Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit.Boot.Pihar.B wont go away after tddskiller removal


  • This topic is locked This topic is locked
28 replies to this topic

#1 kartboy

kartboy

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 09 March 2012 - 08:34 PM

I've been infected with a rootkit called Pihar.B. I tried TDSS Killer, but it doesn't seem to get rid of all of it. I can't seem to remove the TDSS filesystem. Cant attach gmer log as this is windows 7 64-bit.
17:00:04.0281 1348 ============================================================

17:00:04.0281 1348 Scan finished

17:00:04.0281 1348 ============================================================

17:00:04.0297 3332 Detected object count: 2

17:00:04.0297 3332 Actual detected object count: 2

18:00:09.0739 3332 \Device\Harddisk0\DR0\# - copied to quarantine

18:00:09.0739 3332 \Device\Harddisk0\DR0 - copied to quarantine

18:00:09.0770 3332 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

18:00:09.0770 3332 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

18:00:09.0785 3332 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

18:00:09.0832 3332 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

18:00:09.0848 3332 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

18:00:09.0848 3332 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

18:00:09.0863 3332 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

18:00:09.0863 3332 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

18:00:09.0863 3332 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

18:00:09.0879 3332 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

18:00:09.0879 3332 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

18:00:09.0879 3332 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

18:00:09.0895 3332 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

18:00:09.0895 3332 \Device\Harddisk0\DR0 - ok

18:00:09.0910 3332 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

18:00:09.0910 3332 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

18:00:09.0910 3332 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

18:00:16.0899 4780 Deinitialize success

Here's the DDS file.
.

DDS (Ver_2011-06-03.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514

Run by Clipy at 17:57:41 on 2012-03-09

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3032.1835 [GMT -7:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\PROGRA~2\BRINGM~2\bar\1.bin\1cbarsvc.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cbrmon.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\SearchIndexer.exe

-netsvcs

C:\Windows\system32\conhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Users\Claburn Jones\Desktop\tdsskiller\TDSSKiller.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.aol.com/?mtmhp=acm50mtmhpauthgreeting

uURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll

uURLSearchHooks: N/A: {06b5b051-1d05-443d-822f-39ab0d05f018} - C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cSrcAs.dll

mURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll

BHO: Search Assistant BHO: {002d1ba6-4766-4d7d-82b8-f49439c66f97} - C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cSrcAs.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100814135017.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Toolbar BHO: {f653d037-97fa-4755-98c1-7f382eeb59a7} - C:\PROGRA~2\BRINGM~2\bar\1.bin\1cbar.dll

TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll

TB: BringMeSports: {cc53bd19-7b23-43b0-ab7c-0e06c708cced} - C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cbar.dll

uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun: [BringMeSports_1c Browser Plugin Loader] C:\PROGRA~2\BRINGM~2\bar\1.bin\1cbrmon.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

Trusted Zone: intuit.com\ttlc

Trusted Zone: turbotax.com

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{3FB55B3A-193C-4C62-AA5F-A618DCA5732F} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{3FB55B3A-193C-4C62-AA5F-A618DCA5732F}\E4544574541425 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{96408494-FA91-455B-9B09-FA35C75E80E4} : DhcpNameServer = 192.168.1.1

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Search Assistant BHO: {002d1ba6-4766-4d7d-82b8-f49439c66f97} - C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cSrcAs.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO-X64: McAfee Phishing Filter - No File

BHO-X64: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll

BHO-X64: AOL Toolbar Loader - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100814135017.dll

BHO-X64: scriptproxy - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: Toolbar BHO: {f653d037-97fa-4755-98c1-7f382eeb59a7} - C:\PROGRA~2\BRINGM~2\bar\1.bin\1cbar.dll

TB-X64: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll

TB-X64: BringMeSports: {cc53bd19-7b23-43b0-ab7c-0e06c708cced} - C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cbar.dll

mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun-x64: [BringMeSports_1c Browser Plugin Loader] C:\PROGRA~2\BRINGM~2\bar\1.bin\1cbrmon.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]

R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 BringMeSports_1cService;BringMeSportsService;C:\PROGRA~2\BRINGM~2\bar\1.bin\1cbarsvc.exe [2011-9-17 42504]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]

R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-8-14 355440]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-8-14 355440]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-8-14 355440]

R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-8-14 199032]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-8-14 244840]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-8-14 148520]

R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-25 136176]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-25 136176]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-2 227232]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

S3 ssmirrdr;ssmirrdr;C:\Windows\system32\DRIVERS\ssmirrdr.sys --> C:\Windows\system32\DRIVERS\ssmirrdr.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-03-08 16:11:49 20480 ----a-w- C:\Windows\svchost.exe

2012-03-08 04:53:20 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\1600.tmp

2012-03-08 04:53:20 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\15F0.tmp

2012-03-04 19:45:40 -------- d-----w- C:\Users\Claburn Jones\AppData\Local\{577D4375-6F25-4D20-86A6-AD1011EAC892}

2012-03-04 19:45:29 -------- d-----w- C:\Users\Claburn Jones\AppData\Local\{3F794F1E-E036-4E3F-A62F-F27C6B6BEF2E}

2012-03-02 04:02:21 -------- d-----w- C:\Users\Claburn Jones\AppData\Local\{33CBCD68-8AB1-4E8F-8FC4-5E8252EBE877}

2012-03-02 04:02:10 -------- d-----w- C:\Users\Claburn Jones\AppData\Local\{258B83B0-C80F-4C6F-A509-878009741185}

2012-03-02 04:01:38 -------- d-----w- C:\Users\Claburn Jones\AppData\Local\{B9470C57-4C97-49DD-973D-1FA7E0CF1DB5}

2012-02-22 02:42:08 -------- d-----w- C:\Users\Claburn Jones\AppData\Local\LogMeIn Rescue Applet

2012-02-22 02:10:14 -------- d-----w- C:\Users\Claburn Jones\AppData\Roaming\SpeedyPC Software

2012-02-22 02:10:14 -------- d-----w- C:\Users\Claburn Jones\AppData\Roaming\DriverCure

2012-02-22 02:10:01 -------- d-----w- C:\Program Files (x86)\Common Files\SpeedyPC Software

2012-02-22 02:10:00 -------- d-----w- C:\ProgramData\SpeedyPC Software

2012-02-22 02:10:00 -------- d-----w- C:\Program Files (x86)\SpeedyPC Software

2012-02-20 20:10:13 -------- d-----w- C:\Users\Claburn Jones\AppData\Local\{046F97C5-5FD1-4970-9336-038DAECDD91D}

2012-02-20 02:21:15 -------- d-----w- C:\ProgramData\4248b3

2012-02-16 02:42:15 509952 ----a-w- C:\Windows\System32\ntshrui.dll

2012-02-16 02:42:15 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll

2012-02-16 02:42:12 515584 ----a-w- C:\Windows\System32\timedate.cpl

2012-02-16 02:42:12 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl

2012-02-16 02:42:09 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-02-16 02:42:07 498688 ----a-w- C:\Windows\System32\drivers\afd.sys

.

==================== Find3M ====================

.

2011-12-16 08:47:38 1188864 ----a-w- C:\Windows\System32\wininet.dll

2011-12-16 08:46:06 634880 ----a-w- C:\Windows\System32\msvcrt.dll

2011-12-16 07:54:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-12-16 07:52:58 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll

2011-12-16 06:44:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-12-16 06:09:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

.

============= FINISH: 17:59:02.31 ===============

Edited by kartboy, 09 March 2012 - 08:44 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:17 PM

Posted 10 March 2012 - 01:10 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 kartboy

kartboy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 10 March 2012 - 11:02 AM

here is the log

Scan result of Farbar Recovery Scan Tool Version: 07-03-2012 01

Ran by SYSTEM at 10-03-2012 08:50:43

Running from G:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001



========================== Registry (Whitelisted) =============



HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1808680 2009-06-25] (Synaptics Incorporated)

HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [165912 2009-06-30] (Intel Corporation)

HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [385560 2009-06-30] (Intel Corporation)

HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [365080 2009-06-30] (Intel Corporation)

HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.)

HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)

HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)

HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1484856 2010-07-01] (McAfee, Inc.)

HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)

HKLM-x32\...\Run: [BringMeSports_1c Browser Plugin Loader] C:\PROGRA~2\BRINGM~2\bar\1.bin\1cbrmon.exe [30096 2011-09-17] (VER_COMPANY_NAME)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)

HKU\Claburn Jones\...\Policies\system: [disableregistrytools] 0

Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1



==================== Services (Whitelisted) ======



3 AOL ACS; "C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe" [46640 2006-10-23] (AOL LLC)

2 BringMeSports_1cService; C:\PROGRA~2\BRINGM~2\bar\1.bin\1cbarsvc.exe [42504 2011-09-17] (COMPANYVERS_NAME)

2 IntuitUpdateService; "C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe" [13088 2009-09-29] (Intuit Inc.)

2 IntuitUpdateServiceV4; "C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" [13672 2011-08-25] (Intuit Inc.)

3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe" [227232 2010-09-03] (McAfee, Inc.)

2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)

2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)

2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)

2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)

3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [509416 2010-04-15] (McAfee, Inc.)

2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)

2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199032 2010-05-31] (McAfee, Inc.)

2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [244840 2010-05-31] (McAfee, Inc.)

2 mfevtp; "C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe" [148520 2010-05-31] (McAfee, Inc.)

2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)

2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-28] (IDT, Inc.)



========================== Drivers (Whitelisted) =============



3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62416 2010-05-31] (McAfee, Inc.)

3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121504 2010-05-31] (McAfee, Inc.)

3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [189880 2010-05-31] (McAfee, Inc.)

3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [440688 2010-05-31] (McAfee, Inc.)

0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [528616 2010-05-31] (McAfee, Inc.)

1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75288 2010-05-31] (McAfee, Inc.)

3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [93840 2010-05-31] (McAfee, Inc.)

1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [279752 2010-05-31] (McAfee, Inc.)

3 ssmirrdr; C:\Windows\System32\DRIVERS\ssmirrdr.sys [10112 2010-11-02] (support.com, Inc)

3 wanatw; C:\Windows\System32\DRIVERS\wanatw64.sys [24064 2006-11-29] (America Online, Inc.)

3 catchme; \??\C:\ComboFix\catchme.sys [x]

3 mfeavfk01; [x]



========================== NetSvcs (Whitelisted) ===========



============ One Month Created Files and Folders ==============



2012-03-09 19:11 - 2012-03-09 18:38 - 4730880 ____A (AVAST Software) C:\Users\Claburn Jones\Desktop\aswMBR.exe

2012-03-09 19:11 - 2012-03-09 18:37 - 4432147 ____A (Swearware) C:\Users\Claburn Jones\Desktop\ComboFix (1).exe

2012-03-09 19:11 - 2012-03-09 18:36 - 9502424 ____A (Malwarebytes Corporation ) C:\Users\Claburn Jones\Desktop\mbam--setup-1.60.1.1000.exe

2012-03-09 19:00 - 2012-03-09 19:03 - 0000000 ____D C:\TDSSKiller_Quarantine

2012-03-09 18:59 - 2012-03-09 18:59 - 0017085 ____A C:\Users\Claburn Jones\Desktop\DDS.txt

2012-03-09 18:46 - 2012-03-09 18:46 - 0007038 ____A C:\Users\Claburn Jones\Desktop\Attach.txt

2012-03-09 18:44 - 2012-03-09 18:44 - 0000000 ____D C:\Users\Claburn Jones\Desktop\gmer (1)

2012-03-09 18:41 - 2012-03-09 18:33 - 0294216 ____A C:\Users\Claburn Jones\Desktop\gmer (1).zip

2012-03-09 18:41 - 2011-06-09 14:27 - 0607222 ____R (Swearware) C:\Users\Claburn Jones\Desktop\dds.scr

2012-03-09 17:59 - 2012-03-09 19:02 - 0000000 ____D C:\Users\Claburn Jones\Desktop\tdsskiller

2012-03-09 17:59 - 2012-03-09 19:00 - 0080158 ____A C:\Users\Claburn Jones\Desktop\TDSSKiller.2.7.19.0_09.03.2012_16.59.07_log.txt

2012-03-09 17:58 - 2012-03-09 17:54 - 2044980 ____A C:\Users\Claburn Jones\Desktop\tdsskiller.zip

2012-03-09 17:39 - 2012-03-09 17:58 - 0077312 ____A C:\TDSSKiller.2.7.11.0_09.03.2012_16.39.38_log.txt

2012-03-08 10:11 - 2009-07-13 19:14 - 0020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe

2012-03-07 12:45 - 2012-03-07 12:45 - 0010764 ____A C:\Users\Claburn Jones\My Documents\Wes and Betty thank you.docx

2012-03-07 12:45 - 2012-03-07 12:45 - 0010764 ____A C:\Users\Claburn Jones\Documents\Wes and Betty thank you.docx

2012-03-05 11:55 - 2012-03-05 11:55 - 0223846 ____A C:\Users\Claburn Jones\My Documents\Scan0003.pdf

2012-03-05 11:55 - 2012-03-05 11:55 - 0223846 ____A C:\Users\Claburn Jones\Documents\Scan0003.pdf

2012-03-05 11:48 - 2012-03-05 11:48 - 0000162 ___AH C:\Users\Claburn Jones\My Documents\~$x Prepation for program for granschildren Ptrn return.docx

2012-03-05 11:48 - 2012-03-05 11:48 - 0000162 ___AH C:\Users\Claburn Jones\Documents\~$x Prepation for program for granschildren Ptrn return.docx

2012-03-04 21:22 - 2012-03-05 22:06 - 0016271 ____A C:\Users\Claburn Jones\My Documents\Tax Prepation for program for granschildren Ptrn return.docx

2012-03-04 21:22 - 2012-03-05 22:06 - 0016271 ____A C:\Users\Claburn Jones\Documents\Tax Prepation for program for granschildren Ptrn return.docx

2012-03-04 18:06 - 2012-03-04 18:25 - 0010595 ____A C:\Users\Claburn Jones\My Documents\Lexis insurance card.docx

2012-03-04 18:06 - 2012-03-04 18:25 - 0010595 ____A C:\Users\Claburn Jones\Documents\Lexis insurance card.docx

2012-03-04 14:26 - 2012-03-04 14:26 - 0000162 ___AH C:\Users\Claburn Jones\My Documents\~$11 K-1 Ltr for Granchildren Partnership.docx

2012-03-04 14:26 - 2012-03-04 14:26 - 0000162 ___AH C:\Users\Claburn Jones\Documents\~$11 K-1 Ltr for Granchildren Partnership.docx

2012-03-04 13:45 - 2012-03-04 13:45 - 0549060 ____A C:\Users\Claburn Jones\My Documents\Scan0002.pdf

2012-03-04 13:45 - 2012-03-04 13:45 - 0549060 ____A C:\Users\Claburn Jones\Documents\Scan0002.pdf

2012-03-04 13:45 - 2012-03-04 13:45 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\Application Data\{577D4375-6F25-4D20-86A6-AD1011EAC892}

2012-03-04 13:45 - 2012-03-04 13:45 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\Application Data\{3F794F1E-E036-4E3F-A62F-F27C6B6BEF2E}

2012-03-04 13:45 - 2012-03-04 13:45 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\{577D4375-6F25-4D20-86A6-AD1011EAC892}

2012-03-04 13:45 - 2012-03-04 13:45 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\{3F794F1E-E036-4E3F-A62F-F27C6B6BEF2E}

2012-03-04 13:45 - 2012-03-04 13:45 - 0000000 ____D C:\Users\Claburn Jones\AppData\Local\{577D4375-6F25-4D20-86A6-AD1011EAC892}

2012-03-04 13:45 - 2012-03-04 13:45 - 0000000 ____D C:\Users\Claburn Jones\AppData\Local\{3F794F1E-E036-4E3F-A62F-F27C6B6BEF2E}

2012-03-04 13:43 - 2012-03-04 13:43 - 0549254 ____A C:\Users\Claburn Jones\My Documents\Scan0001.pdf

2012-03-04 13:43 - 2012-03-04 13:43 - 0549254 ____A C:\Users\Claburn Jones\Documents\Scan0001.pdf

2012-03-04 13:41 - 2012-03-04 13:41 - 2603102 ____A C:\Users\Claburn Jones\My Documents\Scan.pdf

2012-03-04 13:41 - 2012-03-04 13:41 - 2603102 ____A C:\Users\Claburn Jones\Documents\Scan.pdf

2012-03-02 21:26 - 2012-03-02 21:26 - 0010948 ____A C:\Users\Claburn Jones\My Documents\2011 K-1 Ltr for Granchildren Partnership.docx

2012-03-02 21:26 - 2012-03-02 21:26 - 0010948 ____A C:\Users\Claburn Jones\Documents\2011 K-1 Ltr for Granchildren Partnership.docx

2012-03-01 22:02 - 2012-03-01 22:02 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\Application Data\{33CBCD68-8AB1-4E8F-8FC4-5E8252EBE877}

2012-03-01 22:02 - 2012-03-01 22:02 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\Application Data\{258B83B0-C80F-4C6F-A509-878009741185}

2012-03-01 22:02 - 2012-03-01 22:02 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\{33CBCD68-8AB1-4E8F-8FC4-5E8252EBE877}

2012-03-01 22:02 - 2012-03-01 22:02 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\{258B83B0-C80F-4C6F-A509-878009741185}

2012-03-01 22:02 - 2012-03-01 22:02 - 0000000 ____D C:\Users\Claburn Jones\AppData\Local\{33CBCD68-8AB1-4E8F-8FC4-5E8252EBE877}

2012-03-01 22:02 - 2012-03-01 22:02 - 0000000 ____D C:\Users\Claburn Jones\AppData\Local\{258B83B0-C80F-4C6F-A509-878009741185}

2012-03-01 22:01 - 2012-03-01 22:01 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\Application Data\{B9470C57-4C97-49DD-973D-1FA7E0CF1DB5}

2012-03-01 22:01 - 2012-03-01 22:01 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\{B9470C57-4C97-49DD-973D-1FA7E0CF1DB5}

2012-03-01 22:01 - 2012-03-01 22:01 - 0000000 ____D C:\Users\Claburn Jones\AppData\Local\{B9470C57-4C97-49DD-973D-1FA7E0CF1DB5}

2012-03-01 09:34 - 2012-03-01 09:34 - 0002021 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk

2012-03-01 09:34 - 2012-03-01 09:34 - 0002021 ____A C:\Users\All Users\Desktop\Adobe Reader X.lnk

2012-03-01 09:34 - 2012-03-01 09:34 - 0000000 ____D C:\Program Files (x86)\Adobe

2012-02-25 12:41 - 2012-03-10 09:41 - 0000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-02-25 12:41 - 2012-03-09 20:16 - 0000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-02-25 12:40 - 2012-02-25 12:42 - 0000000 ____D C:\Program Files (x86)\Google

2012-02-22 00:13 - 2012-03-05 11:58 - 0000000 ____D C:\Users\Claburn Jones\Desktop\New folder

2012-02-21 22:37 - 2012-03-09 20:16 - 0004088 ____A C:\Windows\setupact.log

2012-02-21 22:37 - 2012-03-01 12:17 - 0002864 ____A C:\Windows\PFRO.log

2012-02-21 22:37 - 2012-02-21 22:37 - 0000000 ____A C:\Windows\setuperr.log

2012-02-21 20:42 - 2012-02-22 00:15 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\LogMeIn Rescue Applet

2012-02-21 20:42 - 2012-02-22 00:15 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\Application Data\LogMeIn Rescue Applet

2012-02-21 20:42 - 2012-02-22 00:15 - 0000000 ____D C:\Users\Claburn Jones\AppData\Local\LogMeIn Rescue Applet

2012-02-21 20:10 - 2012-03-09 19:00 - 0000508 ____A C:\Windows\Tasks\SpeedyPC Registration3.job

2012-02-21 20:10 - 2012-02-21 22:37 - 0000480 ____A C:\Windows\Tasks\SpeedyPC Update Version3.job

2012-02-21 20:10 - 2012-02-21 22:37 - 0000436 ____A C:\Windows\Tasks\SpeedyPC Pro.job

2012-02-21 20:10 - 2012-02-21 20:10 - 0000000 ____D C:\Users\Claburn Jones\Application Data\SpeedyPC Software

2012-02-21 20:10 - 2012-02-21 20:10 - 0000000 ____D C:\Users\Claburn Jones\Application Data\DriverCure

2012-02-21 20:10 - 2012-02-21 20:10 - 0000000 ____D C:\Users\Claburn Jones\AppData\Roaming\SpeedyPC Software

2012-02-21 20:10 - 2012-02-21 20:10 - 0000000 ____D C:\Users\Claburn Jones\AppData\Roaming\DriverCure

2012-02-21 20:10 - 2012-02-21 20:10 - 0000000 ____D C:\Users\All Users\SpeedyPC Software

2012-02-21 20:10 - 2012-02-21 20:10 - 0000000 ____D C:\Users\All Users\Application Data\SpeedyPC Software

2012-02-21 20:10 - 2012-02-21 20:10 - 0000000 ____D C:\ProgramData\SpeedyPC Software

2012-02-21 20:10 - 2012-02-21 20:10 - 0000000 ____D C:\Program Files (x86)\SpeedyPC Software

2012-02-20 14:10 - 2012-02-20 14:10 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\Application Data\{046F97C5-5FD1-4970-9336-038DAECDD91D}

2012-02-20 14:10 - 2012-02-20 14:10 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\{046F97C5-5FD1-4970-9336-038DAECDD91D}

2012-02-20 14:10 - 2012-02-20 14:10 - 0000000 ____D C:\Users\Claburn Jones\AppData\Local\{046F97C5-5FD1-4970-9336-038DAECDD91D}

2012-02-19 20:21 - 2012-02-21 20:02 - 0000000 ____D C:\Users\All Users\Application Data\4248b3

2012-02-19 20:21 - 2012-02-21 20:02 - 0000000 ____D C:\Users\All Users\4248b3

2012-02-19 20:21 - 2012-02-21 20:02 - 0000000 ____D C:\ProgramData\4248b3

2012-02-18 17:41 - 2012-02-18 17:41 - 0010605 ____A C:\Users\Claburn Jones\My Documents\Dear Stewart.docx

2012-02-18 17:41 - 2012-02-18 17:41 - 0010605 ____A C:\Users\Claburn Jones\Documents\Dear Stewart.docx

2012-02-15 20:42 - 2012-01-13 22:06 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-02-15 20:42 - 2012-01-04 04:44 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-02-15 20:42 - 2012-01-04 04:44 - 0509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll

2012-02-15 20:42 - 2012-01-04 02:59 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-02-15 20:42 - 2012-01-04 02:58 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll

2012-02-15 20:42 - 2011-12-30 00:26 - 0515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl

2012-02-15 20:42 - 2011-12-29 23:27 - 0478720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl

2012-02-15 20:42 - 2011-12-27 21:59 - 0498688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys

2012-02-15 20:41 - 2011-12-16 02:47 - 1494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-02-15 20:41 - 2011-12-16 02:47 - 1188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-02-15 20:41 - 2011-12-16 02:47 - 0134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-02-15 20:41 - 2011-12-16 02:46 - 0634880 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll

2012-02-15 20:41 - 2011-12-16 02:45 - 9019904 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-02-15 20:41 - 2011-12-16 02:45 - 2454528 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-02-15 20:41 - 2011-12-16 02:45 - 12263936 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-02-15 20:41 - 2011-12-16 02:45 - 0702464 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2012-02-15 20:41 - 2011-12-16 02:45 - 0247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-02-15 20:41 - 2011-12-16 02:45 - 0097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-02-15 20:41 - 2011-12-16 02:45 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-02-15 20:41 - 2011-12-16 01:54 - 1231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-02-15 20:41 - 2011-12-16 01:54 - 0981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-02-15 20:41 - 2011-12-16 01:54 - 0132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-02-15 20:41 - 2011-12-16 01:52 - 5997568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-02-15 20:41 - 2011-12-16 01:52 - 2073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-02-15 20:41 - 2011-12-16 01:52 - 10992128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-02-15 20:41 - 2011-12-16 01:52 - 0690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll

2012-02-15 20:41 - 2011-12-16 01:52 - 0599552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2012-02-15 20:41 - 2011-12-16 01:52 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-02-15 20:41 - 2011-12-16 01:52 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-02-15 20:41 - 2011-12-16 01:52 - 0048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-02-15 20:41 - 2011-12-16 00:44 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-02-15 20:41 - 2011-12-16 00:09 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb





============ 3 Months Modified Files and Folders =============



2012-03-10 09:41 - 2012-02-25 12:41 - 0000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-03-10 09:41 - 2009-07-13 23:10 - 1913673 ____A C:\Windows\WindowsUpdate.log

2012-03-10 08:51 - 2012-03-10 08:49 - 0000000 ____D C:\FRST

2012-03-09 20:23 - 2011-03-30 17:30 - 0011104 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-03-09 20:23 - 2011-03-30 17:30 - 0011104 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-03-09 20:16 - 2012-02-25 12:41 - 0000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-03-09 20:16 - 2012-02-21 22:37 - 0004088 ____A C:\Windows\setupact.log

2012-03-09 20:16 - 2009-07-13 23:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT

2012-03-09 20:15 - 2009-12-20 17:10 - 2384744448 __ASH C:\hiberfil.sys

2012-03-09 19:03 - 2012-03-09 19:00 - 0000000 ____D C:\TDSSKiller_Quarantine

2012-03-09 19:02 - 2012-03-09 17:59 - 0000000 ____D C:\Users\Claburn Jones\Desktop\tdsskiller

2012-03-09 19:00 - 2012-03-09 17:59 - 0080158 ____A C:\Users\Claburn Jones\Desktop\TDSSKiller.2.7.19.0_09.03.2012_16.59.07_log.txt

2012-03-09 19:00 - 2012-02-21 20:10 - 0000508 ____A C:\Windows\Tasks\SpeedyPC Registration3.job

2012-03-09 18:59 - 2012-03-09 18:59 - 0017085 ____A C:\Users\Claburn Jones\Desktop\DDS.txt

2012-03-09 18:46 - 2012-03-09 18:46 - 0007038 ____A C:\Users\Claburn Jones\Desktop\Attach.txt

2012-03-09 18:44 - 2012-03-09 18:44 - 0000000 ____D C:\Users\Claburn Jones\Desktop\gmer (1)

2012-03-09 18:38 - 2012-03-09 19:11 - 4730880 ____A (AVAST Software) C:\Users\Claburn Jones\Desktop\aswMBR.exe

2012-03-09 18:37 - 2012-03-09 19:11 - 4432147 ____A (Swearware) C:\Users\Claburn Jones\Desktop\ComboFix (1).exe

2012-03-09 18:36 - 2012-03-09 19:11 - 9502424 ____A (Malwarebytes Corporation ) C:\Users\Claburn Jones\Desktop\mbam--setup-1.60.1.1000.exe

2012-03-09 18:33 - 2012-03-09 18:41 - 0294216 ____A C:\Users\Claburn Jones\Desktop\gmer (1).zip

2012-03-09 17:58 - 2012-03-09 17:39 - 0077312 ____A C:\TDSSKiller.2.7.11.0_09.03.2012_16.39.38_log.txt

2012-03-09 17:54 - 2012-03-09 17:58 - 2044980 ____A C:\Users\Claburn Jones\Desktop\tdsskiller.zip

2012-03-09 17:31 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\NDF

2012-03-08 10:11 - 2009-12-30 16:14 - 0000000 ____D C:\users\Claburn Jones

2012-03-08 10:10 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\config\TxR

2012-03-08 08:48 - 2011-02-21 15:36 - 0000000 ____D C:\Users\All Users\McAfee Security Scan

2012-03-08 08:48 - 2011-02-21 15:36 - 0000000 ____D C:\Users\All Users\Application Data\McAfee Security Scan

2012-03-08 08:48 - 2011-02-21 15:36 - 0000000 ____D C:\ProgramData\McAfee Security Scan

2012-03-08 08:48 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\sysprep

2012-03-08 08:48 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\registration

2012-03-07 12:45 - 2012-03-07 12:45 - 0010764 ____A C:\Users\Claburn Jones\My Documents\Wes and Betty thank you.docx

2012-03-07 12:45 - 2012-03-07 12:45 - 0010764 ____A C:\Users\Claburn Jones\Documents\Wes and Betty thank you.docx

2012-03-05 22:06 - 2012-03-04 21:22 - 0016271 ____A C:\Users\Claburn Jones\My Documents\Tax Prepation for program for granschildren Ptrn return.docx

2012-03-05 22:06 - 2012-03-04 21:22 - 0016271 ____A C:\Users\Claburn Jones\Documents\Tax Prepation for program for granschildren Ptrn return.docx

2012-03-05 11:58 - 2012-02-22 00:13 - 0000000 ____D C:\Users\Claburn Jones\Desktop\New folder

2012-03-05 11:55 - 2012-03-05 11:55 - 0223846 ____A C:\Users\Claburn Jones\My Documents\Scan0003.pdf

2012-03-05 11:55 - 2012-03-05 11:55 - 0223846 ____A C:\Users\Claburn Jones\Documents\Scan0003.pdf

2012-03-05 11:48 - 2012-03-05 11:48 - 0000162 ___AH C:\Users\Claburn Jones\My Documents\~$x Prepation for program for granschildren Ptrn return.docx

2012-03-05 11:48 - 2012-03-05 11:48 - 0000162 ___AH C:\Users\Claburn Jones\Documents\~$x Prepation for program for granschildren Ptrn return.docx

2012-03-04 18:25 - 2012-03-04 18:06 - 0010595 ____A C:\Users\Claburn Jones\My Documents\Lexis insurance card.docx

2012-03-04 18:25 - 2012-03-04 18:06 - 0010595 ____A C:\Users\Claburn Jones\Documents\Lexis insurance card.docx

2012-03-04 14:26 - 2012-03-04 14:26 - 0000162 ___AH C:\Users\Claburn Jones\My Documents\~$11 K-1 Ltr for Granchildren Partnership.docx

2012-03-04 14:26 - 2012-03-04 14:26 - 0000162 ___AH C:\Users\Claburn Jones\Documents\~$11 K-1 Ltr for Granchildren Partnership.docx

2012-03-04 13:45 - 2012-03-04 13:45 - 0549060 ____A C:\Users\Claburn Jones\My Documents\Scan0002.pdf

2012-03-04 13:45 - 2012-03-04 13:45 - 0549060 ____A C:\Users\Claburn Jones\Documents\Scan0002.pdf

2012-03-04 13:45 - 2012-03-04 13:45 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\Application Data\{577D4375-6F25-4D20-86A6-AD1011EAC892}

2012-03-04 13:45 - 2012-03-04 13:45 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\Application Data\{3F794F1E-E036-4E3F-A62F-F27C6B6BEF2E}

2012-03-04 13:45 - 2012-03-04 13:45 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\{577D4375-6F25-4D20-86A6-AD1011EAC892}

2012-03-04 13:45 - 2012-03-04 13:45 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\{3F794F1E-E036-4E3F-A62F-F27C6B6BEF2E}

2012-03-04 13:45 - 2012-03-04 13:45 - 0000000 ____D C:\Users\Claburn Jones\AppData\Local\{577D4375-6F25-4D20-86A6-AD1011EAC892}

2012-03-04 13:45 - 2012-03-04 13:45 - 0000000 ____D C:\Users\Claburn Jones\AppData\Local\{3F794F1E-E036-4E3F-A62F-F27C6B6BEF2E}

2012-03-04 13:43 - 2012-03-04 13:43 - 0549254 ____A C:\Users\Claburn Jones\My Documents\Scan0001.pdf

2012-03-04 13:43 - 2012-03-04 13:43 - 0549254 ____A C:\Users\Claburn Jones\Documents\Scan0001.pdf

2012-03-04 13:41 - 2012-03-04 13:41 - 2603102 ____A C:\Users\Claburn Jones\My Documents\Scan.pdf

2012-03-04 13:41 - 2012-03-04 13:41 - 2603102 ____A C:\Users\Claburn Jones\Documents\Scan.pdf

2012-03-02 21:26 - 2012-03-02 21:26 - 0010948 ____A C:\Users\Claburn Jones\My Documents\2011 K-1 Ltr for Granchildren Partnership.docx

2012-03-02 21:26 - 2012-03-02 21:26 - 0010948 ____A C:\Users\Claburn Jones\Documents\2011 K-1 Ltr for Granchildren Partnership.docx

2012-03-02 17:37 - 2010-11-18 11:17 - 0000000 ____D C:\Users\Claburn Jones\My Documents\TurboTax

2012-03-02 17:37 - 2010-11-18 11:17 - 0000000 ____D C:\Users\Claburn Jones\Documents\TurboTax

2012-03-02 12:20 - 2011-03-02 20:31 - 0012072 ____A C:\Users\Claburn Jones\My Documents\K-1 transmittal for grandchlidren Ltd. Partnership - 2010.docx

2012-03-02 12:20 - 2011-03-02 20:31 - 0012072 ____A C:\Users\Claburn Jones\Documents\K-1 transmittal for grandchlidren Ltd. Partnership - 2010.docx

2012-03-01 22:02 - 2012-03-01 22:02 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\Application Data\{33CBCD68-8AB1-4E8F-8FC4-5E8252EBE877}

2012-03-01 22:02 - 2012-03-01 22:02 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\Application Data\{258B83B0-C80F-4C6F-A509-878009741185}

2012-03-01 22:02 - 2012-03-01 22:02 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\{33CBCD68-8AB1-4E8F-8FC4-5E8252EBE877}

2012-03-01 22:02 - 2012-03-01 22:02 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\{258B83B0-C80F-4C6F-A509-878009741185}

2012-03-01 22:02 - 2012-03-01 22:02 - 0000000 ____D C:\Users\Claburn Jones\AppData\Local\{33CBCD68-8AB1-4E8F-8FC4-5E8252EBE877}

2012-03-01 22:02 - 2012-03-01 22:02 - 0000000 ____D C:\Users\Claburn Jones\AppData\Local\{258B83B0-C80F-4C6F-A509-878009741185}

2012-03-01 22:01 - 2012-03-01 22:01 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\Application Data\{B9470C57-4C97-49DD-973D-1FA7E0CF1DB5}

2012-03-01 22:01 - 2012-03-01 22:01 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\{B9470C57-4C97-49DD-973D-1FA7E0CF1DB5}

2012-03-01 22:01 - 2012-03-01 22:01 - 0000000 ____D C:\Users\Claburn Jones\AppData\Local\{B9470C57-4C97-49DD-973D-1FA7E0CF1DB5}

2012-03-01 12:17 - 2012-02-21 22:37 - 0002864 ____A C:\Windows\PFRO.log

2012-03-01 09:34 - 2012-03-01 09:34 - 0002021 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk

2012-03-01 09:34 - 2012-03-01 09:34 - 0002021 ____A C:\Users\All Users\Desktop\Adobe Reader X.lnk

2012-03-01 09:34 - 2012-03-01 09:34 - 0000000 ____D C:\Program Files (x86)\Adobe

2012-03-01 09:34 - 2009-12-20 15:23 - 0000000 ____D C:\Users\All Users\Application Data\Adobe

2012-03-01 09:34 - 2009-12-20 15:23 - 0000000 ____D C:\Users\All Users\Adobe

2012-03-01 09:34 - 2009-12-20 15:23 - 0000000 ____D C:\ProgramData\Adobe

2012-02-25 12:43 - 2009-12-30 16:14 - 0000000 ____D C:\Users\Claburn Jones\AppData\LocalLow

2012-02-25 12:42 - 2012-02-25 12:40 - 0000000 ____D C:\Program Files (x86)\Google

2012-02-22 16:46 - 2012-02-06 22:49 - 0012061 ____A C:\Users\Claburn Jones\My Documents\Medical Expenses 2011.xlsx

2012-02-22 16:46 - 2012-02-06 22:49 - 0012061 ____A C:\Users\Claburn Jones\Documents\Medical Expenses 2011.xlsx

2012-02-22 15:52 - 2011-03-15 20:36 - 0187392 __ASH C:\Users\Claburn Jones\My Documents\Thumbs.db

2012-02-22 15:52 - 2011-03-15 20:36 - 0187392 __ASH C:\Users\Claburn Jones\Documents\Thumbs.db

2012-02-22 00:15 - 2012-02-21 20:42 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\LogMeIn Rescue Applet

2012-02-22 00:15 - 2012-02-21 20:42 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\Application Data\LogMeIn Rescue Applet

2012-02-22 00:15 - 2012-02-21 20:42 - 0000000 ____D C:\Users\Claburn Jones\AppData\Local\LogMeIn Rescue Applet

2012-02-21 22:37 - 2012-02-21 22:37 - 0000000 ____A C:\Windows\setuperr.log

2012-02-21 22:37 - 2012-02-21 20:10 - 0000480 ____A C:\Windows\Tasks\SpeedyPC Update Version3.job

2012-02-21 22:37 - 2012-02-21 20:10 - 0000436 ____A C:\Windows\Tasks\SpeedyPC Pro.job

2012-02-21 22:03 - 2010-01-04 07:49 - 0000000 ____D C:\Users\Claburn Jones\Tracing

2012-02-21 20:10 - 2012-02-21 20:10 - 0000000 ____D C:\Users\Claburn Jones\Application Data\SpeedyPC Software

2012-02-21 20:10 - 2012-02-21 20:10 - 0000000 ____D C:\Users\Claburn Jones\Application Data\DriverCure

2012-02-21 20:10 - 2012-02-21 20:10 - 0000000 ____D C:\Users\Claburn Jones\AppData\Roaming\SpeedyPC Software

2012-02-21 20:10 - 2012-02-21 20:10 - 0000000 ____D C:\Users\Claburn Jones\AppData\Roaming\DriverCure

2012-02-21 20:10 - 2012-02-21 20:10 - 0000000 ____D C:\Users\All Users\SpeedyPC Software

2012-02-21 20:10 - 2012-02-21 20:10 - 0000000 ____D C:\Users\All Users\Application Data\SpeedyPC Software

2012-02-21 20:10 - 2012-02-21 20:10 - 0000000 ____D C:\ProgramData\SpeedyPC Software

2012-02-21 20:10 - 2012-02-21 20:10 - 0000000 ____D C:\Program Files (x86)\SpeedyPC Software

2012-02-21 20:02 - 2012-02-19 20:21 - 0000000 ____D C:\Users\All Users\Application Data\4248b3

2012-02-21 20:02 - 2012-02-19 20:21 - 0000000 ____D C:\Users\All Users\4248b3

2012-02-21 20:02 - 2012-02-19 20:21 - 0000000 ____D C:\ProgramData\4248b3

2012-02-20 14:10 - 2012-02-20 14:10 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\Application Data\{046F97C5-5FD1-4970-9336-038DAECDD91D}

2012-02-20 14:10 - 2012-02-20 14:10 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\{046F97C5-5FD1-4970-9336-038DAECDD91D}

2012-02-20 14:10 - 2012-02-20 14:10 - 0000000 ____D C:\Users\Claburn Jones\AppData\Local\{046F97C5-5FD1-4970-9336-038DAECDD91D}

2012-02-20 13:13 - 2010-01-28 10:10 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\ElevatedDiagnostics

2012-02-20 13:13 - 2010-01-28 10:10 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\Application Data\ElevatedDiagnostics

2012-02-20 13:13 - 2010-01-28 10:10 - 0000000 ____D C:\Users\Claburn Jones\AppData\Local\ElevatedDiagnostics

2012-02-20 13:06 - 2009-12-20 15:25 - 0000000 ____D C:\Program Files (x86)\Microsoft Office

2012-02-18 17:41 - 2012-02-18 17:41 - 0010605 ____A C:\Users\Claburn Jones\My Documents\Dear Stewart.docx

2012-02-18 17:41 - 2012-02-18 17:41 - 0010605 ____A C:\Users\Claburn Jones\Documents\Dear Stewart.docx

2012-02-18 15:12 - 2009-07-13 23:08 - 0032592 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-02-16 11:25 - 2009-12-30 16:18 - 0000402 __ASH C:\Users\Claburn Jones\My Documents\desktop.ini

2012-02-16 11:25 - 2009-12-30 16:18 - 0000174 ___SH C:\Users\Claburn Jones\Start Menu\Programs\Startup\desktop.ini

2012-02-16 11:25 - 2009-12-30 16:18 - 0000174 ___SH C:\Users\Claburn Jones\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

2012-02-16 11:24 - 2009-07-13 22:45 - 0321392 ____A C:\Windows\System32\FNTCACHE.DAT

2012-02-16 00:33 - 2009-07-13 23:13 - 0740374 ____A C:\Windows\System32\PerfStringBackup.INI

2012-02-16 00:30 - 2009-12-20 15:38 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2012-02-16 00:28 - 2010-01-13 14:38 - 54585368 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-01-31 22:42 - 2012-01-31 22:42 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\Application Data\{6CB3B6B9-B05D-4986-AB2F-7439A35CC876}

2012-01-31 22:42 - 2012-01-31 22:42 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\Application Data\{50546E0B-30EC-4B80-AF87-976F049C468B}

2012-01-31 22:42 - 2012-01-31 22:42 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\{6CB3B6B9-B05D-4986-AB2F-7439A35CC876}

2012-01-31 22:42 - 2012-01-31 22:42 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\{50546E0B-30EC-4B80-AF87-976F049C468B}

2012-01-31 22:42 - 2012-01-31 22:42 - 0000000 ____D C:\Users\Claburn Jones\AppData\Local\{6CB3B6B9-B05D-4986-AB2F-7439A35CC876}

2012-01-31 22:42 - 2012-01-31 22:42 - 0000000 ____D C:\Users\Claburn Jones\AppData\Local\{50546E0B-30EC-4B80-AF87-976F049C468B}

2012-01-31 22:42 - 2011-03-30 18:32 - 0000000 __SHD C:\$RECYCLE.BIN

2012-01-28 22:31 - 2012-01-28 22:30 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\Application Data\{32B6140D-0A01-4FA7-B763-5DF216FF9E05}

2012-01-28 22:31 - 2012-01-28 22:30 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\{32B6140D-0A01-4FA7-B763-5DF216FF9E05}

2012-01-28 22:31 - 2012-01-28 22:30 - 0000000 ____D C:\Users\Claburn Jones\AppData\Local\{32B6140D-0A01-4FA7-B763-5DF216FF9E05}

2012-01-28 22:30 - 2012-01-28 22:30 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\Application Data\{8DAB9736-6028-4F7B-8DA3-7AF79082CB39}

2012-01-28 22:30 - 2012-01-28 22:30 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\{8DAB9736-6028-4F7B-8DA3-7AF79082CB39}

2012-01-28 22:30 - 2012-01-28 22:30 - 0000000 ____D C:\Users\Claburn Jones\AppData\Local\{8DAB9736-6028-4F7B-8DA3-7AF79082CB39}

2012-01-28 22:29 - 2012-01-28 18:41 - 0011290 ____A C:\Users\Claburn Jones\My Documents\Bypass Trust.docx

2012-01-28 22:29 - 2012-01-28 18:41 - 0011290 ____A C:\Users\Claburn Jones\Documents\Bypass Trust.docx

2012-01-28 20:33 - 2012-01-28 20:33 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\Application Data\{33E19326-1E2C-441B-97F5-1B46E27F84D7}

2012-01-28 20:33 - 2012-01-28 20:33 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\Application Data\{2FFF52E1-877E-480B-A07B-28D4CDCAAE82}

2012-01-28 20:33 - 2012-01-28 20:33 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\{33E19326-1E2C-441B-97F5-1B46E27F84D7}

2012-01-28 20:33 - 2012-01-28 20:33 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\{2FFF52E1-877E-480B-A07B-28D4CDCAAE82}

2012-01-28 20:33 - 2012-01-28 20:33 - 0000000 ____D C:\Users\Claburn Jones\AppData\Local\{33E19326-1E2C-441B-97F5-1B46E27F84D7}

2012-01-28 20:33 - 2012-01-28 20:33 - 0000000 ____D C:\Users\Claburn Jones\AppData\Local\{2FFF52E1-877E-480B-A07B-28D4CDCAAE82}

2012-01-28 17:38 - 2012-01-28 17:37 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\Application Data\{F787B73A-7346-4FBB-886B-70433B1C7FEF}

2012-01-28 17:38 - 2012-01-28 17:37 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\{F787B73A-7346-4FBB-886B-70433B1C7FEF}

2012-01-28 17:38 - 2012-01-28 17:37 - 0000000 ____D C:\Users\Claburn Jones\AppData\Local\{F787B73A-7346-4FBB-886B-70433B1C7FEF}

2012-01-28 17:37 - 2012-01-28 17:37 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\Application Data\{BC0EA842-82A4-4F8B-829C-BD93B5D8D8AD}

2012-01-28 17:37 - 2012-01-28 17:37 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\{BC0EA842-82A4-4F8B-829C-BD93B5D8D8AD}

2012-01-28 17:37 - 2012-01-28 17:37 - 0000000 ____D C:\Users\Claburn Jones\AppData\Local\{BC0EA842-82A4-4F8B-829C-BD93B5D8D8AD}

2012-01-21 12:13 - 2012-01-21 12:13 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\Application Data\{DFC4548B-5724-4E12-A468-B502D7FD92B4}

2012-01-21 12:13 - 2012-01-21 12:13 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\Application Data\{507B77B3-83D1-4E64-B6F8-A8EC4E14A86E}

2012-01-21 12:13 - 2012-01-21 12:13 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\{DFC4548B-5724-4E12-A468-B502D7FD92B4}

2012-01-21 12:13 - 2012-01-21 12:13 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\{507B77B3-83D1-4E64-B6F8-A8EC4E14A86E}

2012-01-21 12:13 - 2012-01-21 12:13 - 0000000 ____D C:\Users\Claburn Jones\AppData\Local\{DFC4548B-5724-4E12-A468-B502D7FD92B4}

2012-01-21 12:13 - 2012-01-21 12:13 - 0000000 ____D C:\Users\Claburn Jones\AppData\Local\{507B77B3-83D1-4E64-B6F8-A8EC4E14A86E}

2012-01-21 12:07 - 2012-01-21 12:07 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\Application Data\{95F27A03-9BEB-4710-B79D-04EF23C8F23E}

2012-01-21 12:07 - 2012-01-21 12:07 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\Application Data\{32571400-E577-42F4-B403-C5B4C657DF9D}

2012-01-21 12:07 - 2012-01-21 12:07 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\{95F27A03-9BEB-4710-B79D-04EF23C8F23E}

2012-01-21 12:07 - 2012-01-21 12:07 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\{32571400-E577-42F4-B403-C5B4C657DF9D}

2012-01-21 12:07 - 2012-01-21 12:07 - 0000000 ____D C:\Users\Claburn Jones\AppData\Local\{95F27A03-9BEB-4710-B79D-04EF23C8F23E}

2012-01-21 12:07 - 2012-01-21 12:07 - 0000000 ____D C:\Users\Claburn Jones\AppData\Local\{32571400-E577-42F4-B403-C5B4C657DF9D}

2012-01-13 22:06 - 2012-02-15 20:42 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-01-12 12:25 - 2012-01-10 18:43 - 0012068 ____A C:\Users\Claburn Jones\My Documents\REVOCATION OF THE FIRST AMENDMENT OF.docx

2012-01-12 12:25 - 2012-01-10 18:43 - 0012068 ____A C:\Users\Claburn Jones\Documents\REVOCATION OF THE FIRST AMENDMENT OF.docx

2012-01-10 13:30 - 2012-01-05 11:49 - 0014153 ____A C:\Users\Claburn Jones\My Documents\SECOND TRUST AMENDMENT.docx

2012-01-10 13:30 - 2012-01-05 11:49 - 0014153 ____A C:\Users\Claburn Jones\Documents\SECOND TRUST AMENDMENT.docx

2012-01-04 04:44 - 2012-02-15 20:42 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-01-04 04:44 - 2012-02-15 20:42 - 0509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll

2012-01-04 02:59 - 2012-02-15 20:42 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-01-04 02:58 - 2012-02-15 20:42 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll

2011-12-31 17:11 - 2011-11-22 21:20 - 0000469 ____A C:\Users\All Users\Microsoft.SqlServer.Compact.400.32.bc

2011-12-31 17:11 - 2011-11-22 21:20 - 0000469 ____A C:\Users\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc

2011-12-31 17:11 - 2011-11-22 21:20 - 0000469 ____A C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

2011-12-30 00:26 - 2012-02-15 20:42 - 0515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl

2011-12-29 23:27 - 2012-02-15 20:42 - 0478720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl

2011-12-27 21:59 - 2012-02-15 20:42 - 0498688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys

2011-12-22 12:31 - 2011-12-19 11:21 - 0026706 ____A C:\Users\Claburn Jones\My Documents\Northwestern Wildcat Alumni Dinner.docx

2011-12-22 12:31 - 2011-12-19 11:21 - 0026706 ____A C:\Users\Claburn Jones\Documents\Northwestern Wildcat Alumni Dinner.docx

2011-12-18 20:48 - 2011-12-18 20:48 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\Application Data\{5B33798D-7F33-4B27-8195-27B5B7CA4029}

2011-12-18 20:48 - 2011-12-18 20:48 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\Application Data\{086A309B-B5D2-4C73-A852-643FDCE28368}

2011-12-18 20:48 - 2011-12-18 20:48 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\{5B33798D-7F33-4B27-8195-27B5B7CA4029}

2011-12-18 20:48 - 2011-12-18 20:48 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\{086A309B-B5D2-4C73-A852-643FDCE28368}

2011-12-18 20:48 - 2011-12-18 20:48 - 0000000 ____D C:\Users\Claburn Jones\AppData\Local\{5B33798D-7F33-4B27-8195-27B5B7CA4029}

2011-12-18 20:48 - 2011-12-18 20:48 - 0000000 ____D C:\Users\Claburn Jones\AppData\Local\{086A309B-B5D2-4C73-A852-643FDCE28368}

2011-12-18 20:47 - 2010-10-23 22:28 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\Windows Live

2011-12-18 20:47 - 2010-10-23 22:28 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\Application Data\Windows Live

2011-12-18 20:47 - 2010-10-23 22:28 - 0000000 ____D C:\Users\Claburn Jones\AppData\Local\Windows Live

2011-12-18 20:32 - 2011-12-18 20:32 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\Application Data\{CF3D8D6B-FB93-4652-A16E-45B5B64F9DA0}

2011-12-18 20:32 - 2011-12-18 20:32 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\Application Data\{B1D1CC92-DD36-4814-AE63-4BFEDD0969BC}

2011-12-18 20:32 - 2011-12-18 20:32 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\{CF3D8D6B-FB93-4652-A16E-45B5B64F9DA0}

2011-12-18 20:32 - 2011-12-18 20:32 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\{B1D1CC92-DD36-4814-AE63-4BFEDD0969BC}

2011-12-18 20:32 - 2011-12-18 20:32 - 0000000 ____D C:\Users\Claburn Jones\AppData\Local\{CF3D8D6B-FB93-4652-A16E-45B5B64F9DA0}

2011-12-18 20:32 - 2011-12-18 20:32 - 0000000 ____D C:\Users\Claburn Jones\AppData\Local\{B1D1CC92-DD36-4814-AE63-4BFEDD0969BC}

2011-12-18 18:54 - 2011-12-18 18:54 - 0001127 ____A C:\Users\Claburn Jones\Desktop\Pictures - Shortcut.lnk

2011-12-16 02:47 - 2012-02-15 20:41 - 1494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2011-12-16 02:47 - 2012-02-15 20:41 - 1188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2011-12-16 02:47 - 2012-02-15 20:41 - 0134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2011-12-16 02:46 - 2012-02-15 20:41 - 0634880 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll

2011-12-16 02:45 - 2012-02-15 20:41 - 9019904 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2011-12-16 02:45 - 2012-02-15 20:41 - 2454528 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2011-12-16 02:45 - 2012-02-15 20:41 - 12263936 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2011-12-16 02:45 - 2012-02-15 20:41 - 0702464 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2011-12-16 02:45 - 2012-02-15 20:41 - 0247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2011-12-16 02:45 - 2012-02-15 20:41 - 0097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2011-12-16 02:45 - 2012-02-15 20:41 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2011-12-16 01:54 - 2012-02-15 20:41 - 1231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2011-12-16 01:54 - 2012-02-15 20:41 - 0981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2011-12-16 01:54 - 2012-02-15 20:41 - 0132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2011-12-16 01:52 - 2012-02-15 20:41 - 5997568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2011-12-16 01:52 - 2012-02-15 20:41 - 2073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2011-12-16 01:52 - 2012-02-15 20:41 - 10992128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2011-12-16 01:52 - 2012-02-15 20:41 - 0690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll

2011-12-16 01:52 - 2012-02-15 20:41 - 0599552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2011-12-16 01:52 - 2012-02-15 20:41 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2011-12-16 01:52 - 2012-02-15 20:41 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2011-12-16 01:52 - 2012-02-15 20:41 - 0048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2011-12-16 00:44 - 2012-02-15 20:41 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2011-12-16 00:09 - 2012-02-15 20:41 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2011-12-15 20:54 - 2011-12-15 20:54 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\Application Data\{32FA41E4-EC90-47DC-966D-574617051E1D}

2011-12-15 20:54 - 2011-12-15 20:54 - 0000000 ____D C:\Users\Claburn Jones\Local Settings\{32FA41E4-EC90-47DC-966D-574617051E1D}

2011-12-15 20:54 - 2011-12-15 20:54 - 0000000 ____D C:\Users\Claburn Jones\AppData\Local\{32FA41E4-EC90-47DC-966D-574617051E1D}

2011-12-14 19:09 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\rescache

2011-12-14 14:09 - 2009-12-20 15:25 - 0000000 ____D C:\Users\All Users\Microsoft Help

2011-12-14 14:09 - 2009-12-20 15:25 - 0000000 ____D C:\Users\All Users\Application Data\Microsoft Help

2011-12-14 14:09 - 2009-12-20 15:25 - 0000000 ____D C:\ProgramData\Microsoft Help



========================= Known DLLs (Whitelisted) ============





========================= Bamital & volsnap Check ============



C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit



========================= Memory info ======================



Percentage of memory in use: 17%

Total physical RAM: 3032.36 MB

Available physical RAM: 2488.63 MB

Total Pagefile: 3030.51 MB

Available Pagefile: 2480.97 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB



======================= Partitions =========================



1 Drive c: (OS) (Fixed) (Total:134.36 GB) (Free:93.41 GB) NTFS

3 Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:9.75 GB) NTFS ==>[System with boot components (obtained from reading drive)]

5 Drive g: () (Removable) (Total:3.72 GB) (Free:3.72 GB) FAT32

6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS



Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 149 GB 0 B

Disk 1 No Media 0 B 0 B

Disk 2 Online 3821 MB 0 B



Partitions of Disk 0:

===============



Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 OEM 39 MB 31 KB

Partition 2 Primary 14 GB 40 MB

Partition 3 Primary 134 GB 14 GB



======================================================================================================



Disk: 0

Partition 1

Type : DE

Hidden: Yes

Active: No



Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 5 FAT Partition 39 MB Healthy Hidden



======================================================================================================



Disk: 0

Partition 2

Type : 07

Hidden: No

Active: Yes



Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 E RECOVERY NTFS Partition 14 GB Healthy



======================================================================================================



Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No



Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C OS NTFS Partition 134 GB Healthy



======================================================================================================



Partitions of Disk 2:

===============



Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 3821 MB 31 KB



======================================================================================================



Disk: 2

Partition 1

Type : 0B

Hidden: No

Active: Yes



Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 G FAT32 Removable 3821 MB Healthy



======================================================================================================



==========================================================



Last Boot: 2012-02-29 11:46



======================= End Of Log ==========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:17 PM

Posted 10 March 2012 - 09:52 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 kartboy

kartboy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 11 March 2012 - 12:26 AM

Well now a new problem. After running combofix the laptop wont connect to the network. it just shows a yellow exclamation point... No way to check if the redirect is still happening :(



ComboFix 12-03-09.05 - Claburn Jones 03/10/2012 21:28:29.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3032.2013 [GMT -7:00]

Running from: c:\users\Claburn Jones\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Claburn Jones\AppData\Roaming\Microsoft\Windows\Recent\Welcome To WebView.url

c:\windows\svchost.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-02-11 to 2012-03-11 )))))))))))))))))))))))))))))))

.

.

2012-03-11 04:37 . 2012-03-11 04:37 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-10 14:49 . 2012-03-10 14:51 -------- d-----w- C:\FRST

2012-03-10 01:00 . 2012-03-10 01:03 -------- d-----w- C:\TDSSKiller_Quarantine

2012-02-25 18:40 . 2012-02-25 18:42 -------- d-----w- c:\program files (x86)\Google

2012-02-22 02:42 . 2012-02-22 06:15 -------- d-----w- c:\users\Claburn Jones\AppData\Local\LogMeIn Rescue Applet

2012-02-22 02:10 . 2012-02-22 02:10 -------- d-----w- c:\users\Claburn Jones\AppData\Roaming\SpeedyPC Software

2012-02-22 02:10 . 2012-02-22 02:10 -------- d-----w- c:\users\Claburn Jones\AppData\Roaming\DriverCure

2012-02-22 02:10 . 2012-02-22 02:10 -------- d-----w- c:\program files (x86)\Common Files\SpeedyPC Software

2012-02-22 02:10 . 2012-02-22 02:10 -------- d-----w- c:\programdata\SpeedyPC Software

2012-02-22 02:10 . 2012-02-22 02:10 -------- d-----w- c:\program files (x86)\SpeedyPC Software

2012-02-20 02:21 . 2012-02-22 02:02 -------- d-----w- c:\programdata\4248b3

2012-02-16 02:42 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll

2012-02-16 02:42 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll

2012-02-16 02:42 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl

2012-02-16 02:42 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl

2012-02-16 02:42 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-02-16 02:42 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-08 04:53 . 2012-03-08 04:53 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\1600.tmp

2012-03-08 04:53 . 2012-03-08 04:53 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\15F0.tmp

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{06b5b051-1d05-443d-822f-39ab0d05f018}"= "c:\program files (x86)\BringMeSports_1c\bar\1.bin\1cSrcAs.dll" [2011-09-17 62864]

.

[HKEY_CLASSES_ROOT\clsid\{06b5b051-1d05-443d-822f-39ab0d05f018}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-07-01 1484856]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]

"BringMeSports_1c Browser Plugin Loader"="c:\progra~2\BRINGM~2\bar\1.bin\1cbrmon.exe" [2011-09-17 30096]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-2 255536]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-25 136176]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-25 136176]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-09-03 227232]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]

R3 ssmirrdr;ssmirrdr;c:\windows\system32\DRIVERS\ssmirrdr.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]

S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 BringMeSports_1cService;BringMeSportsService;c:\progra~2\BRINGM~2\bar\1.bin\1cbarsvc.exe [2011-09-17 42504]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-26 13672]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-06-01 244840]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-06-01 148520]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-25 18:40]

.

2012-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-25 18:40]

.

2012-02-22 c:\windows\Tasks\SpeedyPC Pro.job

- c:\program files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2011-10-09 01:19]

.

2012-03-10 c:\windows\Tasks\SpeedyPC Registration3.job

- c:\windows\system32\rundll32.exe [2009-07-13 01:14]

.

2012-02-22 c:\windows\Tasks\SpeedyPC Update Version3.job

- c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2011-10-06 16:18]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]

"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.aol.com/?mtmhp=acm50mtmhpauthgreeting

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

Trusted Zone: intuit.com\ttlc

Trusted Zone: turbotax.com

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3599904953-1383178948-2090448294-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-3599904953-1383178948-2090448294-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

.

**************************************************************************

.

Completion time: 2012-03-10 21:45:22 - machine was rebooted

ComboFix-quarantined-files.txt 2012-03-11 04:45

.

Pre-Run: 101,241,507,840 bytes free

Post-Run: 101,020,250,112 bytes free

.

- - End Of File - - E0D79052EC8421794BD9CBD87AC7A2E0

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:17 PM

Posted 11 March 2012 - 11:07 PM

Make sure, your settings are correct.
1. Go Start>Settings>Control Panel (Vista/7 users: Start>Control Panel)
2. Double click Network Connections (Vista/7 users: Network and Sharing Center)
3. Vista/7 users - From the list of tasks on the left, click Manage network connections.
4. For a wired network connection, right-click Local Area Connection, and then select Properties.
For a wireless network connection, right-click Wireless Network Connection, and then select Properties.
5. From the General tab (Vista/7 users: Networking tab), click Internet Protocol version 4 (TCP/IPv4), make sure it is checked, and then click Properties
6. Make sure Obtain an IP Address Automatically and Obtain DNS server address Automatically are checked.
7. Click on "Advanced" button and make sure "IP Settings" tab looks like this:
Posted Image
Make sure "DNS" tab looks like this:
Posted Image
Make sure "WINS" tab looks like this:
Posted Image
8. Still in Control Panel double click on "Internet options" then "Connections" tab then "LAN Settings" button. Make sure "Automatically detect settings" is checked.
If you made any changes OK your way out.
Restart computer.

------------------------------------------------

If that doesn't work...
Turn off computer. Disconnect router, and modem from power source for 1 minute. At the same time disconnect ethernet cable as well.
Reconnect everything.
Restart computer.

------------------------------------------

If that doesn't work, bypass router, and connect computer straight to the modem.

---------------------------------------------

If that doesn't work...
Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"


Restart computer.

-------------------------------------------------------

If that doesn't work...
Go Start>Run (Start search in Vista and 7), type in:
cmd
Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

At Command Prompt, type in:
netsh int ip reset reset.log
Hit Enter.
Type in:
netsh winsock reset catalog
Hit Enter.

Restart computer.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 kartboy

kartboy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 12 March 2012 - 01:24 PM

I tried everything above with no success. Still has yellow exclamation mark, says "unidentified network no access"
Whether it be connected via ethernet or wireless. Network works fine as there are 6 other computers here working with no issues, even tried other laptops on the same cable and they work fine. This virus has a hold of this system.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:17 PM

Posted 12 March 2012 - 09:41 PM

Hello

Lets check your internet connection

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure all the boxes are checked
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 kartboy

kartboy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 12 March 2012 - 10:11 PM

Here ya go. BTW laptop connects fine when using an ubuntu live cd. Only way to get you these logs.

Farbar Service Scanner Version: 01-03-2012

Ran by Claburn Jones (administrator) on 12-03-2012 at 20:00:27

Running from "C:\Users\Claburn Jones\Desktop"

Microsoft Windows 7 Home Premium Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************



Internet Services:

============



Connection Status:

==============

Localhost is accessible.

LAN connected.

Attempt to access Google IP returned error: Google IP is unreachable

Attempt to access Yahoo IP returend error: Yahoo IP is offline





Windows Firewall:

=============



Firewall Disabled Policy:

==================





System Restore:

============



System Restore Disabled Policy:

========================





Action Center:

============

wscsvc Service is not running. Checking service configuration:

The start type of wscsvc service is OK.

The ImagePath of wscsvc service is OK.

The ServiceDll of wscsvc service is OK.





Windows Update:

============

wuauserv Service is not running. Checking service configuration:

The start type of wuauserv service is OK.

The ImagePath of wuauserv service is OK.

The ServiceDll of wuauserv service is OK.





Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Demand. The default start type is Auto.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.





Windows Defender Disabled Policy:

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1





File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit





**** End of log ****

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:17 PM

Posted 12 March 2012 - 10:38 PM

Press the start Orb
in the search field type in CMD
right click on CMD and select "Run as admin"

In the window that opens up copy and paste the following lines and press Enter after each line

NETSH INT IP RESET reset.log

netsh winsock reset catalog


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 kartboy

kartboy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 12 March 2012 - 10:47 PM

After completing the steps and rebooting I still have that pesky yellow exclamation point.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:17 PM

Posted 12 March 2012 - 11:15 PM

Hello

here is what I want you to try next

1. Locate the file - C:\Windows\inf\Nettcpip.inf
  • It's important that you first make a copy of the file. Place the copy on your Desktop.
  • Once you have done that, use Notepad open the original file for editing.

Posted Image

2. Locate the [MS_TCPIP.PrimaryInstall] section.

3. Edit the Characteristics = 0xa0 entry and replace 0xa0 with 0×80.

Posted Image

4. Save the file, and then exit Notepad.

Posted Image

5. In Control Panel, double-click Network Connections, right-click Local Area Connection, and then select Properties.

Posted Image Posted Image

6. On the General tab, click Install, select Protocol, and then click Add.

Posted Image

7. In the Select Network Protocols window, click Have Disk.

Posted Image

8. In the Copy manufacturer’s files from: text box, type c:\windows\inf, and then click OK.

Posted Image

9. Select Internet Protocol (TCP/IP), and then click OK.

Posted Image

Note This step will return you to the Local Area Connection Properties screen, but now the Uninstall button is available.

10. Select Internet Protocol (TCP/IP), click Uninstall, and then click Yes.

11. It is important that you restart the computer to complete the uninstall.

------------

Step #2 - Reinstall of TCP/IP

Posted Image

Take the nettcpip.inf which you have earlier copied to Desktop. Move it back to the directory C:\Windows\INF\ overwriting the existing copy. The file shall now look exactly like the sample above.

Redo sub-steps 4-11 to re-install TCP/IP
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 kartboy

kartboy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 13 March 2012 - 05:23 PM

Issues I had was On part 6. the first time it was complaining that the driver was not digitally signed. Other then that I did the rest of the steps. Still can't connect to the internet. :huh:

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:17 PM

Posted 13 March 2012 - 05:32 PM

redo the steps in post 6


make sure to do them one at a time and restart the computer before checking the internet



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 kartboy

kartboy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 13 March 2012 - 07:19 PM

ok ran through it again. still no internet. I made sure to restart before checking the internet. Whats next?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users