krugz\AppData\Roaming\Microsoft\IdentityCRL\Production\ppcrlconfig.dll
2011-06-30 13:22:26	--------	d-----w-	C:\Users\Krugz\Tracing
2011-06-30 13:17:30	--------	d-----w-	C:\Program Files (x86)\Yahoo!
2011-06-30 13:07:36	64512	----a-w-	C:\Windows\SysWow64\devobj.dll
2011-06-30 13:07:36	44544	----a-w-	C:\Windows\SysWow64\devrtl.dll
2011-06-30 13:07:36	404992	----a-w-	C:\Windows\System32\umpnpmgr.dll
2011-06-30 13:07:36	252928	----a-w-	C:\Windows\SysWow64\drvinst.exe
2011-06-30 13:07:36	145920	----a-w-	C:\Windows\SysWow64\cfgmgr32.dll
2011-06-30 13:07:26	1877504	----a-w-	C:\Windows\System32\msxml3.dll
2011-06-30 13:07:26	1233920	----a-w-	C:\Windows\SysWow64\msxml3.dll
2011-06-30 13:00:10	2048	----a-w-	C:\Windows\SysWow64\tzres.dll
2011-06-30 13:00:10	2048	----a-w-	C:\Windows\System32\tzres.dll
2011-06-30 13:00:08	52224	----a-w-	C:\Windows\System32\rtutils.dll
2011-06-30 13:00:08	37376	----a-w-	C:\Windows\SysWow64\rtutils.dll
2011-06-30 12:59:53	82944	----a-w-	C:\Windows\SysWow64\iccvid.dll
2011-06-30 12:55:46	483840	----a-w-	C:\Windows\System32\StructuredQuery.dll
2011-06-30 12:55:46	461312	----a-w-	C:\Windows\System32\drivers\srv.sys
2011-06-30 12:55:46	399872	----a-w-	C:\Windows\System32\drivers\srv2.sys
2011-06-30 12:55:46	363520	----a-w-	C:\Windows\SysWow64\StructuredQuery.dll
2011-06-30 12:55:46	161792	----a-w-	C:\Windows\System32\drivers\srvnet.sys
2011-06-30 12:55:45	287744	----a-w-	C:\Windows\System32\drivers\mrxsmb10.sys
2011-06-30 12:55:45	157696	----a-w-	C:\Windows\System32\drivers\mrxsmb.sys
2011-06-30 12:55:45	126464	----a-w-	C:\Windows\System32\drivers\mrxsmb20.sys
2011-06-30 12:50:13	102400	----a-w-	C:\Windows\System32\drivers\dfsc.sys
2011-06-30 12:50:11	267776	----a-w-	C:\Windows\System32\FXSCOVER.exe
2011-06-30 12:45:56	516096	----a-w-	C:\Program Files\Windows Mail\wab.exe
2011-06-30 12:45:56	516096	----a-w-	C:\Program Files (x86)\Windows Mail\wab.exe
2011-06-30 12:45:56	35328	----a-w-	C:\Program Files\Windows Mail\wabfind.dll
2011-06-30 12:40:19	976896	----a-w-	C:\Windows\System32\inetcomm.dll
2011-06-30 12:40:19	740864	----a-w-	C:\Windows\SysWow64\inetcomm.dll
2011-06-30 12:40:19	112000	----a-w-	C:\Windows\System32\consent.exe
2011-06-30 12:40:14	90624	----a-w-	C:\Windows\System32\drivers\bowser.sys
2011-06-30 12:40:12	9728	----a-w-	C:\Windows\SysWow64\sscore.dll
2011-06-30 12:40:12	236032	----a-w-	C:\Windows\System32\srvsvc.dll
2011-06-30 11:58:27	8873296	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{697FB026-7E8A-495F-8FDD-C671E3F08CD0}\mpengine.dll
2011-06-30 11:50:48	6144	------w-	C:\Windows\System32\755F.tmp
2011-06-30 11:49:51	6144	------w-	C:\Windows\System32\96B3.tmp
2011-06-30 11:49:41	--------	d-----w-	C:\Program Files (x86)\Sophos
2011-06-30 11:46:44	41272	----a-w-	C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-30 11:46:43	--------	d-----w-	C:\ProgramData\Malwarebytes
2011-06-30 11:46:41	25912	----a-w-	C:\Windows\System32\drivers\mbam.sys
2011-06-30 11:46:40	--------	d-----w-	C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-06-30 09:33:36	--------	d-----w-	C:\Program Files (x86)\WPF Toolkit
2011-06-30 09:31:55	--------	d-----w-	C:\Program Files (x86)\Microsoft Expression
2011-06-30 09:27:11	78872	----a-w-	C:\Windows\System32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2011-06-30 09:27:11	50200	----a-w-	C:\Windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2011-06-30 09:27:08	79896	----a-w-	C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2011-06-30 09:27:08	111640	----a-w-	C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2011-06-30 09:26:48	--------	d-----w-	C:\Windows\System32\RsFx
2011-06-30 09:24:06	--------	d-----w-	C:\Program Files\Microsoft SQL Server
2011-06-30 09:23:58	--------	d-----w-	C:\Program Files (x86)\Microsoft SQL Server
2011-06-30 09:23:46	--------	d-----w-	C:\Program Files\Microsoft Synchronization Services
2011-06-30 09:23:46	--------	d-----w-	C:\Program Files\Microsoft SQL Server Compact Edition
2011-06-30 09:23:43	--------	d-----w-	C:\Program Files (x86)\Microsoft Synchronization Services
2011-06-30 09:22:53	--------	d-----w-	C:\ProgramData\PreEmptive Solutions
2011-06-30 09:20:42	--------	d-----w-	C:\Program Files (x86)\Microsoft ASP.NET
2011-06-30 09:20:39	--------	d-----w-	C:\Program Files\IIS
2011-06-30 09:20:39	--------	d-----w-	C:\Program Files (x86)\IIS
2011-06-30 09:20:13	2377696	----a-w-	C:\ProgramData\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2011-06-30 09:17:35	--------	d-----w-	C:\Windows\SysWow64\1033
2011-06-30 09:17:24	--------	d-----w-	C:\Program Files (x86)\Microsoft Visual Studio 10.0
2011-06-30 09:17:24	--------	d-----w-	C:\Program Files (x86)\Microsoft F#
2011-06-30 09:17:24	--------	d-----w-	C:\Program Files (x86)\HTML Help Workshop
2011-06-30 09:17:24	--------	d-----w-	C:\Program Files (x86)\Common Files\Merge Modules
2011-06-30 09:15:41	--------	d-----w-	C:\Windows\System32\1033
2011-06-30 09:15:41	--------	d-----w-	C:\Program Files\Microsoft Visual Studio 10.0
2011-06-30 09:15:41	--------	d-----w-	C:\Program Files\Microsoft Help Viewer
2011-06-30 09:08:59	99176	----a-w-	C:\Windows\SysWow64\PresentationHostProxy.dll
2011-06-30 09:08:59	49472	----a-w-	C:\Windows\SysWow64\netfxperf.dll
2011-06-30 09:08:59	48960	----a-w-	C:\Windows\System32\netfxperf.dll
2011-06-30 09:08:59	444752	----a-w-	C:\Windows\System32\mscoree.dll
2011-06-30 09:08:59	320352	----a-w-	C:\Windows\System32\PresentationHost.exe
2011-06-30 09:08:59	297808	----a-w-	C:\Windows\SysWow64\mscoree.dll
2011-06-30 09:08:59	295264	----a-w-	C:\Windows\SysWow64\PresentationHost.exe
2011-06-30 09:08:59	1942856	----a-w-	C:\Windows\System32\dfshim.dll
2011-06-30 09:08:59	1130824	----a-w-	C:\Windows\SysWow64\dfshim.dll
2011-06-30 09:08:59	109912	----a-w-	C:\Windows\System32\PresentationHostProxy.dll
2011-06-30 08:58:07	254528	----a-w-	C:\Windows\System32\drivers\dtsoftbus01.sys
2011-06-30 08:58:03	--------	d-----w-	C:\Program Files (x86)\DAEMON Tools Lite
2011-06-30 08:57:42	--------	d-----w-	C:\Users\Krugz\AppData\Roaming\DAEMON Tools Lite
2011-06-30 08:57:42	--------	d-----w-	C:\ProgramData\DAEMON Tools Lite
2011-06-29 17:01:36	--------	d-----w-	C:\Users\Krugz\AppData\Roaming\Razer
2011-06-29 16:59:54	85504	----a-w-	C:\Windows\SysWow64\DeathAdder64.cpl
2011-06-29 16:59:49	6656	----a-w-	C:\Windows\System32\drivers\hidkmdf.sys
2011-06-29 16:59:48	47104	----a-w-	C:\Windows\System32\drivers\CYUSB.sys
2011-06-29 16:59:48	13312	----a-w-	C:\Windows\System32\drivers\VKbms.sys
2011-06-29 16:59:48	12032	----a-w-	C:\Windows\System32\drivers\danew.sys
2011-06-29 16:44:22	--------	d-----w-	C:\Users\Krugz\AppData\Local\Google
2011-06-29 16:33:53	--------	d-----w-	C:\Program Files\ATI
2011-06-29 16:31:53	404640	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-29 13:41:34	--------	d-----w-	C:\Program Files (x86)\MSXML 4.0
2011-06-29 13:29:41	4582912	----a-w-	C:\Program Files\Windows NT\Accessories\wordpad.exe
2011-06-29 13:29:39	2085376	----a-w-	C:\Windows\System32\ole32.dll
2011-06-29 13:29:38	4247040	----a-w-	C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
2011-06-29 13:29:38	1413632	----a-w-	C:\Windows\SysWow64\ole32.dll
2011-06-29 13:29:28	714752	----a-w-	C:\Windows\System32\kerberos.dll
2011-06-29 13:29:28	541184	----a-w-	C:\Windows\SysWow64\kerberos.dll
2011-06-29 13:29:23	499712	----a-w-	C:\Windows\System32\drivers\afd.sys
2011-06-29 13:29:23	1896832	----a-w-	C:\Windows\System32\drivers\tcpip.sys
2011-06-29 10:54:51	--------	d-----w-	C:\ProgramData\33152
2011-06-28 13:21:15	--------	d-----w-	C:\Program Files (x86)\LOLReplay
2011-06-27 14:31:49	--------	d-----w-	C:\Users\Krugz\AppData\Local\BearShare
2011-06-27 14:31:07	--------	d-----w-	C:\ProgramData\BearShare
2011-06-27 05:31:36	--------	d-----w-	C:\Users\Krugz\AppData\Roaming\LolClient
.
==================== Find3M  ====================
.
2011-07-26 23:33:51	525544	----a-w-	C:\Windows\System32\deployJava1.dll
2011-07-21 01:51:50	204	----a-w-	C:\Windows\SysWow64\p1fqref.dll
2011-07-21 01:51:50	100	----a-w-	C:\Windows\SysWow64\prsgrc.dll
2011-07-21 01:49:43	72	----a-w-	C:\Windows\SysWow64\ssprs.dll
2011-07-21 01:49:43	1025	----a-w-	C:\Windows\SysWow64\qb1x11h.dll
2011-07-21 01:49:43	1025	----a-w-	C:\Windows\SysWow64\grcauth2.dll
2011-07-21 01:49:43	1025	----a-w-	C:\Windows\SysWow64\grcauth1.dll
2011-07-21 01:49:43	1025	----a-w-	C:\Windows\SysWow64\clauth2.dll
2011-07-21 01:49:43	1025	----a-w-	C:\Windows\SysWow64\clauth1.dll
2011-06-30 23:47:04	902656	----a-w-	C:\Windows\System32\d2d1.dll
2011-06-02 17:53:02	94208	----a-w-	C:\Windows\SysWow64\dpl100.dll
2011-05-25 03:00:00	1113088	----a-w-	C:\Windows\System32\atiumd6v.dll
2011-05-25 02:59:38	1828864	----a-w-	C:\Windows\SysWow64\atiumdmv.dll
2011-05-24 23:14:10	270720	------w-	C:\Windows\System32\MpSigStub.exe
2011-05-04 08:52:22	472808	----a-w-	C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 21:47:20.36 ===============

Attach.txt:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 6/25/2011 9:32:31 AM
System Uptime: 7/26/2011 2:59:21 PM (7 hours ago)
.
Motherboard: Dell Inc. |  | 05DN3X
Processor: Intel(R) Core(TM) i7 CPU         930  @ 2.80GHz | CPU 1 | 2801/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 921 GiB total, 824.012 GiB free.
D: is CDROM ()
E: is CDROM ()
G: is FIXED (NTFS) - 932 GiB total, 927.474 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Windows Firewall Authorization Driver
Device ID: ROOT\LEGACY_MPSDRV\0000
Manufacturer: 
Name: Windows Firewall Authorization Driver
PNP Device ID: ROOT\LEGACY_MPSDRV\0000
Service: mpsdrv
.
==== System Restore Points ===================
.
RP58: 7/18/2011 8:22:07 PM - Removed Steam
RP59: 7/18/2011 8:23:44 PM - Installed Steam
RP60: 7/19/2011 3:27:36 PM - Installed DirectX
RP61: 7/20/2011 8:46:53 PM - Installed SigmaPlot 9.0
RP62: 7/20/2011 8:53:07 PM - Configured SigmaPlot 9.0
RP63: 7/20/2011 9:13:08 PM - Configured SigmaPlot 9.0
RP64: 7/20/2011 9:14:32 PM - Configured SigmaPlot 9.0
RP65: 7/20/2011 9:18:49 PM - Installed SigmaPlot 9.0
RP66: 7/20/2011 9:33:15 PM - Configured SigmaPlot 9.0
RP67: 7/20/2011 9:49:52 PM - Installed SigmaPlot 12.1
RP68: 7/20/2011 10:34:43 PM - Installed DirectX
RP69: 7/20/2011 10:34:59 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP70: 7/25/2011 2:07:08 PM - Installed DirectX
RP71: 7/26/2011 7:18:52 PM - Installed Java(TM) SE Development Kit 6 Update 26 (64-bit)
RP72: 7/26/2011 7:33:22 PM - Installed Java(TM) 6 Update 26 (64-bit)
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.5
AIM 7
Assassin's Creed II
ATI Catalyst Control Center
Avira UnErase Personal
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Consumer In-Home Service Agreement
Crystal Reports for Visual Studio
DAEMON Tools Lite
Dead Space
Dead Space 2
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Support Center (Support Software)
DirectXInstallService
DivX Setup
Dotfuscator Software Services - Community Edition
Download Updater (AOL LLC)
Google Chrome
GoToAssist 8.0.0.514
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2542054)
Intel(R) Control Center
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 26
Junk Mail filter update
League of Legends
Malwarebytes' Anti-Malware version 1.51.1.1800
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft Choice Guard
Microsoft Expression Blend 3 SDK
Microsoft Expression Blend 4
Microsoft Expression Blend SDK for .NET 4
Microsoft Expression Blend SDK for Silverlight 4
Microsoft Expression Design 4
Microsoft Expression Encoder 4
Microsoft Expression Encoder 4 Screen Capture Codec
Microsoft Expression Studio 4
Microsoft Expression Web 4
Microsoft Expression Web 4 Service Pack 1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2010
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft Silverlight 4 SDK
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319
Microsoft Visual F# 2.0 Runtime
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Professional - ENU
Microsoft Visual Studio 2010 SharePoint Developer Tools
Microsoft Visual Studio Macro Tools
Mozilla Firefox 5.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB973688)
Pando Media Booster
Project64 1.6
Razer DeathAdder(TM) Mouse
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio CinePlayer Decoder Pack
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Premier
Roxio Creator Premier 10
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Visual Studio 2010 Professional - ENU (KB2251489)
SigmaPlot 12.1
Skins
Sophos Anti-Rootkit 1.5.20
Spybot - Search & Destroy
StarCraft II
Steam
The Elder Scrolls IV: Oblivion 
THX TruStudio PC
Trillian
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Outlook 2007 Junk Email Filter (KB2536413)
VC80CRTRedist - 8.0.50727.4053
Ventrilo Client
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
WPF Toolkit February 2010 (Version 3.5.50211.1)
.
==== Event Viewer Messages From Past Week ========
.
7/26/2011 2:59:59 PM, Error: Service Control Manager [7024]  - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
7/26/2011 2:59:51 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  SAVRKBootTasks
7/26/2011 2:59:50 PM, Error: Service Control Manager [7001]  - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error:  Cannot create a file when that file already exists.
7/26/2011 2:59:50 PM, Error: Service Control Manager [7000]  - The Windows Firewall Authorization Driver service failed to start due to the following error:  Cannot create a file when that file already exists.
7/26/2011 2:59:50 PM, Error: Service Control Manager [7000]  - The SessionLauncher service failed to start due to the following error:  The system cannot find the file specified.
7/26/2011 2:59:49 PM, Error: Service Control Manager [7000]  - The Dock Login Service service failed to start due to the following error:  The system cannot find the file specified.
7/23/2011 12:56:46 AM, Error: Application Popup [1060]  - \??\C:\Windows\system32\3240.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
7/23/2011 1:19:36 AM, Error: Service Control Manager [7000]  - The MEMSWEEP2 service failed to start due to the following error:  This driver has been blocked from loading
7/23/2011 1:19:36 AM, Error: Application Popup [1060]  - \??\C:\Windows\system32\A05E.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
.
==== End Of File ===========================

Since my last post, I've completely updated my computer via windows update, I've run windows defender/microsoft security essentials, I backed up my PC onto an external HD, and finally ran ComboFix again. By the way, I realize you guys are swamped with TDSS/Google Redirect virus threads, so I'll be patient and bump my thread every 24 hours or so. Thanks for any help ahead of time.

Here are the results:

- MS security essentials detected a trojan ( "Win64/Sirefef.B" ) in multiple locations, I've had it remove all of them so far. It's supposedly a severe alert level because it executes commands from an attacker. I will scan again later to see if it's coming back with a rootkit.

- I can't get ComboFix to work, I saved a restore point before attempting to run it.

It updated from the combofix servers, then it ran, went through 50 steps, deleted 3 files ( plfgref.dll , prsgrc.dll , ssprs.dll ; all of which were in system folders, but I wasn't fast enough to write down the full paths sorry. I think it was something like Syswow64? ), and then finally it rebooted my computer. Again, like last time, my OS would not boot, I had to use system restore to fix my OS (strangely, the manually made restore did not work even though the system restore said it was successful, luckily I had one not much earlier).

So I can't really provide more logs, unless I'm doing something wrong with ComboFix? I have no antivirus/firewall/etc. software running when I ran ComboFix. It complained about MS Security Essentials at first, but I disabled the active protection and reran Combofix successfully.

Edit: Oh, and none of these things remedied the google redirect issue.

Edit2: I'm running a full scan from MS security essentials, it also found " Backdoor:Win32/Smadow "

Edit3: MS Security Essentials finished the full scan, having found the previously noted and also:
" Exploit:JS/Mult.DR " Also, the Win64/Sirefef.B mentioned before is constantly reappearing, getting caught and removed by MSSE. Guess that means I have a rootkit? I already tried to remove rootkits earlier with TDSSKiller and Sophos Rootkit removal.

EDIT: Posts merged ~Budapest

Edited by Budapest, 27 July 2011 - 08:41 PM.


BC AdBot (Login to Remove)

 


#2 Krugzilla

Krugzilla
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 29 July 2011 - 02:26 PM

bump.. no attention for a while.

I think I must have a virus, else a faulty harddrive or something, because almost everything that requires a restart ( Ex: MS sec. essentials needed me to restart after catching a virus overnight) it just ruins my OS boot. I have to use a restore point to get anything functional again. The strange thing is that MS Sec. Essentials, in particular, has it's active protection deactivated because I already had this happen once and wanted to avoid having to restart/wipe. So maybe it's a virus that detected MSSE and tried to protect itself by asking me to restart into a broken boot, hence putting the virus I removed back?

Honestly, at this point I'm seriously considering backing everything important to my external and formatting, with my fingers crossed that it's not like embedded somewhere on my external already too. I was having issues upgrading my windows via winupdate before all this craziness hit me, and at that time I used a Dell factory image restore. The problem at that time persisted but somehow I got updates to work earlier without any hiccups. I'm worried somehow this problem will also persist even through a format and then I'll just be wasting huge chunks of time for nothing when I have to set everything up again.

*sigh* this really sucks, it's crippling everything I need to be doing right now.

Edited by Krugzilla, 29 July 2011 - 02:29 PM.


#3 Krugzilla

Krugzilla
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 30 July 2011 - 04:17 PM

Bump #2, It's been almost a week since my original post I think (I'm pretty sure the date got updated when budapest merged my other post?). Well it's been at least 4 days :P

I really do need help. If I restart my computer, I lose all progress since my last restore point, and often times my manually made restore points fail, so I can't count on being able to save before each restart. This really sucks because I need to do some stuff that will involve restarting (installations, etc.) and I also need to do some work related stuff but I'm worried it'll get erased or something.

I keep rereading the combofix thread on bleepingcomputer to see if I missed a step, and I checked the thread about disabling AVs. The weird thing is your thread has pictures of combofix saying it'll make a log file, mine just deleted a bunch of files and restarts my computer. I could take a screenshot..

Edited by Krugzilla, 30 July 2011 - 04:18 PM.


#4 Krugzilla

Krugzilla
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 30 July 2011 - 05:12 PM

Hello having run ComboFix we need to see that and a DDS log.

Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
Skip the GMER step and instead post the ComboFix log you posted earlier.

Let me know if that went well.


Seems like people are intentionally avoiding posting here, probably assuming that I ran combofix without being asked to? I was told to run it and post the log though. Just figured I might as well clarify, if that's the case.

I tried to run combofix, again, despite the failures beforehand. Guess my luck ran out, seems like everything is like that right now... My PC refuses to boot, I'm posting from my laptop. If no one wants to reply, I'm just gonna have to do another dell reformat, I don't have the CD so if that doesn't fix it I'm going to have to call them up and pay for a disk to reformat properly.

Edited by Krugzilla, 30 July 2011 - 05:13 PM.


#5 Krugzilla

Krugzilla
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 02 August 2011 - 08:43 AM

Please close this thread, I'm getting assistance at Spyware Hammer. Sorry if I was rude.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:12 PM

Posted 04 August 2011 - 06:47 PM

sorry we could not get to you fast enough


gringo

Edited by gringo_pr, 04 August 2011 - 06:50 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users