Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot Update


  • This topic is locked This topic is locked
39 replies to this topic

#1 overtimeracing

overtimeracing

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lakewood, NY
  • Local time:05:23 PM

Posted 01 February 2012 - 06:45 PM

Hi... Ive been working with Boopme in the Am I Infected section, but have been moved to here. Topic referenced is here: http://www.bleepingcomputer.com/forums/topic440507.html ~ OB Thank you so much for the help. I should let you know that I have very limited computer skills. Here are my DDS Logs. Thanks again. You are greatly appreciated...Kevin

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6000.16982
Run by Dad at 18:28:32 on 2012-02-01
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1015.243 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\WINDOWS\RtHDVCpl.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.facebook.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop
BHO: AutorunsDisabled - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.5\NppBho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.5\UIBHO.dll
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [<NO NAME>]
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f
dRunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{BB34FE66-7D9B-4632-8286-CEE5FCCECF50} : DhcpNameServer = 209.18.47.61 209.18.47.62
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2012-1-22 64512]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-10-15 464176]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20120119.002\IDSvix86.sys [2012-1-21 287792]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-12-23 2152688]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-31 366152]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-1-28 150856]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-1-22 1153368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-1-18 106104]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-31 22216]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-8-3 38448]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2012-1-18 1251720]
.
=============== Created Last 30 ================
.
2012-02-01 02:11:31 -------- d-----w- c:\users\dad\appdata\roaming\Malwarebytes
2012-02-01 02:11:18 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-01 02:11:18 -------- d-----w- c:\programdata\Malwarebytes
2012-02-01 02:11:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-31 22:22:55 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{58ac8e67-a16f-47f5-8a27-3dc61b45de3a}\mpengine.dll
2012-01-28 21:59:32 150856 ----a-w- c:\windows\system32\mfevtps.exe
2012-01-23 22:49:01 378368 ----a-w- c:\windows\system32\winhttp.dll
2012-01-23 22:41:45 268800 ----a-w- c:\windows\system32\es.dll
2012-01-23 02:04:39 -------- d-----w- c:\users\dad\appdata\local\Google
2012-01-23 02:03:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-22 21:44:18 -------- d-----w- c:\users\dad\appdata\local\adaware
2012-01-22 21:44:15 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-01-22 21:43:15 -------- d-----w- c:\program files\Toolbar Cleaner
2012-01-22 21:42:08 -------- d-----w- c:\program files\adawaretb
2012-01-22 21:41:40 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-01-22 21:41:07 -------- d-----w- c:\program files\Lavasoft
2012-01-22 19:42:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-01-22 19:42:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-01-22 08:45:42 62464 ----a-w- c:\windows\system32\l3codeca.acm
2012-01-22 08:45:42 220672 ----a-w- c:\windows\system32\l3codecp.acm
2012-01-22 08:45:09 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2012-01-22 08:45:09 179712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-01-22 08:45:09 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2012-01-22 08:45:08 815104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-01-22 08:45:08 22016 ----a-w- c:\windows\system32\netiougc.exe
2012-01-22 08:45:08 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2012-01-22 08:44:42 454656 ----a-w- c:\program files\common files\system\msadc\msadce.dll
2012-01-22 08:44:10 25600 ----a-w- c:\windows\system32\amxread.dll
2012-01-22 08:44:10 14848 ----a-w- c:\windows\system32\apilogen.dll
2012-01-22 08:42:34 441856 ----a-w- c:\windows\system32\win32spl.dll
2012-01-22 08:42:34 37376 ----a-w- c:\windows\system32\printcom.dll
2012-01-22 08:41:56 2032128 ----a-w- c:\windows\system32\win32k.sys
2012-01-22 08:41:11 43520 ----a-w- c:\windows\system32\msdxm.tlb
2012-01-22 08:41:11 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2012-01-22 08:41:11 18432 ----a-w- c:\windows\system32\amcompat.tlb
2012-01-22 08:39:47 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2012-01-22 08:39:47 312320 ----a-w- c:\windows\system32\msdrm.dll
2012-01-22 08:39:47 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2012-01-22 08:39:47 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
2012-01-22 08:39:46 515584 ----a-w- c:\windows\system32\RMActivate.exe
2012-01-22 08:39:46 472576 ----a-w- c:\windows\system32\secproc.dll
2012-01-22 08:39:46 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2012-01-22 08:39:44 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2012-01-22 08:39:43 473088 ----a-w- c:\windows\system32\secproc_isv.dll
2012-01-22 08:32:52 97800 ----a-w- c:\windows\system32\infocardapi.dll
2012-01-22 08:32:52 622080 ----a-w- c:\windows\system32\icardagt.exe
2012-01-22 08:32:52 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2012-01-22 08:32:52 11264 ----a-w- c:\windows\system32\icardres.dll
2012-01-22 08:32:43 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2012-01-22 08:32:37 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2012-01-22 08:32:37 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-01-22 08:32:37 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2012-01-21 22:25:04 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-21 17:20:41 123904 ----a-w- c:\windows\system32\L2SecHC.dll
2012-01-21 17:20:40 47104 ----a-w- c:\windows\system32\wlanapi.dll
2012-01-21 17:20:39 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2012-01-21 17:20:39 502272 ----a-w- c:\windows\system32\wlansvc.dll
2012-01-21 17:20:39 297984 ----a-w- c:\windows\system32\wlansec.dll
2012-01-21 17:20:39 290816 ----a-w- c:\windows\system32\wlanmsm.dll
2012-01-21 17:18:21 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2012-01-21 17:11:43 494592 ----a-w- c:\windows\system32\kerberos.dll
2012-01-21 17:11:42 272384 ----a-w- c:\windows\system32\schannel.dll
2012-01-21 17:07:18 1585664 ----a-w- c:\windows\system32\setupapi.dll
2012-01-21 16:53:56 9728 ----a-w- c:\windows\system32\LAPRXY.DLL
2012-01-21 16:53:56 223232 ----a-w- c:\windows\system32\WMASF.DLL
2012-01-21 16:53:56 2048 ----a-w- c:\windows\system32\asferror.dll
2012-01-21 16:51:10 61440 ----a-w- c:\windows\system32\ntprint.exe
2012-01-21 16:51:10 220160 ----a-w- c:\windows\system32\ntprint.dll
2012-01-21 16:51:06 120320 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-01-21 16:51:06 10240 ----a-w- c:\windows\system32\dhcpcmonitor.dll
2012-01-21 16:51:05 1984512 ----a-w- c:\windows\system32\authui.dll
2012-01-21 16:51:00 69632 ----a-w- c:\windows\system32\sendmail.dll
2012-01-21 16:50:57 8138240 ----a-w- c:\windows\system32\ssBranded.scr
2012-01-21 16:23:59 96760 ----a-w- c:\windows\system32\dfshim.dll
2012-01-21 16:23:58 41984 ----a-w- c:\windows\system32\netfxperf.dll
2012-01-21 16:23:55 282112 ----a-w- c:\windows\system32\mscoree.dll
2012-01-21 16:23:54 83968 ----a-w- c:\windows\system32\mscories.dll
2012-01-21 16:23:54 158720 ----a-w- c:\windows\system32\mscorier.dll
2012-01-21 16:00:57 788992 ----a-w- c:\windows\system32\rpcrt4.dll
2012-01-21 02:04:16 72704 ----a-w- c:\windows\system32\fontsub.dll
2012-01-21 02:04:16 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-01-21 02:04:16 289792 ----a-w- c:\windows\system32\atmfd.dll
2012-01-21 02:04:16 24064 ----a-w- c:\windows\system32\lpk.dll
2012-01-21 02:04:16 156672 ----a-w- c:\windows\system32\t2embed.dll
2012-01-21 02:04:16 10240 ----a-w- c:\windows\system32\dciman32.dll
2012-01-21 02:03:21 61440 ----a-w- c:\windows\system32\winipsec.dll
2012-01-21 02:03:21 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2012-01-21 02:03:21 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2012-01-21 02:03:20 272896 ----a-w- c:\windows\system32\polstore.dll
2012-01-21 02:01:37 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys
2012-01-21 02:01:36 306688 ----a-w- c:\windows\system32\drivers\srv.sys
2012-01-21 02:00:52 95232 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2012-01-21 02:00:52 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2012-01-21 02:00:52 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2012-01-21 01:59:48 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2012-01-21 01:59:48 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2012-01-21 01:59:48 15360 ----a-w- c:\windows\system32\netevent.dll
2012-01-21 01:59:48 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2012-01-21 01:59:48 103936 ----a-w- c:\windows\system32\netiohlp.dll
2012-01-21 01:59:47 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2012-01-21 01:59:47 19968 ----a-w- c:\windows\system32\ARP.EXE
2012-01-21 01:59:47 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2012-01-21 01:59:47 10240 ----a-w- c:\windows\system32\finger.exe
2012-01-21 01:59:46 213592 ----a-w- c:\windows\system32\drivers\netio.sys
2012-01-21 01:58:24 704000 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2012-01-21 01:58:23 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll
2012-01-21 01:58:22 24064 ----a-w- c:\windows\system32\wtsapi32.dll
2012-01-21 01:58:21 258232 ----a-w- c:\windows\system32\drivers\acpi.sys
2012-01-21 01:58:18 542720 ----a-w- c:\windows\system32\sysmain.dll
2012-01-21 01:57:31 194560 ----a-w- c:\windows\system32\WebClnt.dll
2012-01-21 01:57:31 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2012-01-21 01:56:50 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-01-21 01:56:50 1260032 ----a-w- c:\windows\system32\msxml3.dll
2012-01-21 01:56:49 2048 ----a-w- c:\windows\system32\msxml6r.dll
2012-01-21 01:56:49 1406464 ----a-w- c:\windows\system32\msxml6.dll
2012-01-21 01:55:51 175104 ----a-w- c:\windows\system32\wdigest.dll
2012-01-21 01:55:50 7680 ----a-w- c:\windows\system32\lsass.exe
2012-01-21 01:55:50 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-21 01:55:50 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-21 01:55:50 216576 ----a-w- c:\windows\system32\msv1_0.dll
2012-01-21 01:55:50 1233920 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-21 01:55:00 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2012-01-21 01:54:59 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2012-01-21 01:54:59 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2012-01-21 01:54:11 98816 ----a-w- c:\windows\system32\mfps.dll
2012-01-21 01:54:11 52736 ----a-w- c:\windows\system32\rrinstaller.exe
2012-01-21 01:54:11 2855424 ----a-w- c:\windows\system32\mf.dll
2012-01-21 01:54:11 24576 ----a-w- c:\windows\system32\mfpmp.exe
2012-01-21 01:54:11 2048 ----a-w- c:\windows\system32\mferror.dll
2012-01-21 01:53:13 3504008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-01-21 01:53:13 3470216 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-01-21 01:50:59 434176 ----a-w- c:\windows\system32\vbscript.dll
2012-01-21 01:50:14 71680 ----a-w- c:\windows\system32\atl.dll
2012-01-21 01:49:32 297472 ----a-w- c:\windows\system32\gdi32.dll
2012-01-21 01:48:52 1060920 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-01-21 01:47:05 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2012-01-21 01:47:05 30208 ----a-w- c:\windows\system32\xolehlp.dll
2012-01-21 01:46:28 156160 ----a-w- c:\windows\system32\wkssvc.dll
2012-01-21 01:45:48 36352 ----a-w- c:\windows\system32\tsgqec.dll
2012-01-21 01:45:48 1871872 ----a-w- c:\windows\system32\mstscax.dll
2012-01-21 01:45:48 116736 ----a-w- c:\windows\system32\aaclient.dll
2012-01-21 01:44:21 713728 ----a-w- c:\windows\system32\timedate.cpl
2012-01-21 01:43:41 356864 ----a-w- c:\windows\system32\MediaMetadataHandler.dll
2012-01-21 01:42:36 23040 ----a-w- c:\program files\movie maker\WMM2EXT.dll
2012-01-21 01:42:36 195072 ----a-w- c:\program files\movie maker\WMM2AE.dll
2012-01-21 01:42:36 150016 ----a-w- c:\program files\movie maker\MOVIEMK.exe
2012-01-21 01:42:36 10922496 ----a-w- c:\program files\movie maker\MOVIEMK.dll
2012-01-21 01:38:58 1244672 ----a-w- c:\windows\system32\mcmde.dll
2012-01-21 01:38:57 80896 ----a-w- c:\windows\system32\MSNP.ax
2012-01-21 01:38:57 68608 ----a-w- c:\windows\system32\Mpeg2Data.ax
2012-01-21 01:38:57 428032 ----a-w- c:\windows\system32\EncDec.dll
2012-01-21 01:38:57 217088 ----a-w- c:\windows\system32\psisrndr.ax
2012-01-21 01:38:57 177152 ----a-w- c:\windows\system32\mpg2splt.ax
2012-01-21 01:38:56 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-01-21 01:38:56 292352 ----a-w- c:\windows\system32\psisdecd.dll
2012-01-21 01:37:26 2048 ----a-w- c:\windows\system32\tzres.dll
2012-01-21 01:36:01 696832 ----a-w- c:\windows\system32\localspl.dll
2012-01-21 01:33:46 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2012-01-21 01:33:45 45112 ----a-w- c:\windows\system32\drivers\pciidex.sys
2012-01-21 01:33:45 17464 ----a-w- c:\windows\system32\drivers\intelide.sys
2012-01-21 01:33:45 109624 ----a-w- c:\windows\system32\drivers\ataport.sys
2012-01-21 01:33:43 211000 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-01-21 01:33:43 154624 ----a-w- c:\windows\system32\drivers\nwifi.sys
2012-01-21 01:32:39 2923520 ----a-w- c:\windows\explorer.exe
2012-01-21 01:31:02 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2012-01-21 01:31:02 193536 ----a-w- c:\windows\system32\drivers\usbhub.sys
2012-01-21 01:31:01 8704 ----a-w- c:\windows\system32\hcrstco.dll
2012-01-21 01:31:01 8704 ----a-w- c:\windows\system32\hccoin.dll
2012-01-21 01:31:01 38400 ----a-w- c:\windows\system32\drivers\usbehci.sys
2012-01-21 01:31:01 23040 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2012-01-21 01:31:01 224768 ----a-w- c:\windows\system32\drivers\usbport.sys
2012-01-21 01:30:59 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-01-21 01:28:27 24064 ----a-w- c:\windows\system32\netcfg.exe
2012-01-21 01:27:03 1808896 ----a-w- c:\windows\system32\NlsLexicons0046.dll
2012-01-21 01:27:03 1793536 ----a-w- c:\windows\system32\NlsLexicons0045.dll
2012-01-21 01:27:02 1558016 ----a-w- c:\windows\system32\NlsLexicons0049.dll
2012-01-21 01:27:02 1411072 ----a-w- c:\windows\system32\NlsLexicons0047.dll
2012-01-21 01:27:01 2136064 ----a-w- c:\windows\system32\NlsLexicons0021.dll
2012-01-21 01:27:01 1782272 ----a-w- c:\windows\system32\NlsLexicons0039.dll
2012-01-21 01:27:01 1236992 ----a-w- c:\windows\system32\NlsLexicons0020.dll
2012-01-21 01:27:00 5499904 ----a-w- c:\windows\system32\NlsLexicons0022.dll
2012-01-21 01:25:59 4493312 ----a-w- c:\windows\system32\NlsData001d.dll
2012-01-21 01:25:55 9845248 ----a-w- c:\windows\system32\NlsData000a.dll
2012-01-21 01:25:54 2641408 ----a-w- c:\windows\system32\NlsData000c.dll
2012-01-21 01:25:53 2340864 ----a-w- c:\windows\system32\NlsData000d.dll
2012-01-21 01:25:52 4493312 ----a-w- c:\windows\system32\NlsData0414.dll
2012-01-21 01:25:52 1963520 ----a-w- c:\windows\system32\NlsData000f.dll
2012-01-21 01:25:50 797696 ----a-w- c:\windows\system32\NaturalLanguage6.dll
2012-01-21 01:25:50 4493312 ----a-w- c:\windows\system32\NlsData0416.dll
2012-01-21 01:25:48 4493312 ----a-w- c:\windows\system32\NlsData0816.dll
2012-01-21 01:25:48 1963520 ----a-w- c:\windows\system32\NlsData081a.dll
2012-01-21 01:25:46 6917120 ----a-w- c:\windows\system32\NlsLexicons0c1a.dll
2012-01-21 01:25:46 1963520 ----a-w- c:\windows\system32\NlsData0c1a.dll
2012-01-21 01:13:33 549888 ----a-w- c:\windows\system32\rpcss.dll
2012-01-21 01:13:27 654336 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2012-01-21 01:13:27 24576 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2012-01-21 01:13:24 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe
2012-01-21 01:13:24 130560 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll
2012-01-21 01:13:23 501760 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2012-01-21 01:13:22 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2012-01-21 01:13:19 53248 ----a-w- c:\windows\system32\iasads.dll
2012-01-21 01:13:18 37888 ----a-w- c:\windows\system32\iasdatastore.dll
2012-01-21 01:13:18 158720 ----a-w- c:\windows\system32\sdohlp.dll
2012-01-21 01:13:17 97280 ----a-w- c:\windows\system32\iasrecst.dll
2012-01-21 01:08:02 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-01-21 01:08:00 712192 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-01-21 01:07:55 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-01-21 01:02:55 14848 ----a-w- c:\windows\system32\wshrm.dll
2012-01-21 01:02:55 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2012-01-21 01:00:19 66048 ----a-w- c:\program files\windows sidebar\sbdrop.dll
2012-01-21 01:00:18 1232896 ----a-w- c:\program files\windows sidebar\sidebar.exe
2012-01-21 01:00:17 11776 ----a-w- c:\windows\system32\sbunattend.exe
2012-01-21 00:58:51 84480 ----a-w- c:\windows\system32\dnsrslvr.dll
2012-01-21 00:58:51 24576 ----a-w- c:\windows\system32\dnscacheugc.exe
2012-01-21 00:55:22 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2012-01-21 00:55:17 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2012-01-21 00:55:17 1686528 ----a-w- c:\windows\system32\gameux.dll
2012-01-21 00:54:10 94720 ----a-w- c:\windows\system32\logagent.exe
2012-01-21 00:54:09 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2012-01-21 00:53:14 765952 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2012-01-21 00:52:36 84480 ----a-w- c:\windows\system32\INETRES.dll
2012-01-21 00:52:36 737792 ----a-w- c:\windows\system32\inetcomm.dll
2012-01-21 00:52:07 60928 ----a-w- c:\windows\system32\msasn1.dll
2012-01-21 00:51:25 1645568 ----a-w- c:\windows\system32\connect.dll
2012-01-21 00:49:51 396800 ----a-w- c:\windows\system32\drivers\http.sys
2012-01-21 00:49:51 31232 ----a-w- c:\windows\system32\httpapi.dll
2012-01-21 00:49:50 24064 ----a-w- c:\windows\system32\nshhttp.dll
2012-01-21 00:47:09 130048 ----a-w- c:\windows\system32\drivers\srv2.sys
2012-01-21 00:45:22 274432 ----a-w- c:\windows\system32\raschap.dll
2012-01-21 00:45:21 232960 ----a-w- c:\windows\system32\rastls.dll
2012-01-21 00:44:42 321536 ----a-w- c:\windows\system32\WSDApi.dll
2012-01-21 00:42:36 -------- d-----w- c:\program files\MSXML 4.0
2012-01-21 00:39:55 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2012-01-21 00:39:55 22528 ----a-w- c:\windows\system32\msyuv.dll
2012-01-21 00:39:55 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2012-01-21 00:39:54 1327616 ----a-w- c:\windows\system32\quartz.dll
2012-01-21 00:39:52 88576 ----a-w- c:\windows\system32\avifil32.dll
2012-01-21 00:39:52 82944 ----a-w- c:\windows\system32\mciavi32.dll
2012-01-21 00:39:52 65024 ----a-w- c:\windows\system32\avicap32.dll
2012-01-21 00:39:52 31232 ----a-w- c:\windows\system32\msvidc32.dll
2012-01-21 00:39:52 13312 ----a-w- c:\windows\system32\msrle32.dll
2012-01-21 00:39:52 123904 ----a-w- c:\windows\system32\msvfw32.dll
2012-01-21 00:38:50 750080 ----a-w- c:\windows\system32\qmgr.dll
2012-01-21 00:37:30 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2012-01-21 00:29:12 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2012-01-21 00:29:07 7680 ----a-w- c:\windows\system32\spwmp.dll
2012-01-21 00:29:07 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2012-01-21 00:29:06 4096 ----a-w- c:\windows\system32\dxmasf.dll
2012-01-21 00:29:06 107520 ----a-w- c:\program files\windows media player\wmpshare.exe
2012-01-21 00:29:05 4096 ----a-w- c:\windows\system32\msdxm.ocx
2012-01-21 00:29:05 107520 ----a-w- c:\program files\windows media player\wmpconfig.exe
2012-01-21 00:28:44 311296 ----a-w- c:\windows\system32\unregmp2.exe
2012-01-21 00:28:44 1418240 ----a-w- c:\program files\windows media player\setup_wm.exe
2012-01-18 22:01:20 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2012-01-18 22:00:18 236576 ------w- c:\windows\system32\MpSigStub.exe
2012-01-18 01:16:36 -------- d-----w- c:\programdata\NortonInstaller
2012-01-18 01:14:16 -------- d-----w- c:\programdata\Norton
2012-01-18 01:00:23 -------- d-----w- c:\users\dad\muzac2
2012-01-18 01:00:14 -------- d-----w- c:\users\dad\muzac
2012-01-18 01:00:13 -------- d-----w- c:\users\dad\muszac3
2012-01-18 00:46:12 -------- d-----w- c:\programdata\Kodak
2012-01-18 00:46:08 196608 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\EKIJ5000PPR.dll
2012-01-18 00:43:51 171520 ----a-w- c:\windows\system32\wintrust.dll
2012-01-18 00:43:03 -------- d-----w- c:\windows\system32\x64
2012-01-18 00:41:22 -------- d-----w- c:\users\dad\appdata\local\Hewlett-Packard
2012-01-18 00:40:37 97792 ----a-w- c:\windows\system32\cabview.dll
2012-01-18 00:39:49 -------- d-----w- c:\windows\system32\kodak
2012-01-18 00:37:40 -------- d-----w- c:\users\dad\appdata\local\VirtualStore
2012-01-18 00:25:57 2421760 ----a-w- c:\windows\system32\wucltux.dll
2012-01-18 00:25:21 87552 ----a-w- c:\windows\system32\wudriver.dll
2012-01-18 00:24:36 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-01-18 00:24:36 171608 ----a-w- c:\windows\system32\wuwebv.dll
2012-01-18 00:24:11 -------- d-sh--we C:\Documents and Settings
.
==================== Find3M ====================
.
2012-01-23 22:35:44 36864 ----a-w- c:\windows\system32\drivers\en-us\http.sys.mui
2012-01-22 08:44:10 40960 ----a-w- c:\windows\apppatch\apihex86.dll
2012-01-21 17:25:57 72704 ----a-w- c:\windows\system32\admparse.dll
2012-01-21 17:25:55 52736 ----a-w- c:\windows\apppatch\iebrshim.dll
2012-01-21 17:25:54 832512 ----a-w- c:\windows\system32\wininet.dll
2012-01-21 17:25:42 389120 ----a-w- c:\windows\system32\html.iec
2012-01-21 17:25:41 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-01-21 17:25:41 48128 ----a-w- c:\windows\system32\mshtmler.dll
2012-01-21 17:25:37 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2012-01-21 17:25:30 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2012-01-21 17:25:26 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2012-01-21 17:25:21 56320 ----a-w- c:\windows\system32\iesetup.dll
2012-01-21 02:02:28 8192 ----a-w- c:\windows\system32\riched32.dll
2012-01-21 01:26:59 7964672 ----a-w- c:\windows\system32\NlsLexicons0024.dll
2012-01-21 00:55:22 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2012-01-21 00:55:20 2143744 ----a-w- c:\windows\apppatch\AcGenral.dll
2012-01-21 00:55:19 537600 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-01-21 00:55:19 449024 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2012-01-21 00:55:18 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2012-01-18 22:29:07 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
.
============= FINISH: 18:29:49.86 ===============

Attached Files


Edited by Orange Blossom, 04 February 2012 - 02:25 AM.


BC AdBot (Login to Remove)

 


#2 overtimeracing

overtimeracing
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lakewood, NY
  • Local time:05:23 PM

Posted 01 February 2012 - 08:05 PM

Here is my GMER report. Thank you again...Kevin

Attached Files

  • Attached File  ark.txt   7.29KB   2 downloads


#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:23 PM

Posted 05 February 2012 - 10:28 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.

Please post the logs for my review.

Let me know if the problem persists.

#4 overtimeracing

overtimeracing
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lakewood, NY
  • Local time:05:23 PM

Posted 05 February 2012 - 04:10 PM

nasdaq...Thank you...

ComboFix 12-02-05.02 - Dad 02/05/2012 15:51:26.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1015.390 [GMT -5:00]
Running from: c:\users\Dad\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
G:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-01-05 to 2012-02-05 )))))))))))))))))))))))))))))))
.
.
2012-02-04 01:22 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8053F706-139F-485D-AF4E-319FBC57C4BB}\mpengine.dll
2012-02-01 02:11 . 2012-02-01 02:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-01 02:11 . 2012-02-01 02:11 -------- d-----w- c:\programdata\Malwarebytes
2012-02-01 02:11 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-28 21:59 . 2011-11-18 21:36 150856 ----a-w- c:\windows\system32\mfevtps.exe
2012-01-28 01:59 . 2012-01-28 01:59 -------- d-----w- c:\programdata\McAfee
2012-01-23 22:49 . 2012-01-23 22:49 378368 ----a-w- c:\windows\system32\winhttp.dll
2012-01-23 22:41 . 2012-01-23 22:41 268800 ----a-w- c:\windows\system32\es.dll
2012-01-23 02:03 . 2012-01-23 02:05 -------- d-----w- c:\program files\Google
2012-01-23 02:03 . 2012-01-23 02:03 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-22 21:44 . 2012-02-05 20:18 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-01-22 21:43 . 2012-01-22 21:43 -------- d-----w- c:\program files\Toolbar Cleaner
2012-01-22 21:42 . 2012-01-22 21:44 -------- d-----w- c:\program files\adawaretb
2012-01-22 21:41 . 2011-12-23 12:12 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-01-22 21:41 . 2012-01-22 21:41 -------- dc----w- c:\windows\system32\DRVSTORE
2012-01-22 21:41 . 2012-01-22 21:41 -------- d-----w- c:\program files\Lavasoft
2012-01-22 21:41 . 2012-01-22 21:41 -------- d-----w- c:\programdata\Lavasoft
2012-01-22 19:42 . 2012-01-22 20:35 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-01-22 19:42 . 2012-01-22 19:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-01-22 08:45 . 2012-01-22 08:45 62464 ----a-w- c:\windows\system32\l3codeca.acm
2012-01-22 08:45 . 2012-01-22 08:45 220672 ----a-w- c:\windows\system32\l3codecp.acm
2012-01-22 08:45 . 2012-01-22 08:45 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2012-01-22 08:45 . 2012-01-22 08:45 179712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-01-22 08:45 . 2012-01-22 08:45 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2012-01-22 08:45 . 2012-01-22 08:45 815104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-01-22 08:45 . 2012-01-22 08:45 22016 ----a-w- c:\windows\system32\netiougc.exe
2012-01-22 08:45 . 2012-01-22 08:45 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2012-01-22 08:44 . 2012-01-22 08:44 454656 ----a-w- c:\program files\Common Files\System\msadc\msadce.dll
2012-01-22 08:44 . 2012-01-22 08:44 25600 ----a-w- c:\windows\system32\amxread.dll
2012-01-22 08:44 . 2012-01-22 08:44 14848 ----a-w- c:\windows\system32\apilogen.dll
2012-01-22 08:42 . 2012-01-22 08:42 441856 ----a-w- c:\windows\system32\win32spl.dll
2012-01-22 08:42 . 2012-01-22 08:42 37376 ----a-w- c:\windows\system32\printcom.dll
2012-01-22 08:41 . 2012-01-22 08:41 2032128 ----a-w- c:\windows\system32\win32k.sys
2012-01-22 08:41 . 2012-01-22 08:41 43520 ----a-w- c:\windows\system32\msdxm.tlb
2012-01-22 08:41 . 2012-01-22 08:41 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2012-01-22 08:41 . 2012-01-22 08:41 18432 ----a-w- c:\windows\system32\amcompat.tlb
2012-01-22 08:39 . 2012-01-22 08:39 312320 ----a-w- c:\windows\system32\msdrm.dll
2012-01-22 08:39 . 2012-01-22 08:39 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2012-01-22 08:39 . 2012-01-22 08:39 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2012-01-22 08:39 . 2012-01-22 08:39 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
2012-01-22 08:39 . 2012-01-22 08:39 515584 ----a-w- c:\windows\system32\RMActivate.exe
2012-01-22 08:39 . 2012-01-22 08:39 472576 ----a-w- c:\windows\system32\secproc.dll
2012-01-22 08:39 . 2012-01-22 08:39 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2012-01-22 08:39 . 2012-01-22 08:39 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2012-01-22 08:39 . 2012-01-22 08:39 473088 ----a-w- c:\windows\system32\secproc_isv.dll
2012-01-22 08:32 . 2012-01-22 08:32 97800 ----a-w- c:\windows\system32\infocardapi.dll
2012-01-22 08:32 . 2012-01-22 08:32 622080 ----a-w- c:\windows\system32\icardagt.exe
2012-01-22 08:32 . 2012-01-22 08:32 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2012-01-22 08:32 . 2012-01-22 08:32 11264 ----a-w- c:\windows\system32\icardres.dll
2012-01-22 08:32 . 2012-01-22 08:32 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2012-01-22 08:32 . 2012-01-22 08:32 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2012-01-22 08:32 . 2012-01-22 08:32 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-01-22 08:32 . 2012-01-22 08:32 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2012-01-21 22:25 . 2012-01-21 22:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-21 17:20 . 2012-01-21 17:20 123904 ----a-w- c:\windows\system32\L2SecHC.dll
2012-01-21 17:20 . 2012-01-21 17:20 47104 ----a-w- c:\windows\system32\wlanapi.dll
2012-01-21 17:20 . 2012-01-21 17:20 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2012-01-21 17:20 . 2012-01-21 17:20 502272 ----a-w- c:\windows\system32\wlansvc.dll
2012-01-21 17:20 . 2012-01-21 17:20 297984 ----a-w- c:\windows\system32\wlansec.dll
2012-01-21 17:20 . 2012-01-21 17:20 290816 ----a-w- c:\windows\system32\wlanmsm.dll
2012-01-21 17:18 . 2012-01-21 17:18 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2012-01-21 17:11 . 2012-01-21 17:11 494592 ----a-w- c:\windows\system32\kerberos.dll
2012-01-21 17:11 . 2012-01-21 17:11 272384 ----a-w- c:\windows\system32\schannel.dll
2012-01-21 17:07 . 2012-01-21 17:07 1585664 ----a-w- c:\windows\system32\setupapi.dll
2012-01-21 16:53 . 2012-01-21 16:53 9728 ----a-w- c:\windows\system32\LAPRXY.DLL
2012-01-21 16:53 . 2012-01-21 16:53 223232 ----a-w- c:\windows\system32\WMASF.DLL
2012-01-21 16:53 . 2012-01-21 16:53 2048 ----a-w- c:\windows\system32\asferror.dll
2012-01-21 16:51 . 2012-01-21 16:51 61440 ----a-w- c:\windows\system32\ntprint.exe
2012-01-21 16:51 . 2012-01-21 16:51 220160 ----a-w- c:\windows\system32\ntprint.dll
2012-01-21 16:51 . 2012-01-21 16:51 120320 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-01-21 16:51 . 2012-01-21 16:51 10240 ----a-w- c:\windows\system32\dhcpcmonitor.dll
2012-01-21 16:51 . 2012-01-21 16:51 1984512 ----a-w- c:\windows\system32\authui.dll
2012-01-21 16:51 . 2012-01-21 16:51 69632 ----a-w- c:\windows\system32\sendmail.dll
2012-01-21 16:50 . 2012-01-21 16:50 8138240 ----a-w- c:\windows\system32\ssBranded.scr
2012-01-21 16:23 . 2012-01-21 16:23 96760 ----a-w- c:\windows\system32\dfshim.dll
2012-01-21 16:23 . 2012-01-21 16:23 41984 ----a-w- c:\windows\system32\netfxperf.dll
2012-01-21 16:23 . 2012-01-21 16:23 282112 ----a-w- c:\windows\system32\mscoree.dll
2012-01-21 16:23 . 2012-01-21 16:23 83968 ----a-w- c:\windows\system32\mscories.dll
2012-01-21 16:23 . 2012-01-21 16:23 158720 ----a-w- c:\windows\system32\mscorier.dll
2012-01-21 16:00 . 2012-01-21 16:00 788992 ----a-w- c:\windows\system32\rpcrt4.dll
2012-01-21 02:04 . 2012-01-21 02:04 72704 ----a-w- c:\windows\system32\fontsub.dll
2012-01-21 02:04 . 2012-01-21 02:04 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-01-21 02:04 . 2012-01-21 02:04 289792 ----a-w- c:\windows\system32\atmfd.dll
2012-01-21 02:04 . 2012-01-21 02:04 24064 ----a-w- c:\windows\system32\lpk.dll
2012-01-21 02:04 . 2012-01-21 02:04 156672 ----a-w- c:\windows\system32\t2embed.dll
2012-01-21 02:04 . 2012-01-21 02:04 10240 ----a-w- c:\windows\system32\dciman32.dll
2012-01-21 02:03 . 2012-01-21 02:03 61440 ----a-w- c:\windows\system32\winipsec.dll
2012-01-21 02:03 . 2012-01-21 02:03 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2012-01-21 02:03 . 2012-01-21 02:03 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2012-01-21 02:03 . 2012-01-21 02:03 272896 ----a-w- c:\windows\system32\polstore.dll
2012-01-21 02:01 . 2012-01-21 02:01 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys
2012-01-21 02:01 . 2012-01-21 02:01 306688 ----a-w- c:\windows\system32\drivers\srv.sys
2012-01-21 02:00 . 2012-01-21 02:00 95232 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2012-01-21 02:00 . 2012-01-21 02:00 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2012-01-21 02:00 . 2012-01-21 02:00 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2012-01-21 01:59 . 2012-01-21 01:59 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2012-01-21 01:59 . 2012-01-21 01:59 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2012-01-21 01:59 . 2012-01-21 01:59 15360 ----a-w- c:\windows\system32\netevent.dll
2012-01-21 01:59 . 2012-01-21 01:59 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2012-01-21 01:59 . 2012-01-21 01:59 103936 ----a-w- c:\windows\system32\netiohlp.dll
2012-01-21 01:59 . 2012-01-21 01:59 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2012-01-21 01:59 . 2012-01-21 01:59 19968 ----a-w- c:\windows\system32\ARP.EXE
2012-01-21 01:59 . 2012-01-21 01:59 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2012-01-21 01:59 . 2012-01-21 01:59 10240 ----a-w- c:\windows\system32\finger.exe
2012-01-21 01:59 . 2012-01-21 01:59 213592 ----a-w- c:\windows\system32\drivers\netio.sys
2012-01-21 01:58 . 2012-01-21 01:58 704000 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2012-01-21 01:58 . 2012-01-21 01:58 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll
2012-01-21 01:58 . 2012-01-21 01:58 24064 ----a-w- c:\windows\system32\wtsapi32.dll
2012-01-21 01:58 . 2012-01-21 01:58 258232 ----a-w- c:\windows\system32\drivers\acpi.sys
2012-01-21 01:58 . 2012-01-21 01:58 542720 ----a-w- c:\windows\system32\sysmain.dll
2012-01-21 01:57 . 2012-01-21 01:57 194560 ----a-w- c:\windows\system32\WebClnt.dll
2012-01-21 01:57 . 2012-01-21 01:57 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2012-01-21 01:56 . 2012-01-21 01:56 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-01-21 01:56 . 2012-01-21 01:56 1260032 ----a-w- c:\windows\system32\msxml3.dll
2012-01-21 01:56 . 2012-01-21 01:56 2048 ----a-w- c:\windows\system32\msxml6r.dll
2012-01-21 01:56 . 2012-01-21 01:56 1406464 ----a-w- c:\windows\system32\msxml6.dll
2012-01-21 01:55 . 2012-01-21 01:55 175104 ----a-w- c:\windows\system32\wdigest.dll
2012-01-21 01:55 . 2012-01-21 01:55 7680 ----a-w- c:\windows\system32\lsass.exe
2012-01-21 01:55 . 2012-01-21 01:55 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-21 01:55 . 2012-01-21 01:55 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-21 01:55 . 2012-01-21 01:55 216576 ----a-w- c:\windows\system32\msv1_0.dll
2012-01-21 01:55 . 2012-01-21 01:55 1233920 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-21 01:55 . 2012-01-21 01:55 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2012-01-21 01:54 . 2012-01-21 01:54 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2012-01-21 01:54 . 2012-01-21 01:54 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-23 22:35 . 2012-01-23 22:35 36864 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui
2012-01-22 08:44 . 2012-01-22 08:44 40960 ----a-w- c:\windows\apppatch\apihex86.dll
2012-01-21 17:25 . 2012-01-21 17:25 52736 ----a-w- c:\windows\apppatch\iebrshim.dll
2012-01-21 17:06 . 2012-01-21 17:06 5632 ----a-w- c:\windows\system32\drivers\en-US\sermouse.sys.mui
2012-01-21 17:06 . 2012-01-21 17:06 4608 ----a-w- c:\windows\system32\drivers\en-US\mouclass.sys.mui
2012-01-21 17:06 . 2012-01-21 17:06 4608 ----a-w- c:\windows\system32\drivers\en-US\kbdclass.sys.mui
2012-01-21 17:06 . 2012-01-21 17:06 3072 ----a-w- c:\windows\system32\drivers\en-US\mouhid.sys.mui
2012-01-21 17:06 . 2012-01-21 17:06 3072 ----a-w- c:\windows\system32\drivers\en-US\kbdhid.sys.mui
2012-01-21 17:06 . 2012-01-21 17:06 10752 ----a-w- c:\windows\system32\drivers\en-US\i8042prt.sys.mui
2012-01-21 00:55 . 2012-01-21 00:55 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2012-01-21 00:55 . 2012-01-21 00:55 2143744 ----a-w- c:\windows\apppatch\AcGenral.dll
2012-01-21 00:55 . 2012-01-21 00:55 537600 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-01-21 00:55 . 2012-01-21 00:55 449024 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2012-01-21 00:55 . 2012-01-21 00:55 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2012-01-18 22:29 . 2007-08-30 06:16 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2011-12-21 15:44 87440 ----a-w- c:\program files\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2011-12-21 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-23 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-09-02 1638400]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-11-14 197288]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"adaware"="reg.exe delete HKCU\Software\AppDataLow\Software\adaware" [X]
"adaware_XP"="reg.exe delete HKCU\Software\adaware" [X]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-05 15:59
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-02-05 16:02:48
ComboFix-quarantined-files.txt 2012-02-05 21:02
.
Pre-Run: 182,379,831,296 bytes free
Post-Run: 182,823,280,640 bytes free
.
- - End Of File - - 24A69CBD9068536946F6DD82845CF331

Edited by overtimeracing, 05 February 2012 - 04:12 PM.


#5 overtimeracing

overtimeracing
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lakewood, NY
  • Local time:05:23 PM

Posted 05 February 2012 - 04:16 PM

Results of screen317's Security Check version 0.99.30
Windows Vista x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Norton AntiVirus
Norton Internet Security (Symantec Corporation)
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Malwarebytes' Anti-Malware
Java™ 6 Update 30
Java™ SE Runtime Environment 6 Update 1
Adobe Reader 8 Adobe Reader out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Windows Defender MSASCui.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Malwarebytes' Anti-Malware mbamservice.exe
Spybot Teatimer.exe is disabled!
Windows Defender MSASCui.exe
``````````End of Log````````````

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:23 PM

Posted 06 February 2012 - 07:55 AM

Please remove this old version of Java™ SE Runtime Environment 6 Update 1 using the Add/Remove programs list.
===

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


#7 overtimeracing

overtimeracing
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lakewood, NY
  • Local time:05:23 PM

Posted 06 February 2012 - 10:05 PM

Here is the log. Thanks again...Kevin

Farbar Service Scanner Version: 05-02-2012
Ran by Dad (administrator) on 06-02-2012 at 22:04:21
Running from "C:\Users\Dad\Desktop"
Microsoft® Windows Vista™ Home Premium (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll
[2012-01-20 19:58] - [2012-01-20 19:58] - 0084480 ____A (Microsoft Corporation) 05D7E62FD2EABAD579EB4D0C29245EEC

C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll
[2007-08-30 01:07] - [2007-08-30 01:07] - 0102912 ____A (Microsoft Corporation) 56AA904311B3BACC67DBA8679AFF73D4

C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:23 PM

Posted 07 February 2012 - 09:48 AM

Open notepad and copy/paste the text in the quote box below into it:

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"adaware"=-
"adaware_XP"=-


Save this as CFScript on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Please let me know exactly what you are not being about to update.
Post any error message that may help in identifying the problem.

#9 overtimeracing

overtimeracing
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lakewood, NY
  • Local time:05:23 PM

Posted 07 February 2012 - 06:19 PM

nasdaq... Here is the log. Got this from Malware: [Shell_NotifyIcon] Failed to perform desired action. Error code:0

Basically when this all started, my computer was running like crap and all my Hotmail contacts got viruses. I didnt know about the hotmail thing, because I havent used it in a while, but would go in and delete my emails. Forund out from a guy @ work, he opened one of my emails and crashed his lap top. I started working with Boopme and had installed maleware and spybot and adwere from this website. The maleware wouldnt update, and that was when boopme refered me to you. I would like to get this situation fixed, and learn how to avoid/prevent it in the future. Thank you again for all of your help. Kevin

ComboFix 12-02-05.02 - Dad 02/07/2012 17:48:59.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1015.325 [GMT -5:00]
Running from: c:\users\Dad\Desktop\ComboFix.exe
Command switches used :: c:\users\Dad\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
G:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-01-07 to 2012-02-07 )))))))))))))))))))))))))))))))
.
.
2012-02-07 22:57 . 2012-02-07 22:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-07 22:23 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F567E4E3-6C8A-44F5-8D02-0C51C8276495}\mpengine.dll
2012-02-07 03:01 . 2012-02-07 03:01 0 ----a-w- c:\windows\system32\REN5DC0.tmp
2012-02-07 03:01 . 2012-02-07 03:01 0 ----a-w- c:\windows\system32\REN5DBF.tmp
2012-02-07 03:01 . 2012-02-07 03:01 0 ----a-w- c:\windows\system32\REN5D80.tmp
2012-02-01 02:11 . 2012-02-01 02:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-01 02:11 . 2012-02-01 02:11 -------- d-----w- c:\programdata\Malwarebytes
2012-02-01 02:11 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-28 21:59 . 2011-11-18 21:36 150856 ----a-w- c:\windows\system32\mfevtps.exe
2012-01-28 01:59 . 2012-01-28 01:59 -------- d-----w- c:\programdata\McAfee
2012-01-23 22:49 . 2012-01-23 22:49 378368 ----a-w- c:\windows\system32\winhttp.dll
2012-01-23 22:41 . 2012-01-23 22:41 268800 ----a-w- c:\windows\system32\es.dll
2012-01-23 02:03 . 2012-01-23 02:05 -------- d-----w- c:\program files\Google
2012-01-23 02:03 . 2012-01-23 02:03 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-22 21:44 . 2012-02-06 21:40 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-01-22 21:43 . 2012-01-22 21:43 -------- d-----w- c:\program files\Toolbar Cleaner
2012-01-22 21:42 . 2012-01-22 21:44 -------- d-----w- c:\program files\adawaretb
2012-01-22 21:41 . 2011-12-23 12:12 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-01-22 21:41 . 2012-01-22 21:41 -------- dc----w- c:\windows\system32\DRVSTORE
2012-01-22 21:41 . 2012-01-22 21:41 -------- d-----w- c:\program files\Lavasoft
2012-01-22 21:41 . 2012-01-22 21:41 -------- d-----w- c:\programdata\Lavasoft
2012-01-22 19:42 . 2012-01-22 20:35 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-01-22 19:42 . 2012-01-22 19:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-01-22 08:45 . 2012-01-22 08:45 62464 ----a-w- c:\windows\system32\l3codeca.acm
2012-01-22 08:45 . 2012-01-22 08:45 220672 ----a-w- c:\windows\system32\l3codecp.acm
2012-01-22 08:45 . 2012-01-22 08:45 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2012-01-22 08:45 . 2012-01-22 08:45 179712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-01-22 08:45 . 2012-01-22 08:45 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2012-01-22 08:45 . 2012-01-22 08:45 815104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-01-22 08:45 . 2012-01-22 08:45 22016 ----a-w- c:\windows\system32\netiougc.exe
2012-01-22 08:45 . 2012-01-22 08:45 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2012-01-22 08:44 . 2012-01-22 08:44 454656 ----a-w- c:\program files\Common Files\System\msadc\msadce.dll
2012-01-22 08:44 . 2012-01-22 08:44 25600 ----a-w- c:\windows\system32\amxread.dll
2012-01-22 08:44 . 2012-01-22 08:44 14848 ----a-w- c:\windows\system32\apilogen.dll
2012-01-22 08:42 . 2012-01-22 08:42 441856 ----a-w- c:\windows\system32\win32spl.dll
2012-01-22 08:42 . 2012-01-22 08:42 37376 ----a-w- c:\windows\system32\printcom.dll
2012-01-22 08:41 . 2012-01-22 08:41 2032128 ----a-w- c:\windows\system32\win32k.sys
2012-01-22 08:41 . 2012-01-22 08:41 43520 ----a-w- c:\windows\system32\msdxm.tlb
2012-01-22 08:41 . 2012-01-22 08:41 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2012-01-22 08:41 . 2012-01-22 08:41 18432 ----a-w- c:\windows\system32\amcompat.tlb
2012-01-22 08:39 . 2012-01-22 08:39 312320 ----a-w- c:\windows\system32\msdrm.dll
2012-01-22 08:39 . 2012-01-22 08:39 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2012-01-22 08:39 . 2012-01-22 08:39 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2012-01-22 08:39 . 2012-01-22 08:39 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
2012-01-22 08:39 . 2012-01-22 08:39 515584 ----a-w- c:\windows\system32\RMActivate.exe
2012-01-22 08:39 . 2012-01-22 08:39 472576 ----a-w- c:\windows\system32\secproc.dll
2012-01-22 08:39 . 2012-01-22 08:39 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2012-01-22 08:39 . 2012-01-22 08:39 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2012-01-22 08:39 . 2012-01-22 08:39 473088 ----a-w- c:\windows\system32\secproc_isv.dll
2012-01-22 08:32 . 2012-01-22 08:32 97800 ----a-w- c:\windows\system32\infocardapi.dll
2012-01-22 08:32 . 2012-01-22 08:32 622080 ----a-w- c:\windows\system32\icardagt.exe
2012-01-22 08:32 . 2012-01-22 08:32 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2012-01-22 08:32 . 2012-01-22 08:32 11264 ----a-w- c:\windows\system32\icardres.dll
2012-01-22 08:32 . 2012-01-22 08:32 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2012-01-22 08:32 . 2012-01-22 08:32 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2012-01-22 08:32 . 2012-01-22 08:32 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-01-22 08:32 . 2012-01-22 08:32 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2012-01-21 22:25 . 2012-01-21 22:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-21 17:20 . 2012-01-21 17:20 123904 ----a-w- c:\windows\system32\L2SecHC.dll
2012-01-21 17:20 . 2012-01-21 17:20 47104 ----a-w- c:\windows\system32\wlanapi.dll
2012-01-21 17:20 . 2012-01-21 17:20 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2012-01-21 17:20 . 2012-01-21 17:20 502272 ----a-w- c:\windows\system32\wlansvc.dll
2012-01-21 17:20 . 2012-01-21 17:20 297984 ----a-w- c:\windows\system32\wlansec.dll
2012-01-21 17:20 . 2012-01-21 17:20 290816 ----a-w- c:\windows\system32\wlanmsm.dll
2012-01-21 17:18 . 2012-01-21 17:18 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2012-01-21 17:11 . 2012-01-21 17:11 494592 ----a-w- c:\windows\system32\kerberos.dll
2012-01-21 17:11 . 2012-01-21 17:11 272384 ----a-w- c:\windows\system32\schannel.dll
2012-01-21 17:07 . 2012-01-21 17:07 1585664 ----a-w- c:\windows\system32\setupapi.dll
2012-01-21 16:53 . 2012-01-21 16:53 9728 ----a-w- c:\windows\system32\LAPRXY.DLL
2012-01-21 16:53 . 2012-01-21 16:53 223232 ----a-w- c:\windows\system32\WMASF.DLL
2012-01-21 16:53 . 2012-01-21 16:53 2048 ----a-w- c:\windows\system32\asferror.dll
2012-01-21 16:51 . 2012-01-21 16:51 61440 ----a-w- c:\windows\system32\ntprint.exe
2012-01-21 16:51 . 2012-01-21 16:51 220160 ----a-w- c:\windows\system32\ntprint.dll
2012-01-21 16:51 . 2012-01-21 16:51 120320 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-01-21 16:51 . 2012-01-21 16:51 10240 ----a-w- c:\windows\system32\dhcpcmonitor.dll
2012-01-21 16:51 . 2012-01-21 16:51 1984512 ----a-w- c:\windows\system32\authui.dll
2012-01-21 16:51 . 2012-01-21 16:51 69632 ----a-w- c:\windows\system32\sendmail.dll
2012-01-21 16:50 . 2012-01-21 16:50 8138240 ----a-w- c:\windows\system32\ssBranded.scr
2012-01-21 16:23 . 2012-01-21 16:23 96760 ----a-w- c:\windows\system32\dfshim.dll
2012-01-21 16:23 . 2012-01-21 16:23 41984 ----a-w- c:\windows\system32\netfxperf.dll
2012-01-21 16:23 . 2012-01-21 16:23 282112 ----a-w- c:\windows\system32\mscoree.dll
2012-01-21 16:23 . 2012-01-21 16:23 83968 ----a-w- c:\windows\system32\mscories.dll
2012-01-21 16:23 . 2012-01-21 16:23 158720 ----a-w- c:\windows\system32\mscorier.dll
2012-01-21 16:00 . 2012-01-21 16:00 788992 ----a-w- c:\windows\system32\rpcrt4.dll
2012-01-21 02:04 . 2012-01-21 02:04 72704 ----a-w- c:\windows\system32\fontsub.dll
2012-01-21 02:04 . 2012-01-21 02:04 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-01-21 02:04 . 2012-01-21 02:04 289792 ----a-w- c:\windows\system32\atmfd.dll
2012-01-21 02:04 . 2012-01-21 02:04 24064 ----a-w- c:\windows\system32\lpk.dll
2012-01-21 02:04 . 2012-01-21 02:04 156672 ----a-w- c:\windows\system32\t2embed.dll
2012-01-21 02:04 . 2012-01-21 02:04 10240 ----a-w- c:\windows\system32\dciman32.dll
2012-01-21 02:03 . 2012-01-21 02:03 61440 ----a-w- c:\windows\system32\winipsec.dll
2012-01-21 02:03 . 2012-01-21 02:03 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2012-01-21 02:03 . 2012-01-21 02:03 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2012-01-21 02:03 . 2012-01-21 02:03 272896 ----a-w- c:\windows\system32\polstore.dll
2012-01-21 02:01 . 2012-01-21 02:01 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys
2012-01-21 02:01 . 2012-01-21 02:01 306688 ----a-w- c:\windows\system32\drivers\srv.sys
2012-01-21 02:00 . 2012-01-21 02:00 95232 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2012-01-21 02:00 . 2012-01-21 02:00 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2012-01-21 02:00 . 2012-01-21 02:00 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2012-01-21 01:59 . 2012-01-21 01:59 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2012-01-21 01:59 . 2012-01-21 01:59 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2012-01-21 01:59 . 2012-01-21 01:59 15360 ----a-w- c:\windows\system32\netevent.dll
2012-01-21 01:59 . 2012-01-21 01:59 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2012-01-21 01:59 . 2012-01-21 01:59 103936 ----a-w- c:\windows\system32\netiohlp.dll
2012-01-21 01:59 . 2012-01-21 01:59 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2012-01-21 01:59 . 2012-01-21 01:59 19968 ----a-w- c:\windows\system32\ARP.EXE
2012-01-21 01:59 . 2012-01-21 01:59 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2012-01-21 01:59 . 2012-01-21 01:59 10240 ----a-w- c:\windows\system32\finger.exe
2012-01-21 01:59 . 2012-01-21 01:59 213592 ----a-w- c:\windows\system32\drivers\netio.sys
2012-01-21 01:58 . 2012-01-21 01:58 704000 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2012-01-21 01:58 . 2012-01-21 01:58 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll
2012-01-21 01:58 . 2012-01-21 01:58 24064 ----a-w- c:\windows\system32\wtsapi32.dll
2012-01-21 01:58 . 2012-01-21 01:58 258232 ----a-w- c:\windows\system32\drivers\acpi.sys
2012-01-21 01:58 . 2012-01-21 01:58 542720 ----a-w- c:\windows\system32\sysmain.dll
2012-01-21 01:57 . 2012-01-21 01:57 194560 ----a-w- c:\windows\system32\WebClnt.dll
2012-01-21 01:57 . 2012-01-21 01:57 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2012-01-21 01:56 . 2012-01-21 01:56 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-01-21 01:56 . 2012-01-21 01:56 1260032 ----a-w- c:\windows\system32\msxml3.dll
2012-01-21 01:56 . 2012-01-21 01:56 2048 ----a-w- c:\windows\system32\msxml6r.dll
2012-01-21 01:56 . 2012-01-21 01:56 1406464 ----a-w- c:\windows\system32\msxml6.dll
2012-01-21 01:55 . 2012-01-21 01:55 175104 ----a-w- c:\windows\system32\wdigest.dll
2012-01-21 01:55 . 2012-01-21 01:55 7680 ----a-w- c:\windows\system32\lsass.exe
2012-01-21 01:55 . 2012-01-21 01:55 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-21 01:55 . 2012-01-21 01:55 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-21 01:55 . 2012-01-21 01:55 216576 ----a-w- c:\windows\system32\msv1_0.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-23 22:35 . 2012-01-23 22:35 36864 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui
2012-01-22 08:44 . 2012-01-22 08:44 40960 ----a-w- c:\windows\apppatch\apihex86.dll
2012-01-21 17:25 . 2012-01-21 17:25 52736 ----a-w- c:\windows\apppatch\iebrshim.dll
2012-01-21 17:06 . 2012-01-21 17:06 5632 ----a-w- c:\windows\system32\drivers\en-US\sermouse.sys.mui
2012-01-21 17:06 . 2012-01-21 17:06 4608 ----a-w- c:\windows\system32\drivers\en-US\mouclass.sys.mui
2012-01-21 17:06 . 2012-01-21 17:06 4608 ----a-w- c:\windows\system32\drivers\en-US\kbdclass.sys.mui
2012-01-21 17:06 . 2012-01-21 17:06 3072 ----a-w- c:\windows\system32\drivers\en-US\mouhid.sys.mui
2012-01-21 17:06 . 2012-01-21 17:06 3072 ----a-w- c:\windows\system32\drivers\en-US\kbdhid.sys.mui
2012-01-21 17:06 . 2012-01-21 17:06 10752 ----a-w- c:\windows\system32\drivers\en-US\i8042prt.sys.mui
2012-01-21 00:55 . 2012-01-21 00:55 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2012-01-21 00:55 . 2012-01-21 00:55 2143744 ----a-w- c:\windows\apppatch\AcGenral.dll
2012-01-21 00:55 . 2012-01-21 00:55 537600 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-01-21 00:55 . 2012-01-21 00:55 449024 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2012-01-21 00:55 . 2012-01-21 00:55 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2012-01-18 22:29 . 2007-08-30 06:16 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-23 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-09-02 1638400]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-11-14 197288]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-12-23 12:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-07 17:57
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\TEMP\TMP000000224DD359EA6C274DC5 524288 bytes
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-02-07 18:01:15
ComboFix-quarantined-files.txt 2012-02-07 23:01
ComboFix2.txt 2012-02-05 21:02
.
Pre-Run: 183,497,220,096 bytes free
Post-Run: 183,480,885,248 bytes free
.
- - End Of File - - 8A11F2AA8772438CECDDB1F49ACBD948

#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:23 PM

Posted 08 February 2012 - 09:37 AM

Quoted from your error log.

Description: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.


Found this article.

Event ID 5007 is logged in the Application log every time that you start a Windows Vista-based computer
http://support.microsoft.com/kb/940828

It directs you to this article.

A March 2007 update is available for the Windows Vista Customer Experience Improvement Program (CEIP)
http://support.microsoft.com/kb/931174

I would remove this application. Instructions on the last microsoft article.
===

Got this from Malware: [Shell_NotifyIcon] Failed to perform desired action. Error code:0

If you are not able to run Malwarebytes I would remove it from the Add/Remove programs list.
Then reinstall the latest version.
===

In the service/driver section of the DDS log I see references to McAfee and Norton.

Which one do you used and is up to date at the moment?

I find it strange that ComboFix does not report any of them.
Are you deleting the items from ComboFix?

==

What are you trying to update?
What is the error message?

#11 overtimeracing

overtimeracing
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lakewood, NY
  • Local time:05:23 PM

Posted 08 February 2012 - 07:17 PM

Found this article.

Event ID 5007 is logged in the Application log every time that you start a Windows Vista-based computer
http://support.microsoft.com/kb/940828

It directs you to this article.

A March 2007 update is available for the Windows Vista Customer Experience Improvement Program (CEIP)
http://support.microsoft.com/kb/931174

I would remove this application. Instructions on the last microsoft article.

*** I tried to remove this but I dont think I am a member.

If you are not able to run Malwarebytes I would remove it from the Add/Remove programs list.
Then reinstall the latest version.

*** I have removed this and will reinstall after I post this.

In the service/driver section of the DDS log I see references to McAfee and Norton.

Which one do you used and is up to date at the moment?

*** I dont see any McAfee in the programs and features. I found Norton and have removed it.

I find it strange that ComboFix does not report any of them.
Are you deleting the items from ComboFix?

***no...

#12 overtimeracing

overtimeracing
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lakewood, NY
  • Local time:05:23 PM

Posted 08 February 2012 - 07:41 PM

Hey nasdaq... Tried to reinstall malwerebytes and got msg: The program is outdated by 8 days. Would you like to update? I clicked yes and got error Msg: Program_Error_Updating (0,0, connection refused.) But I see it listed in the Programs.

Also... I dont think the norton uninstalled as I still see in the programs. Thanks again for the help!! Kevin

#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:23 PM

Posted 09 February 2012 - 11:13 AM

Also... I dont think the norton uninstalled as I still see in the programs. Thanks again for the help!! Kevin

Download and run the Norton Removal Tool FOR YOUR CURRENT PROGRAM.
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039?Open&src=&docid=2001092114452606&nsf=nav.nsf&view=docid&dtype=&prod=&ver=&osv=&osv_lvl=
===

Reinstall Norton as you should not go to the internet without any virus protection. Then try to update Malwarebytes.

Hey nasdaq... Tried to reinstall malwerebytes and got msg: The program is outdated by 8 days. Would you like to update? I clicked yes and got error Msg: Program_Error_Updating (0,0, connection refused.) But I see it listed in the Programs.

I suggest also that your Repair IE7 as suggested on this Microsoft article. After you have set the virus protection.

How to reinstall or repair Internet Explorer in Windows 7, Windows Vista, and Windows XP
http://support.microsoft.com/kb/318378

How is it now?

#14 overtimeracing

overtimeracing
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lakewood, NY
  • Local time:05:23 PM

Posted 11 February 2012 - 02:11 PM

Hello again. When I attempt to down load the removal tool, Internet explorer cannot display the page. Now what? Also, can you tell what Norton I have? I dont know. Thanks again. Kevin

Edited by overtimeracing, 11 February 2012 - 02:12 PM.


#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:23 PM

Posted 11 February 2012 - 02:45 PM

I was redirected here. Try it.

https://www-secure.symantec.com/norton-support/jsp/help-solutions.jsp?docid=20080710133834EN&lg=english&ct=united+states&product=home&version=1&pvid=f-home&entsrc=redirect_pubweb

This is the best I can get from your logs.

Antivirus/Firewall Check:
Windows Firewall Disabled!
Norton AntiVirus
Norton Internet Security <- probably this (Symantec Corporation)
Norton Internet Security


I see this one on the download page.
I have Norton Security Suite or Norton Business Suite




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users