Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Search Result Redirects


  • This topic is locked This topic is locked
32 replies to this topic

#1 tawalu

tawalu

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 30 July 2012 - 12:07 AM

For two or three days the machine was experiencing decreased browsing speed. Two days ago an audioscrobler program I have used for years, iSproggler, experienced an APPCRASH and cited a netdll.dll error. The program no longer can launch and cites the same error. After this occurred the Google redirects began. Random search results return a redirected link. I primarly use Firefox for browsing and on rare occasions use chrome.

I have ran Spybot, AdAware, CCleaner, MalwareBytes, SuperAntiSpyware, and earlier today ran a Kaspersky rescue disk. Kaspersky was the only program to return infections, but the problem still exists. I am also pasting the Kaspersky log for reference.

I ran GMER, but it blue screened the computer before it finished. I have attached its log, but I stopped it before it got to the point of the first blue screen, so the log is incomplete.

Thanks in advance for your assistance.

EDIT: I have added a FRST Log.

DDS.txt:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.0
Run by Video at 23:51:53 on 2012-07-29
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3071.1497 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Video\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugin-container.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = 127.0.0.1:8118
BHO: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12

\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows

live\WindowsLiveLogin.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPBar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700

\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\video\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [BackgroundSwitcher] "c:\program files\johnsadventures.com\john's background switcher\BackgroundSwitcher.exe"
uRun: [Spotify Web Helper] "c:\users\video\appdata\roaming\spotify\data\SpotifyWebHelper.exe"
uRun: [Logitech] RUNDLL32.EXE c:\users\video\appdata\local\logitech\lmezmiqm.dll,FECoreInstance
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre7\bin\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common

files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: LastPass - file://c:\program files\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files\lastpass\context.html?cmd=fillforms
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows

live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: kingdomcurrency.com
Trusted Zone: soe.com
Trusted Zone: sony.com
Trusted Zone: turbotax.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-

c1c34c691085/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} - hxxp://www.linksysfix.com/netcheck/67/install/gtdownls.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45}
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{173C3EE7-9466-4560-A90B-D518767DB0C9} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{58F17E0B-09A1-4B76-AE7C-B5A12656F3E8} : DhcpNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12

\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\video\appdata\roaming\mozilla\firefox\profiles\n6vawhfn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.nytimes.com/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\users\video\appdata\roaming\mozilla\firefox\profiles\n6vawhfn.default\extensions\{340c2bbc-ce74-4362-90b5-

7c26312808ef}\platform\winnt_x86-msvc\components\WeaveCrypto.dll
FF - component: c:\users\video\appdata\roaming\mozilla\firefox\profiles\n6vawhfn.default\extensions\{463f6ca5-ee3c-4be1-b7e6-

7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - component: c:\users\video\appdata\roaming\mozilla\firefox\profiles\n6vawhfn.default\extensions\{6ac85730-7d0f-4de0-b3fa-

21142dd85326}\platform\winnt\components\ColorZilla.dll
FF - component:

c:\users\video\appdata\roaming\mozilla\firefox\profiles\n6vawhfn.default\extensions\piclens@cooliris.com\components\cooliris.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox 4.0 beta 7\plugins\npqtplugin8.dll
FF - plugin: c:\program files\onlive\plugin\npolgdet.dll
FF - plugin: c:\program files\opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\opera\program\plugins\nppopcaploader.dll
FF - plugin: c:\program files\opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\swarmplugin\npvlc.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\id software\quakelive\npquakezero.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\video\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\users\video\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\video\appdata\roaming\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\users\video\appdata\roaming\move networks\plugins\npqmp071705000014.dll
FF - plugin: c:\users\video\appdata\roaming\mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\users\video\appdata\roaming\mozilla\plugins\npoctoshape.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1165635.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_268.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - plugin: c:\windows\system32\NPSWF32.dll
FF - plugin: e:\program files\real alternative\browser\plugins\nppl3260.dll
FF - plugin: e:\program files\real alternative\browser\plugins\nprpjplug.dll
FF - plugin: n:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [2010-10-7 234160]
R0 MDPMGRNT;MacDrive partition driver;c:\windows\system32\drivers\MDPMGRNT.SYS [2010-5-12 29792]
R1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys [2012-1-14 57800]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-4-4 63928]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-12-5 163328]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-4-12 21504]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2012-5-18 132768]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-9-1 47640]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-12-5 9067008]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-12-5 264192]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2011-10-17 82960]
R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192cu.sys [2010-12-31

700008]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-4-16 11520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319

\mscorsvw.exe [2010-3-18 130384]
S2 IcRecUsb;IC Recorder Driver;c:\windows\system32\drivers\IcRecUsb.sys [2009-8-3 17432]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\intel\inteldh\intel media server\tools\IntelDHSvcConf.exe [2006-5-10 29696]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4

-2 250056]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-5-8 133104]
S3 MCLServiceATL;Intel® Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2006-9-11

167936]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2011-12-13 99400]
S3 netr28u;Linksys USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2011-5-13 655872]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319

\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-4-12 16896]
S4 Desura Install Service;Desura Install Service;c:\program files\common files\desura\desura_service.exe [2012-1-5 131912]
S4 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-9-3 208896]
S4 GFIBckHAtt;GFI Backup 2009 - Home Edition Attendant Service;c:\progra~1\gfi\gfibac~1\GFIHInst.exe [2011-1-6 858480]
S4 GFIBckHSched;GFI Backup 2009 - Home Edition Scheduler Service;c:\progra~1\gfi\gfibac~1\GFIHSC~1.EXE [2011-1-6 2324848]
S4 gupdate1c9d012be69937c;Google Update Service (gupdate1c9d012be69937c);c:\program files\google\update\GoogleUpdate.exe [2009-5-8

133104]
S4 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
S4 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe -service --> c:\windows\system32\lxebcoms.exe -service [?]
S4 lxebCATSCustConnectService;lxebCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxebserv.exe [2010-1-4 193192]
S4 MacDrive8Service;MacDrive 8 service;c:\program files\mediafour\macdrive 8\MacDrive8Service.exe [2010-10-8 131584]
S4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-24

113120]
S4 PS3 Media Server;PS3 Media Server;c:\program files\ps3 media server\win32\service\wrapper.exe [2011-5-17 366872]
S4 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-5-31 1153368]
S4 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-5 160944]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-6-17 24652]
S4 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-1-30 106496]
.
=============== File Associations ===============
.
.reg=regedit
.
=============== Created Last 30 ================
.
2012-07-29 16:12:33 98816 ----a-w- c:\windows\sed.exe
2012-07-29 16:12:33 518144 ----a-w- c:\windows\SWREG.exe
2012-07-29 16:12:33 256000 ----a-w- c:\windows\PEV.exe
2012-07-29 16:12:33 208896 ----a-w- c:\windows\MBR.exe
2012-07-29 16:10:57 -------- d-s---w- C:\ComboFix
2012-07-29 16:04:44 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2012-07-29 13:00:19 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-07-29 05:02:21 -------- d-----w- c:\users\video\appdata\roaming\Malwarebytes
2012-07-29 05:01:02 -------- d-----w- c:\programdata\Malwarebytes
2012-07-29 05:01:01 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-29 05:01:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-29 04:59:45 -------- d-----w- c:\users\video\appdata\roaming\SUPERAntiSpyware.com
2012-07-29 04:59:31 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-07-29 04:59:31 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-28 16:58:35 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1b111197-1769-4767-a355-

dc609ffde522}\mpengine.dll
2012-07-28 16:57:44 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-07-28 16:57:44 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-07-28 16:57:44 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-07-27 17:58:18 -------- d-----w- c:\programdata\GFI Software
2012-07-27 15:22:32 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-07-27 15:19:30 -------- d-----w- c:\users\video\appdata\roaming\Ad-Aware Antivirus
2012-07-24 19:01:57 -------- d-----w- c:\programdata\Last.fm
2012-07-24 19:01:15 -------- d-----w- c:\program files\Last.fm
2012-07-24 18:04:18 -------- d-----w- c:\users\video\appdata\local\Logitech
2012-07-22 22:00:31 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-22 21:42:23 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2012-07-22 21:41:34 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-22 21:41:34 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-22 21:40:29 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-22 21:40:28 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-22 21:40:28 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-21 21:37:22 -------- d-----w- C:\VideoOutput
.
==================== Find3M ====================
.
2012-07-30 03:35:42 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-30 03:35:42 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-29 16:10:16 772592 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-29 16:10:16 687600 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-31 22:27:52 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-05-31 16:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-21 04:56:27 99400 ----a-w- c:\windows\system32\drivers\MijXfilt.sys
2012-05-15 22:10:20 73 ----a-w- c:\windows\system32\ssprs.dll
2012-05-15 22:10:20 205 ----a-w- c:\windows\system32\lsprst7.dll
2012-05-01 14:03:49 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-24 05:10:26 9331400 ----a-w- c:\program files\common files\lpuninstall.exe
.
============= FINISH: 23:53:31.48 ===============

Kaspersky log:
Objects Scan: completed 14 minutes ago (events: 75, objects: 2553680, time: 06:56:51)
7/29/12 1:02 PM Task started
7/29/12 1:47 PM Detected: HEUR:Trojan.Win32.Generic /mnt/MountedDevices/PD-1549F232-0000000000007E00/Users/Video/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/14/79ba350e-635f9bd1
7/29/12 1:47 PM Untreated: HEUR:Trojan.Win32.Generic /mnt/MountedDevices/PD-1549F232-0000000000007E00/Users/Video/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/14/79ba350e-635f9bd1 Postponed
7/29/12 1:47 PM Detected: Exploit.Java.CVE-2011-3544.mb /mnt/MountedDevices/PD-1549F232-0000000000007E00/Users/Video/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/18/ceb2d2-2cbbfbf5/a/Help.class
7/29/12 1:47 PM Detected: Exploit.Java.CVE-2010-0094.at /mnt/MountedDevices/PD-1549F232-0000000000007E00/Users/Video/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/19/2e76b9d3-253f5139/Dot.class
7/29/12 1:47 PM Untreated: Exploit.Java.CVE-2010-0094.at /mnt/MountedDevices/PD-1549F232-0000000000007E00/Users/Video/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/19/2e76b9d3-253f5139/Dot.class Postponed
7/29/12 1:47 PM Untreated: Exploit.Java.CVE-2011-3544.mb /mnt/MountedDevices/PD-1549F232-0000000000007E00/Users/Video/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/18/ceb2d2-2cbbfbf5/a/Help.class Postponed
7/29/12 1:47 PM Detected: Exploit.Java.CVE-2011-3544.mb /mnt/MountedDevices/PD-1549F232-0000000000007E00/Users/Video/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/18/ceb2d2-2cbbfbf5/a/Test.class
7/29/12 1:47 PM Detected: Exploit.Java.CVE-2010-0094.at /mnt/MountedDevices/PD-1549F232-0000000000007E00/Users/Video/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/19/2e76b9d3-253f5139/rd.class
7/29/12 1:47 PM Untreated: Exploit.Java.CVE-2011-3544.mb /mnt/MountedDevices/PD-1549F232-0000000000007E00/Users/Video/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/18/ceb2d2-2cbbfbf5/a/Test.class Postponed
7/29/12 1:47 PM Untreated: Exploit.Java.CVE-2010-0094.at /mnt/MountedDevices/PD-1549F232-0000000000007E00/Users/Video/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/19/2e76b9d3-253f5139/rd.class Postponed
7/29/12 6:25 PM Detected: HEUR:Trojan.Script.Iframer C:/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/6V9AUEEH/enterpoint[3].htm
7/29/12 6:25 PM Detected: HEUR:Trojan.Script.Iframer C:/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/6V9AUEEH/enterpoint[2].htm
7/29/12 6:25 PM Detected: HEUR:Trojan.Script.Iframer C:/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/6V9AUEEH/enterpoint[1].htm
7/29/12 6:25 PM Untreated: HEUR:Trojan.Script.Iframer C:/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/6V9AUEEH/enterpoint[3].htm Postponed
7/29/12 6:25 PM Untreated: HEUR:Trojan.Script.Iframer C:/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/6V9AUEEH/enterpoint[2].htm Postponed
7/29/12 6:25 PM Untreated: HEUR:Trojan.Script.Iframer C:/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/6V9AUEEH/enterpoint[1].htm Postponed
7/29/12 6:25 PM Detected: HEUR:Trojan.Script.Iframer C:/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/KD2ZOYZN/enterpoint[1].htm
7/29/12 6:25 PM Detected: HEUR:Trojan.Script.Iframer C:/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/KD2ZOYZN/enterpoint[2].htm
7/29/12 6:25 PM Untreated: HEUR:Trojan.Script.Iframer C:/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/KD2ZOYZN/enterpoint[1].htm Postponed
7/29/12 6:25 PM Untreated: HEUR:Trojan.Script.Iframer C:/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/KD2ZOYZN/enterpoint[2].htm Postponed
7/29/12 6:25 PM Detected: HEUR:Trojan.Script.Generic C:/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/KD2ZOYZN/bitesizewellness_com[1].htm
7/29/12 6:25 PM Untreated: HEUR:Trojan.Script.Generic C:/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/KD2ZOYZN/bitesizewellness_com[1].htm Postponed
7/29/12 6:26 PM Detected: HEUR:Trojan.Script.Iframer C:/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/OQS257H6/enterpoint[1].htm
7/29/12 6:26 PM Untreated: HEUR:Trojan.Script.Iframer C:/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/OQS257H6/enterpoint[1].htm Postponed
7/29/12 6:26 PM Detected: HEUR:Trojan.Script.Iframer /mnt/MountedDevices/PD-1549F232-0000000000007E00/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/6V9AUEEH/enterpoint[1].htm
7/29/12 6:26 PM Untreated: HEUR:Trojan.Script.Iframer /mnt/MountedDevices/PD-1549F232-0000000000007E00/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/6V9AUEEH/enterpoint[1].htm Postponed
7/29/12 6:26 PM Detected: HEUR:Trojan.Script.Iframer /mnt/MountedDevices/PD-1549F232-0000000000007E00/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/6V9AUEEH/enterpoint[2].htm
7/29/12 6:26 PM Untreated: HEUR:Trojan.Script.Iframer /mnt/MountedDevices/PD-1549F232-0000000000007E00/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/6V9AUEEH/enterpoint[2].htm Postponed
7/29/12 6:26 PM Detected: HEUR:Trojan.Script.Iframer /mnt/MountedDevices/PD-1549F232-0000000000007E00/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/6V9AUEEH/enterpoint[3].htm
7/29/12 6:26 PM Untreated: HEUR:Trojan.Script.Iframer /mnt/MountedDevices/PD-1549F232-0000000000007E00/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/6V9AUEEH/enterpoint[3].htm Postponed
7/29/12 6:26 PM Detected: HEUR:Trojan.Script.Iframer /mnt/MountedDevices/PD-1549F232-0000000000007E00/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/KD2ZOYZN/enterpoint[1].htm
7/29/12 6:26 PM Untreated: HEUR:Trojan.Script.Iframer /mnt/MountedDevices/PD-1549F232-0000000000007E00/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/KD2ZOYZN/enterpoint[1].htm Postponed
7/29/12 6:26 PM Detected: HEUR:Trojan.Script.Iframer /mnt/MountedDevices/PD-1549F232-0000000000007E00/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/KD2ZOYZN/enterpoint[2].htm
7/29/12 6:26 PM Untreated: HEUR:Trojan.Script.Iframer /mnt/MountedDevices/PD-1549F232-0000000000007E00/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/KD2ZOYZN/enterpoint[2].htm Postponed
7/29/12 6:26 PM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-1549F232-0000000000007E00/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/KD2ZOYZN/bitesizewellness_com[1].htm
7/29/12 6:26 PM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-1549F232-0000000000007E00/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/KD2ZOYZN/bitesizewellness_com[1].htm Postponed
7/29/12 6:27 PM Detected: HEUR:Trojan.Script.Iframer /mnt/MountedDevices/PD-1549F232-0000000000007E00/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/OQS257H6/enterpoint[1].htm
7/29/12 6:27 PM Untreated: HEUR:Trojan.Script.Iframer /mnt/MountedDevices/PD-1549F232-0000000000007E00/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/OQS257H6/enterpoint[1].htm Postponed
7/29/12 6:27 PM Detected: HEUR:Trojan.Script.Iframer /mnt/MountedDevices/PD-1549F232-0000000000007E00/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/6V9AUEEH/enterpoint[1].htm
7/29/12 6:27 PM Untreated: HEUR:Trojan.Script.Iframer /mnt/MountedDevices/PD-1549F232-0000000000007E00/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/6V9AUEEH/enterpoint[1].htm Postponed
7/29/12 6:27 PM Detected: HEUR:Trojan.Script.Iframer /mnt/MountedDevices/PD-1549F232-0000000000007E00/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/6V9AUEEH/enterpoint[2].htm
7/29/12 6:27 PM Detected: HEUR:Trojan.Script.Iframer /mnt/MountedDevices/PD-1549F232-0000000000007E00/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/6V9AUEEH/enterpoint[3].htm
7/29/12 6:27 PM Untreated: HEUR:Trojan.Script.Iframer /mnt/MountedDevices/PD-1549F232-0000000000007E00/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/6V9AUEEH/enterpoint[2].htm Postponed
7/29/12 6:27 PM Untreated: HEUR:Trojan.Script.Iframer /mnt/MountedDevices/PD-1549F232-0000000000007E00/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/6V9AUEEH/enterpoint[3].htm Postponed
7/29/12 6:27 PM Detected: HEUR:Trojan.Script.Iframer /mnt/MountedDevices/PD-1549F232-0000000000007E00/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/KD2ZOYZN/enterpoint[1].htm
7/29/12 6:27 PM Untreated: HEUR:Trojan.Script.Iframer /mnt/MountedDevices/PD-1549F232-0000000000007E00/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/KD2ZOYZN/enterpoint[1].htm Postponed
7/29/12 6:27 PM Detected: HEUR:Trojan.Script.Iframer /mnt/MountedDevices/PD-1549F232-0000000000007E00/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/KD2ZOYZN/enterpoint[2].htm
7/29/12 6:27 PM Untreated: HEUR:Trojan.Script.Iframer /mnt/MountedDevices/PD-1549F232-0000000000007E00/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/KD2ZOYZN/enterpoint[2].htm Postponed
7/29/12 6:27 PM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-1549F232-0000000000007E00/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/KD2ZOYZN/bitesizewellness_com[1].htm
7/29/12 6:27 PM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-1549F232-0000000000007E00/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/KD2ZOYZN/bitesizewellness_com[1].htm Postponed
7/29/12 6:28 PM Detected: HEUR:Trojan.Script.Iframer /mnt/MountedDevices/PD-1549F232-0000000000007E00/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/OQS257H6/enterpoint[1].htm
7/29/12 6:28 PM Untreated: HEUR:Trojan.Script.Iframer /mnt/MountedDevices/PD-1549F232-0000000000007E00/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/OQS257H6/enterpoint[1].htm Postponed
7/29/12 6:28 PM Detected: HEUR:Trojan.Script.Iframer /mnt/MountedDevices/PD-1549F232-0000000000007E00/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/6V9AUEEH/enterpoint[1].htm
7/29/12 6:28 PM Untreated: HEUR:Trojan.Script.Iframer /mnt/MountedDevices/PD-1549F232-0000000000007E00/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/6V9AUEEH/enterpoint[1].htm Postponed
7/29/12 6:28 PM Detected: HEUR:Trojan.Script.Iframer /mnt/MountedDevices/PD-1549F232-0000000000007E00/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/6V9AUEEH/enterpoint[2].htm
7/29/12 6:28 PM Untreated: HEUR:Trojan.Script.Iframer /mnt/MountedDevices/PD-1549F232-0000000000007E00/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/6V9AUEEH/enterpoint[2].htm Postponed
7/29/12 6:28 PM Detected: HEUR:Trojan.Script.Iframer /mnt/MountedDevices/PD-1549F232-0000000000007E00/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/6V9AUEEH/enterpoint[3].htm
7/29/12 6:28 PM Untreated: HEUR:Trojan.Script.Iframer /mnt/MountedDevices/PD-1549F232-0000000000007E00/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/6V9AUEEH/enterpoint[3].htm Postponed
7/29/12 6:28 PM Detected: HEUR:Trojan.Script.Iframer /mnt/MountedDevices/PD-1549F232-0000000000007E00/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/KD2ZOYZN/enterpoint[1].htm
7/29/12 6:28 PM Untreated: HEUR:Trojan.Script.Iframer /mnt/MountedDevices/PD-1549F232-0000000000007E00/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/KD2ZOYZN/enterpoint[1].htm Postponed
7/29/12 6:28 PM Detected: HEUR:Trojan.Script.Iframer /mnt/MountedDevices/PD-1549F232-0000000000007E00/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/KD2ZOYZN/enterpoint[2].htm
7/29/12 6:28 PM Untreated: HEUR:Trojan.Script.Iframer /mnt/MountedDevices/PD-1549F232-0000000000007E00/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/KD2ZOYZN/enterpoint[2].htm Postponed
7/29/12 6:28 PM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-1549F232-0000000000007E00/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/KD2ZOYZN/bitesizewellness_com[1].htm
7/29/12 6:28 PM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-1549F232-0000000000007E00/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/KD2ZOYZN/bitesizewellness_com[1].htm Postponed
7/29/12 6:29 PM Detected: HEUR:Trojan.Script.Iframer /mnt/MountedDevices/PD-1549F232-0000000000007E00/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/OQS257H6/enterpoint[1].htm
7/29/12 6:29 PM Untreated: HEUR:Trojan.Script.Iframer /mnt/MountedDevices/PD-1549F232-0000000000007E00/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/OQS257H6/enterpoint[1].htm Postponed
7/29/12 7:41 PM Detected: HEUR:Trojan.Script.Iframer /mnt/MountedDevices/PD-1549F232-0000000000007E00/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/6V9AUEEH/enterpoint[1].htm
7/29/12 7:48 PM Detected: HEUR:Trojan.Script.Iframer /mnt/MountedDevices/PD-1549F232-0000000000007E00/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/6V9AUEEH/enterpoint[2].htm
7/29/12 7:59 PM Detected: HEUR:Trojan.Script.Iframer /mnt/MountedDevices/PD-1549F232-0000000000007E00/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/6V9AUEEH/enterpoint[3].htm
7/29/12 7:59 PM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-1549F232-0000000000007E00/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/KD2ZOYZN/bitesizewellness_com[1].htm
7/29/12 7:59 PM Detected: HEUR:Trojan.Script.Iframer /mnt/MountedDevices/PD-1549F232-0000000000007E00/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/KD2ZOYZN/enterpoint[1].htm
7/29/12 7:59 PM Detected: HEUR:Trojan.Script.Iframer /mnt/MountedDevices/PD-1549F232-0000000000007E00/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/KD2ZOYZN/enterpoint[2].htm
7/29/12 7:59 PM Detected: HEUR:Trojan.Script.Iframer /mnt/MountedDevices/PD-1549F232-0000000000007E00/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/OQS257H6/enterpoint[1].htm
7/29/12 7:59 PM Task completed

EDIT-
FRST LOG:
Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 30-07-2012 19:48:56
Running from D:\
Windows Vista ™ Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe [479232 2005-07-15] (Google Inc.)
HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-12-05] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1352272 2010-10-28] (Logitech, Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-04-03] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe" [x]
HKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [1773568 2007-03-12] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [1773568 2007-03-12] (Hewlett-Packard)
HKU\Luke\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [1773568 2007-03-12] (Hewlett-Packard)
HKU\RR\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-18] (Microsoft Corporation)
HKU\Video\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\Video\...\Run: [Google Update] "C:\Users\Video\AppData\Local\Google\Update\GoogleUpdate.exe" /c [133104 2008-09-02] (Google Inc.)
HKU\Video\...\Run: [BackgroundSwitcher] "C:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe" [119928 2012-06-10] (johnsadventures.com)
HKU\Video\...\Run: [Spotify Web Helper] "C:\Users\Video\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1193176 2012-07-25] ()
HKU\Video\...\Run: [Logitech] RUNDLL32.EXE C:\Users\Video\AppData\Local\Logitech\lmezmiqm.dll,FECoreInstance [572928 2012-07-27] (Adobe Systems Incorporated)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\IUSR_NMPR\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\IUSR_NMPR\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)

================================ Services (Whitelisted) ==================

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE" [116608 2011-08-11] (SUPERAntiSpyware.com)
3 AlertService; "C:\Program Files\Intel\IntelDH\CCU\AlertService.exe" [188416 2006-09-11] (Intel® Corporation)
4 Desura Install Service; C:\Program Files\Common Files\Desura\desura_service.exe [131912 2012-01-05] (Desura Pty Ltd)
4 DQLWinService; "C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [208896 2006-09-03] ()
2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-18] (Microsoft Corporation)
4 GFIBckHAtt; C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe [858480 2010-07-30] (GFI Software Ltd.)
4 GFIBckHSched; C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE [2324848 2010-07-30] (GFI Software Ltd.)
4 gupdate1c9d012be69937c; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [133104 2009-05-08] (Google Inc.)
4 hasplms; C:\Windows\system32\hasplms.exe -run [3750400 2009-12-16] (SafeNet Inc.)
2 Intel® PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [132768 2011-11-09] (Intel Corporation)
2 IntelDHSvcConf; "C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe" [29696 2006-05-10] (Intel® Corporation)
3 ISSM; "C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe" [75264 2006-09-11] (Intel® Corporation)
4 lxebCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxebserv.exe [193192 2010-04-14] (Lexmark International, Inc.)
4 lxeb_device; C:\Windows\system32\lxebcoms.exe -service [598696 2010-01-07] ( )
3 M1 Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [26624 2006-08-31] ()
4 MacDrive8Service; "C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe" [131584 2010-10-08] (Mediafour Corporation)
3 Macromedia Licensing Service; "C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe" [68096 2007-08-20] ()
3 MCLServiceATL; "C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe" [167936 2006-09-11] (Intel® Corporation)
2 MSSQL$MSSMLBIZ; "C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [29263712 2008-11-24] (Microsoft Corporation)
3 Remote UI Service; "C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe" [544256 2006-09-11] (Intel® Corporation)
4 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
4 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [160944 2012-06-05] (Skype Technologies)
3 TVersityMediaServer; "C:\ProgramData\TVersity\Media Server\MediaServer.exe" [1249064 2011-07-29] ()
3 usprserv; C:\Windows\System32\svchost.exe -k netsvcs [21504 2008-01-18] (Microsoft Corporation)
4 Viewpoint Manager Service; "C:\Program Files\Viewpoint\Common\ViewpointService.exe" [24652 2007-01-04] (Viewpoint Corporation)
4 WDBtnMgrSvc.exe; "C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe" [106496 2008-01-30] (WDC)
4 LightScribeService; "c:\Program Files\Common Files\LightScribe\LSSrvc.exe" [x]
4 PS3 Media Server; "C:\Program Files\PS3 Media Server\win32\service\wrapper.exe" -s "C:\Program Files\PS3 Media Server\win32\service\wrapper.conf" [x]
3 rpcapd; "C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini" [x]
4 stllssvr; "c:\Program Files\Common Files\SureThing Shared\stllssvr.exe" [x]

========================== Drivers (Whitelisted) =============

3 61883; C:\Windows\System32\DRIVERS\61883.sys [45696 2008-01-18] (Microsoft Corporation)
2 aksfridge; \??\C:\Windows\system32\drivers\aksfridge.sys [356864 2009-08-20] (Aladdin Knowledge Systems Ltd.)
3 AmdLLD; C:\Windows\System32\DRIVERS\AmdLLD.sys [34304 2007-06-29] (AMD, Inc.)
3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [82960 2011-10-17] (Advanced Micro Devices)
3 AtiHdmiService; C:\Windows\System32\drivers\AtiHdmi.sys [104464 2010-03-09] (ATI Technologies, Inc.)
3 AVCSTRM; C:\Windows\System32\DRIVERS\avcstrm.sys [14208 2008-01-18] (Microsoft Corporation)
1 CBDisk; \??\C:\Windows\system32\drivers\CBDisk.sys [57800 2010-01-13] (EldoS Corporation)
3 ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [27672 2008-09-17] (EnTech Taiwan)
2 hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [588800 2009-12-09] (SafeNet Inc.)
2 IcRecUsb; C:\Windows\System32\Drivers\IcRecUsb.sys [17432 2001-10-02] (lecs Inc.)
3 lmimirr; C:\Windows\System32\DRIVERS\lmimirr.sys [10144 2011-01-11] (LogMeIn, Inc.)
2 LMIRfsDriver; \??\C:\Windows\system32\drivers\LMIRfsDriver.sys [47640 2011-01-11] (LogMeIn, Inc.)
3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28624 2010-08-24] (Logitech, Inc.)
0 MDFSYSNT; C:\Windows\System32\Drivers\MDFSYSNT.sys [234160 2010-10-07] (Mediafour Corporation)
0 MDPMGRNT; C:\Windows\System32\Drivers\MDPMGRNT.sys [29792 2010-05-12] (Mediafour Corporation)
3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [99400 2012-05-20] (MotioninJoy)
3 MSTAPE; C:\Windows\System32\DRIVERS\mstape.sys [50048 2008-01-18] (Microsoft Corporation)
3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [655872 2008-12-05] (Ralink Technology Corp.)
2 NPF; C:\Windows\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.)
3 pfc; C:\Windows\System32\drivers\pfc.sys [10368 2005-11-02] (Padus, Inc.)
3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [700008 2010-12-31] (Realtek Semiconductor Corporation )
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
4 sptd; C:\Windows\System32\Drivers\sptd.sys [721904 2009-07-29] (Duplex Secure Ltd.)
3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [361728 2007-01-29] (eMPIA Technology, Inc.)
3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [39680 2007-01-29] (eMPIA Technology, Inc.)
3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [12672 2007-04-09] (LG Electronics Inc.)
3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [21248 2007-04-09] (LG Electronics Inc.)
3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [22912 2007-04-09] (LG Electronics Inc.)
3 xusb21; C:\Windows\System32\DRIVERS\xusb21.sys [61984 2010-08-19] (Microsoft Corporation)
4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
3 cpuz130; \??\C:\Users\Video\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
3 ddxgb; \??\C:\Users\Video\AppData\Local\Temp\ddxgb.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [x]
2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [x]
4 LMIRfsClientNP; [x]
3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]
3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 pgfilter; \??\C:\Program Files\PeerGuardian2\pgfilter.sys [x]
1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-30 19:48 - 2012-07-30 19:48 - 00000000 ____D C:\FRST
2012-07-30 15:43 - 2012-07-30 15:43 - 00892822 ____A (Farbar) C:\Users\Video\Desktop\FRST.exe
2012-07-29 21:06 - 2012-07-29 21:06 - 00076326 ____A C:\Users\Video\Desktop\ark.txt
2012-07-29 20:51 - 2012-07-29 20:51 - 00146096 ____A C:\Windows\Minidump\Mini073012-01.dmp
2012-07-29 20:50 - 2012-07-29 20:50 - 474843944 ____A C:\Windows\MEMORY.DMP
2012-07-29 19:57 - 2012-07-29 19:57 - 00302592 ____A C:\Users\Video\Desktop\5f9d3d1c.exe
2012-07-29 19:57 - 2012-07-29 19:57 - 00024445 ____A C:\Users\Video\Desktop\Attach.txt
2012-07-29 19:56 - 2012-07-29 19:57 - 00022857 ____A C:\Users\Video\Desktop\DDS.txt
2012-07-29 19:51 - 2012-07-29 19:51 - 00607260 ____R (Swearware) C:\Users\Video\Desktop\dds.scr
2012-07-29 19:44 - 2012-07-29 19:44 - 00050477 ____A C:\Users\Video\Desktop\Defogger.exe
2012-07-29 19:44 - 2012-07-29 19:44 - 00000020 ____A C:\Users\Video\defogger_reenable
2012-07-29 08:32 - 2012-07-29 08:10 - 00227824 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-07-29 08:32 - 2012-07-29 08:10 - 00174064 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-07-29 08:32 - 2012-07-29 08:10 - 00174064 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-07-29 08:16 - 2012-07-30 15:03 - 00002150 ____A C:\Windows\epplauncher.mif
2012-07-29 08:12 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-07-29 08:12 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-07-29 08:12 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-07-29 08:12 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-07-29 08:12 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-07-29 08:12 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-07-29 08:12 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-07-29 08:12 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-07-29 08:10 - 2012-07-29 08:13 - 00000000 ___SD C:\ComboFix
2012-07-29 08:10 - 2012-07-29 08:11 - 00000000 ____D C:\Qoobox
2012-07-29 08:04 - 2012-07-29 08:04 - 00000000 ____D C:\Windows\erdnt
2012-07-29 08:04 - 2010-04-05 12:00 - 00221568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-07-29 05:00 - 2012-07-29 11:59 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2012-07-28 21:02 - 2012-07-28 21:02 - 00000000 ____D C:\Users\Video\Application Data\Malwarebytes
2012-07-28 21:02 - 2012-07-28 21:02 - 00000000 ____D C:\Users\Video\AppData\Roaming\Malwarebytes
2012-07-28 21:01 - 2012-07-28 21:01 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-28 21:01 - 2012-07-28 21:01 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-07-28 21:01 - 2012-07-28 21:01 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-07-28 21:01 - 2012-07-03 09:46 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-28 20:59 - 2012-07-28 20:59 - 00000000 ____D C:\Users\Video\Application Data\SUPERAntiSpyware.com
2012-07-28 20:59 - 2012-07-28 20:59 - 00000000 ____D C:\Users\Video\AppData\Roaming\SUPERAntiSpyware.com
2012-07-28 20:59 - 2012-07-28 20:59 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-07-28 20:59 - 2012-07-28 20:59 - 00000000 ____D C:\Users\All Users\Application Data\SUPERAntiSpyware.com
2012-07-28 20:59 - 2012-07-28 20:59 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-07-28 20:55 - 2012-07-28 20:55 - 00000865 ____A C:\rkill.log
2012-07-28 08:57 - 2012-04-23 08:00 - 00984064 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-07-28 08:57 - 2012-04-23 08:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-07-28 08:57 - 2012-04-23 08:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-07-27 09:58 - 2012-07-27 09:58 - 00000000 ____D C:\Users\All Users\GFI Software
2012-07-27 09:58 - 2012-07-27 09:58 - 00000000 ____D C:\Users\All Users\Application Data\GFI Software
2012-07-27 07:22 - 2012-07-27 09:58 - 00000000 ____D C:\Program Files\Ad-Aware Antivirus
2012-07-27 07:19 - 2012-07-27 07:43 - 00000000 ____D C:\Users\Video\Application Data\Ad-Aware Antivirus
2012-07-27 07:19 - 2012-07-27 07:43 - 00000000 ____D C:\Users\Video\AppData\Roaming\Ad-Aware Antivirus
2012-07-25 07:01 - 2012-07-25 07:01 - 00000000 ____A C:\Windows\setuperr.log
2012-07-25 07:01 - 2012-07-25 07:01 - 00000000 ____A C:\Windows\setupact.log
2012-07-24 11:01 - 2012-07-24 11:01 - 00000000 ____D C:\Users\All Users\Last.fm
2012-07-24 11:01 - 2012-07-24 11:01 - 00000000 ____D C:\Users\All Users\Application Data\Last.fm
2012-07-24 11:01 - 2012-07-24 11:01 - 00000000 ____D C:\Program Files\Last.fm
2012-07-24 10:47 - 2012-07-29 08:43 - 00001698 ____A C:\Windows\PFRO.log
2012-07-24 10:04 - 2012-07-28 07:00 - 00000000 ____D C:\Users\Video\Local Settings\Logitech
2012-07-24 10:04 - 2012-07-28 07:00 - 00000000 ____D C:\Users\Video\Local Settings\Application Data\Logitech
2012-07-24 10:04 - 2012-07-28 07:00 - 00000000 ____D C:\Users\Video\AppData\Local\Logitech
2012-07-22 14:00 - 2012-06-13 05:40 - 02047488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-22 13:48 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-22 13:48 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-22 13:48 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-22 13:48 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-22 13:48 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-22 13:48 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-22 13:48 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-22 13:48 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-22 13:48 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-22 13:48 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-22 13:48 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-22 13:48 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-22 13:48 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-22 13:48 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-22 13:42 - 2012-06-08 09:47 - 11586048 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-22 13:41 - 2012-06-05 08:47 - 01401856 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-22 13:41 - 2012-06-05 08:47 - 01248768 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-22 13:40 - 2012-06-04 07:26 - 00440704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-22 13:40 - 2012-06-01 16:04 - 00278528 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-22 13:40 - 2012-06-01 16:03 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-21 17:27 - 2012-07-21 17:27 - 00001651 ____A C:\Users\Video\Desktop\PS3 Media Server.lnk
2012-07-21 13:37 - 2012-07-21 13:37 - 00000000 ____D C:\VideoOutput
2012-07-21 09:05 - 2012-07-21 09:05 - 00000821 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-07-21 09:05 - 2012-07-21 09:05 - 00000821 ____A C:\Users\All Users\Desktop\VLC media player.lnk

============ 3 Months Modified Files ========================

2012-07-30 15:45 - 2007-06-27 03:25 - 01637187 ____A C:\Windows\WindowsUpdate.log
2012-07-30 15:45 - 2006-11-02 05:01 - 00032584 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-30 15:45 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-30 15:45 - 2006-11-02 04:47 - 00003696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-30 15:45 - 2006-11-02 04:47 - 00003696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-30 15:43 - 2012-07-30 15:43 - 00892822 ____A (Farbar) C:\Users\Video\Desktop\FRST.exe
2012-07-30 15:34 - 2009-07-05 09:46 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-30 15:34 - 2009-06-27 12:12 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1398966211-2182549769-3771512664-1001UA.job
2012-07-30 15:06 - 2012-04-02 15:59 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-07-30 15:06 - 2012-04-02 15:59 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-30 15:06 - 2011-05-15 07:40 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-07-30 15:03 - 2012-07-29 08:16 - 00002150 ____A C:\Windows\epplauncher.mif
2012-07-30 14:05 - 2009-07-05 09:46 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-29 21:06 - 2012-07-29 21:06 - 00076326 ____A C:\Users\Video\Desktop\ark.txt
2012-07-29 20:51 - 2012-07-29 20:51 - 00146096 ____A C:\Windows\Minidump\Mini073012-01.dmp
2012-07-29 20:50 - 2012-07-29 20:50 - 474843944 ____A C:\Windows\MEMORY.DMP
2012-07-29 19:57 - 2012-07-29 19:57 - 00302592 ____A C:\Users\Video\Desktop\5f9d3d1c.exe
2012-07-29 19:57 - 2012-07-29 19:57 - 00024445 ____A C:\Users\Video\Desktop\Attach.txt
2012-07-29 19:57 - 2012-07-29 19:56 - 00022857 ____A C:\Users\Video\Desktop\DDS.txt
2012-07-29 19:51 - 2012-07-29 19:51 - 00607260 ____R (Swearware) C:\Users\Video\Desktop\dds.scr
2012-07-29 19:44 - 2012-07-29 19:44 - 00050477 ____A C:\Users\Video\Desktop\Defogger.exe
2012-07-29 19:44 - 2012-07-29 19:44 - 00000020 ____A C:\Users\Video\defogger_reenable
2012-07-29 08:43 - 2012-07-24 10:47 - 00001698 ____A C:\Windows\PFRO.log
2012-07-29 08:10 - 2012-07-29 08:32 - 00227824 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-07-29 08:10 - 2012-07-29 08:32 - 00174064 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-07-29 08:10 - 2012-07-29 08:32 - 00174064 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-07-29 08:10 - 2012-02-19 13:36 - 00772592 ____A (Oracle Corporation) C:\Windows\System32\npdeployJava1.dll
2012-07-29 08:10 - 2010-05-11 13:59 - 00687600 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-07-29 07:34 - 2009-06-27 12:12 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1398966211-2182549769-3771512664-1001Core.job
2012-07-28 20:55 - 2012-07-28 20:55 - 00000865 ____A C:\rkill.log
2012-07-28 08:55 - 2009-03-21 07:58 - 00000868 ____A C:\Windows\Tasks\Google Software Updater.job
2012-07-25 07:44 - 2007-08-19 11:45 - 00237056 ____A C:\Users\Video\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-25 07:44 - 2007-08-19 11:45 - 00237056 ____A C:\Users\Video\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-25 07:44 - 2007-08-19 11:45 - 00237056 ____A C:\Users\Video\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-25 07:01 - 2012-07-25 07:01 - 00000000 ____A C:\Windows\setuperr.log
2012-07-25 07:01 - 2012-07-25 07:01 - 00000000 ____A C:\Windows\setupact.log
2012-07-24 06:49 - 2007-08-17 10:58 - 00145192 ____A C:\Users\Video\Local Settings\GDIPFONTCACHEV1.DAT
2012-07-24 06:49 - 2007-08-17 10:58 - 00145192 ____A C:\Users\Video\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-07-24 06:49 - 2007-08-17 10:58 - 00145192 ____A C:\Users\Video\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-24 06:47 - 2006-11-02 04:47 - 01855400 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-23 07:49 - 2012-05-18 14:40 - 00000352 ____A C:\Users\Video\Application Data\Network Meter_Settings.ini
2012-07-23 07:49 - 2012-05-18 14:40 - 00000352 ____A C:\Users\Video\AppData\Roaming\Network Meter_Settings.ini
2012-07-22 14:46 - 2011-08-24 12:41 - 00373905 ____A C:\Windows\System32\TVersityMediaServer.log
2012-07-22 13:59 - 2006-11-02 02:23 - 00000364 ____A C:\Windows\win.ini
2012-07-22 13:50 - 2006-11-02 02:24 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-07-21 17:27 - 2012-07-21 17:27 - 00001651 ____A C:\Users\Video\Desktop\PS3 Media Server.lnk
2012-07-21 09:05 - 2012-07-21 09:05 - 00000821 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-07-21 09:05 - 2012-07-21 09:05 - 00000821 ____A C:\Users\All Users\Desktop\VLC media player.lnk
2012-07-03 09:46 - 2012-07-28 21:01 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-23 13:40 - 2007-08-17 11:16 - 00002032 ____A C:\Users\Video\Local Settings\d3d9caps.dat
2012-06-23 13:40 - 2007-08-17 11:16 - 00002032 ____A C:\Users\Video\Local Settings\Application Data\d3d9caps.dat
2012-06-23 13:40 - 2007-08-17 11:16 - 00002032 ____A C:\Users\Video\AppData\Local\d3d9caps.dat
2012-06-16 06:45 - 2010-04-16 18:28 - 00235256 ___AH C:\Windows\System32\mlfcache.dat
2012-06-13 05:40 - 2012-07-22 14:00 - 02047488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 19:30 - 2006-11-02 02:22 - 86507520 ____A C:\Windows\System32\config\software_previous
2012-06-08 19:30 - 2006-11-02 02:22 - 31719424 ____A C:\Windows\System32\config\system_previous
2012-06-08 13:59 - 2006-11-02 02:22 - 38535168 ____A C:\Windows\System32\config\components_previous
2012-06-08 13:59 - 2006-11-02 02:22 - 06553600 ____A C:\Windows\System32\config\default_previous
2012-06-08 13:59 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\security_previous
2012-06-08 13:59 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\sam_previous
2012-06-08 09:47 - 2012-07-22 13:42 - 11586048 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-05 08:47 - 2012-07-22 13:41 - 01401856 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 08:47 - 2012-07-22 13:41 - 01248768 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-04 07:26 - 2012-07-22 13:40 - 00440704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-02 14:19 - 2012-06-21 10:02 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 10:02 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 10:02 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 10:02 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 10:02 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-21 10:02 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-21 10:02 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-21 10:01 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:12 - 2012-06-21 10:01 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 01:07 - 2012-07-22 13:48 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 00:43 - 2012-07-22 13:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 00:33 - 2012-07-22 13:48 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 00:26 - 2012-07-22 13:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 00:25 - 2012-07-22 13:48 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 00:25 - 2012-07-22 13:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 00:23 - 2012-07-22 13:48 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 00:21 - 2012-07-22 13:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 00:20 - 2012-07-22 13:48 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 00:19 - 2012-07-22 13:48 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 00:19 - 2012-07-22 13:48 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 00:17 - 2012-07-22 13:48 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 00:16 - 2012-07-22 13:48 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 00:14 - 2012-07-22 13:48 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-01 16:04 - 2012-07-22 13:40 - 00278528 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 16:03 - 2012-07-22 13:40 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-05-31 14:27 - 2011-09-01 14:08 - 00016400 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
2012-05-31 08:25 - 2009-10-09 02:52 - 00237072 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-23 14:19 - 2011-01-05 15:07 - 00001612 ____A C:\Users\Public\Desktop\ImgBurn.lnk
2012-05-23 14:19 - 2011-01-05 15:07 - 00001612 ____A C:\Users\All Users\Desktop\ImgBurn.lnk
2012-05-23 13:20 - 2008-03-08 10:04 - 00000119 ____A C:\Windows\QUICKEN.INI
2012-05-23 13:05 - 2012-03-10 10:32 - 00000003 ____A C:\Windows\System32\HRUPPROG.TXT
2012-05-20 20:56 - 2011-12-13 12:56 - 00099400 ____A (MotioninJoy) C:\Windows\System32\Drivers\MijXfilt.sys
2012-05-19 10:15 - 2012-05-19 10:15 - 00085566 ____A C:\Users\Video\My Documents\cc_20120519_141529.reg
2012-05-19 10:15 - 2012-05-19 10:15 - 00085566 ____A C:\Users\Video\Documents\cc_20120519_141529.reg
2012-05-18 14:40 - 2012-05-18 14:36 - 00000412 ____A C:\Users\Video\Application Data\All CPU Meter_Settings.ini
2012-05-18 14:40 - 2012-05-18 14:36 - 00000412 ____A C:\Users\Video\AppData\Roaming\All CPU Meter_Settings.ini
2012-05-15 14:10 - 2010-03-31 19:44 - 00000219 ____A C:\Windows\System32\lsprst7.tgz
2012-05-15 14:10 - 2010-03-31 19:44 - 00000205 ____A C:\Windows\System32\lsprst7.dll
2012-05-15 14:10 - 2010-03-31 19:44 - 00000087 ____A C:\Windows\System32\ssprs.tgz
2012-05-15 14:10 - 2010-03-31 19:44 - 00000073 ____A C:\Windows\System32\ssprs.dll
2012-05-13 16:57 - 2011-09-16 09:22 - 00013824 ____A C:\Users\Public\MyConvGraph.grf
2012-05-13 16:41 - 2010-04-06 18:32 - 00000222 ____A C:\Windows\HDLink.INI
2012-05-13 16:33 - 2010-03-21 07:50 - 00000539 ____A C:\Windows\System32\hdvsplit.ini


ZeroAccess:
C:\Windows\Installer\{087d661b-c358-612c-880f-77709a131b44}
C:\Windows\Installer\{087d661b-c358-612c-880f-77709a131b44}\L

ZeroAccess:
C:\Users\Video\AppData\Local\{087d661b-c358-612c-880f-77709a131b44}
C:\Users\Video\AppData\Local\{087d661b-c358-612c-880f-77709a131b44}\@
C:\Users\Video\AppData\Local\{087d661b-c358-612c-880f-77709a131b44}\L
C:\Users\Video\AppData\Local\{087d661b-c358-612c-880f-77709a131b44}\n
C:\Users\Video\AppData\Local\{087d661b-c358-612c-880f-77709a131b44}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 19%
Total physical RAM: 3070.69 MB
Available physical RAM: 2485.47 MB
Total Pagefile: 2775.63 MB
Available Pagefile: 2593.97 MB
Total Virtual: 2047.88 MB
Available Virtual: 1983.51 MB

======================= Partitions =========================

1 Drive c: (tj) (Fixed) (Total:363.79 GB) (Free:49.94 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: () (Removable) (Total:3.8 GB) (Free:1.44 GB) FAT32
3 Drive e: (TJ Program) (Fixed) (Total:149.05 GB) (Free:13.73 GB) NTFS
4 Drive f: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
7 Drive i: (Video White) (Fixed) (Total:465.76 GB) (Free:14.53 GB) NTFS
10 Drive l: (External) (Fixed) (Total:232.88 GB) (Free:77.74 GB) NTFS
12 Drive u: (Recovery) (Fixed) (Total:8.82 GB) (Free:0.97 GB) NTFS ==>[System with boot components (obtained from reading drive)]
13 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 373 GB 1528 KB
Disk 1 Online 149 GB 1849 KB
Disk 2 Online 466 GB 1528 KB
Disk 3 Online 3914 MB 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 No Media 0 B 0 B
Disk 7 No Media 0 B 0 B
Disk 8 Online 233 GB 1528 KB

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 364 GB 32 KB
Partition 2 Primary 9 GB 364 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 C tj NTFS Partition 364 GB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 10 U Recovery NTFS Partition 9 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 149 GB 1024 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 11 E TJ Program NTFS Partition 149 GB Healthy

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 466 GB 32 KB

==================================================================================

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 I Video White NTFS Partition 466 GB Healthy

==================================================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3899 MB 17 KB

==================================================================================

Disk: 3
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 11 D FAT32 Removable 3899 MB Healthy

==================================================================================

Partitions of Disk 8:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 233 GB 32 KB

==================================================================================

Disk: 8
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 L External NTFS Partition 233 GB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-30 14:11

======================= End Of Log ==========================

Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-30 19:50:30
Running from D:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2009-06-11 14:07] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2008-04-12 18:47] - [2008-01-18 23:33] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2006-11-02 00:35] - [2006-11-02 01:45] - 0279552 ____A (Microsoft Corporation) 329CF3C97CE4C19375C8ABCABAE258B0

C:\Windows\System32\services.exe
[2009-06-11 14:07] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\SoftwareDistribution\Download\10caef54f115a84895c68fbc95676a0c\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2008-04-07 11:46] - [2008-01-18 23:33] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

=== End Of Search ===

Attached Files


Edited by tawalu, 30 July 2012 - 07:09 PM.


BC AdBot (Login to Remove)

 


#2 tawalu

tawalu
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 31 July 2012 - 02:28 PM

Ran this fixlist-

start
HKU\Video\...\Run: [Logitech] RUNDLL32.EXE C:\Users\Video\AppData\Local\Logitech\lmezmiqm.dll,FECoreInstance [572928 2012-07-27] (Adobe Systems Incorporated)
C:\Windows\Installer\{087d661b-c358-612c-880f-77709a131b44}
C:\Users\Video\AppData\Local\{087d661b-c358-612c-880f-77709a131b44}
replace: C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe C:\Windows\System32\services.exe
end 

Fixlog-
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-31 14:25:52 Run:1
Running from D:\

==============================================

HKEY_USERS\Video\Software\Microsoft\Windows\CurrentVersion\Run\\Logitech Value deleted successfully.
C:\Windows\Installer\{087d661b-c358-612c-880f-77709a131b44} moved successfully.
C:\Users\Video\AppData\Local\{087d661b-c358-612c-880f-77709a131b44} moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

ComboFix Log-
ComboFix 12-07-30.03 - Video 07/31/2012  14:39:01.1.4 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3071.1702 [GMT -4:00]
Running from: c:\users\Video\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Video\AppData\Local\.#
c:\users\Video\AppData\Local\.#\MBX@1148@2661BF8.###
c:\users\Video\AppData\Local\.#\MBX@1148@2661C08.###
c:\users\Video\AppData\Local\.#\MBX@1148@2661C18.###
c:\users\Video\AppData\Local\.#\MBX@1148@2661C28.###
c:\users\Video\AppData\Local\.#\MBX@31C@2251BF8.###
c:\users\Video\AppData\Local\.#\MBX@31C@2251C08.###
c:\users\Video\AppData\Local\.#\MBX@31C@2251C18.###
c:\users\Video\AppData\Local\.#\MBX@31C@2251C28.###
c:\users\Video\AppData\Local\assembly\tmp
c:\users\Video\AppData\Local\TempDIR
c:\users\Video\AppData\Roaming\Olget
c:\users\Video\AppData\Roaming\Olget\oleq.sue
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\lsprst7.dll
c:\windows\system32\spool\prtprocs\w32x86\ppbiPr.dll
c:\windows\system32\ssprs.dll
c:\windows\system32\TVersityMediaServer.log
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected 
Restored copy from - c:\windows\SoftwareDistribution\Download\10caef54f115a84895c68fbc95676a0c\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe 
.
.
(((((((((((((((((((((((((   Files Created from 2012-06-28 to 2012-07-31  )))))))))))))))))))))))))))))))
.
.
2012-07-31 18:54 . 2012-07-31 18:58	--------	d-----w-	c:\users\Video\AppData\Local\temp
2012-07-31 18:54 . 2012-07-31 18:54	--------	d-----w-	c:\users\RR\AppData\Local\temp
2012-07-31 18:54 . 2012-07-31 18:54	--------	d-----w-	c:\users\IUSR_NMPR\AppData\Local\temp
2012-07-31 18:54 . 2012-07-31 18:54	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-31 18:54 . 2012-07-31 18:54	--------	d-----w-	c:\users\Luke\AppData\Local\temp
2012-07-31 03:48 . 2012-07-31 03:48	--------	d-----w-	C:\FRST
2012-07-29 16:04 . 2010-04-05 20:00	221568	----a-w-	c:\windows\system32\drivers\netio.sys
2012-07-29 13:00 . 2012-07-29 19:59	--------	d---a-w-	C:\Kaspersky Rescue Disk 10.0
2012-07-29 05:02 . 2012-07-29 05:02	--------	d-----w-	c:\users\Video\AppData\Roaming\Malwarebytes
2012-07-29 05:01 . 2012-07-29 05:01	--------	d-----w-	c:\programdata\Malwarebytes
2012-07-29 05:01 . 2012-07-29 05:01	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-07-29 05:01 . 2012-07-03 17:46	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-29 04:59 . 2012-07-29 04:59	--------	d-----w-	c:\users\Video\AppData\Roaming\SUPERAntiSpyware.com
2012-07-29 04:59 . 2012-07-29 04:59	--------	d-----w-	c:\program files\SUPERAntiSpyware
2012-07-29 04:59 . 2012-07-29 04:59	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2012-07-28 16:58 . 2012-06-29 08:44	6891424	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{1B111197-1769-4767-A355-DC609FFDE522}\mpengine.dll
2012-07-28 16:57 . 2012-04-23 16:00	984064	----a-w-	c:\windows\system32\crypt32.dll
2012-07-28 16:57 . 2012-04-23 16:00	98304	----a-w-	c:\windows\system32\cryptnet.dll
2012-07-28 16:57 . 2012-04-23 16:00	133120	----a-w-	c:\windows\system32\cryptsvc.dll
2012-07-27 17:58 . 2012-07-27 17:58	--------	d-----w-	c:\programdata\GFI Software
2012-07-27 15:22 . 2012-07-27 17:58	--------	d-----w-	c:\program files\Ad-Aware Antivirus
2012-07-27 15:19 . 2012-07-27 15:43	--------	d-----w-	c:\users\Video\AppData\Roaming\Ad-Aware Antivirus
2012-07-24 19:01 . 2012-07-24 19:01	--------	d-----w-	c:\programdata\Last.fm
2012-07-24 19:01 . 2012-07-24 19:01	--------	d-----w-	c:\program files\Last.fm
2012-07-24 18:04 . 2012-07-28 15:00	--------	d-----w-	c:\users\Video\AppData\Local\Logitech
2012-07-22 22:00 . 2012-06-13 13:40	2047488	----a-w-	c:\windows\system32\win32k.sys
2012-07-22 21:42 . 2012-06-05 16:47	708608	----a-w-	c:\program files\Common Files\System\ado\msado15.dll
2012-07-22 21:41 . 2012-06-05 16:47	1401856	----a-w-	c:\windows\system32\msxml6.dll
2012-07-22 21:41 . 2012-06-05 16:47	1248768	----a-w-	c:\windows\system32\msxml3.dll
2012-07-22 21:40 . 2012-06-04 15:26	440704	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-07-22 21:40 . 2012-06-02 00:04	278528	----a-w-	c:\windows\system32\schannel.dll
2012-07-22 21:40 . 2012-06-02 00:03	204288	----a-w-	c:\windows\system32\ncrypt.dll
2012-07-21 21:37 . 2012-07-21 21:37	--------	d-----w-	C:\VideoOutput
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-30 23:06 . 2012-04-02 23:59	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-07-30 23:06 . 2011-05-15 15:40	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-29 16:10 . 2012-02-19 21:36	772592	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-07-29 16:10 . 2010-05-11 21:59	687600	----a-w-	c:\windows\system32\deployJava1.dll
2012-06-02 22:19 . 2012-06-21 18:02	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 18:02	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 18:02	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 18:02	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 18:02	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 18:02	2422272	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 18:02	88576	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 18:01	171904	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 19:12 . 2012-06-21 18:01	33792	----a-w-	c:\windows\system32\wuapp.exe
2012-05-31 22:27 . 2011-09-01 22:08	16400	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2012-05-31 16:25 . 2009-10-09 10:52	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-05-21 04:56 . 2011-12-13 20:56	99400	----a-w-	c:\windows\system32\drivers\MijXfilt.sys
2011-06-24 05:10 . 2011-06-24 05:10	9331400	----a-w-	c:\program files\Common Files\lpuninstall.exe
2009-05-01 21:02 . 2009-05-01 21:02	1044480	----a-w-	c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02	200704	----a-w-	c:\program files\opera\program\plugins\ssldivx.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\Video\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\Video\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\Video\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\Video\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"BackgroundSwitcher"="c:\program files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe" [2012-06-10 119928]
"Spotify Web Helper"="c:\users\Video\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-26 1193176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-25 4702208]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-06 343168]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54	551296	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoStart IR.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk
backup=c:\windows\pss\AutoStart IR.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CineForm Status.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk
backup=c:\windows\pss\CineForm Status.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^P2 Card Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\P2 Card Manager.lnk
backup=c:\windows\pss\P2 Card Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Video^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^VistaRestarter.lnk]
path=c:\users\Video\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VistaRestarter.lnk
backup=c:\windows\pss\VistaRestarter.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-04-04 05:53	843712	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-03-17 01:58	47392	----a-w-	c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-05-31 00:06	59280	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2006-11-25 00:20	622592	----a-w-	c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2007-12-21 06:57	86016	------w-	c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04	1164584	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2009-10-01 16:45	139944	----a-w-	c:\program files\Lexmark Pro200-S500 Series\ezprint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Getting started with MacDrive 8]
2010-10-08 18:15	130560	----a-w-	c:\program files\Mediafour\MacDrive 8\MDGetStarted.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-09-02 19:21	133104	----atw-	c:\users\Video\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 23:36	30040	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hcwemMON]
2007-03-29 21:22	61440	----a-w-	c:\windows\hcwemMON.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark Pro200-S500 Series Fax Server]
2009-10-01 16:45	316072	----a-w-	c:\program files\Lexmark Pro200-S500 Series\fm3032.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxebmon.exe]
2009-10-01 16:45	766632	----a-w-	c:\program files\Lexmark Pro200-S500 Series\lxebmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MacDrive 8 application]
2010-10-08 18:15	167936	----a-w-	c:\program files\Mediafour\MacDrive 8\MacDrive.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 00:56	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2012-07-26 04:45	1193176	----a-w-	c:\users\Video\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07	2260480	------w-	c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 16:07	252296	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Drive Manager]
2008-01-30 08:50	438272	----a-w-	c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1398966211-2182549769-3771512664-1001]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1398966211-2182549769-3771512664-1002]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1398966211-2182549769-3771512664-1013]
"EnableNotificationsRef"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 23:06]
.
2012-07-31 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-04 15:12]
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-08 19:25]
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-08 19:25]
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1398966211-2182549769-3771512664-1001Core.job
- c:\users\Video\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-02 19:21]
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1398966211-2182549769-3771512664-1001UA.job
- c:\users\Video\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-02 19:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = 127.0.0.1:8118
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: LastPass - file://c:\program files\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files\LastPass\context.html?cmd=fillforms
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: kingdomcurrency.com
Trusted Zone: soe.com
Trusted Zone: sony.com
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Video\AppData\Roaming\Mozilla\Firefox\Profiles\n6vawhfn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.nytimes.com/
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
------- File Associations -------
.
.reg=regedit
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
ShellIconOverlayIdentifiers-MacDrive volume icons - (no file)
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre7\bin\jusched.exe
MSConfigStartUp-Ad-Aware Browsing Protection - c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe
MSConfigStartUp-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-Bing Bar - c:\program files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe
MSConfigStartUp-igndlm - c:\program files\Download Manager\DLM.exe
MSConfigStartUp-iSproggler - e:\program files\iSproggler-1.2.0-bin\iSproggler.exe
MSConfigStartUp-LogMeIn GUI - c:\program files\LogMeIn\x86\LogMeInSystray.exe
AddRemove-AviSynth - v:\program files\AviSynth 2.5\Uninstall.exe
AddRemove-Network Play System - n:\program files\Electronic Arts\Network Play System\Uninst.isu
AddRemove-{640EAE56-81A2-49D4-9B8C-00DA3C0031AF}_is1 - v:\program files\Digital Juice\Juicer 3\unins000.exe
AddRemove-{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB} - c:\program files\Common Files\BioWare\Uninstall Mass Effect 2.exe
AddRemove-{F46BF5EA-0B4E-4A41-8C4B-3B127346E30F} - c:\users\Video\AppData\Local\{8C881E6D-E5A1-4765-AF9A-1AE1E78B41CD}\NBCDirectInstaller.exe
.
.
.
**************************************************************************
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1398966211-2182549769-3771512664-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BC2F5DFD-FEB3-E04E-0634-95237624C091}*]
"nahkoakjbgfcpkiakmngbphppmao"=hex:6a,61,63,70,64,64,6e,67,6a,6a,6a,61,62,65,
   67,62,6e,62,6a,61,00,f5
.
[HKEY_USERS\S-1-5-21-1398966211-2182549769-3771512664-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:33,3c,94,12,ad,29,1d,4c,8b,4f,30,d0,61,f8,37,7a,c2,9d,08,00,98,f9,d6,
   2a,f0,e8,3c,4e,4a,77,c6,d2,32,95,1b,14,0a,f3,b2,fd,e5,a8,a5,b7,fb,e2,6d,84,\
"??"=hex:35,63,f6,94,a6,e0,56,39,af,21,bf,b5,53,2c,f5,52
.
[HKEY_USERS\S-1-5-21-1398966211-2182549769-3771512664-1001\Software\SecuROM\License information*]
"datasecu"=hex:1c,9c,6d,29,72,af,5c,64,9f,22,67,b4,ee,38,a6,90,53,35,c2,26,de,
   b1,e5,df,ec,37,c1,dc,f7,08,01,84,6d,30,69,5b,f3,53,42,fb,4a,91,a6,24,e8,c1,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1216)
c:\users\Video\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Mediafour\MacDrive 8\MDVolumeIcons.dll
c:\program files\Mediafour\MacDrive 8\MACDRAPI.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atiesrxx.exe
c:\windows\system32\atieclxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\IProsetMonitor.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\RtHDVCpl.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-07-31  15:11:49 - machine was rebooted
ComboFix-quarantined-files.txt  2012-07-31 19:11
.
Pre-Run: 53,085,347,840 bytes free
Post-Run: 53,979,111,424 bytes free
.
- - End Of File - - 55BBAA4E3AAC9F1E0E7AE8339E73F1BD


#3 tawalu

tawalu
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 31 July 2012 - 11:13 PM

By reading many different forum topics here, with the same issue I had, I was able to resolve my problem. Thank you.

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:30 AM

Posted 01 August 2012 - 02:23 PM

you did a great job, well done!

but let's take a look for any broken services (this infection is known to break critical services)

also, did you set this proxy server?

uInternet Settings,ProxyServer = 127.0.0.1:8118


Please download Farbar Service Scanner and run it
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 tawalu

tawalu
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 01 August 2012 - 02:38 PM

I do not recall setting that ProxyServer up, not sure why it is there.

I did run FSS yesterday and it looked fine to me. Here is another pass I just ran for a double check.

Farbar Service Scanner Version: 26-07-2012
Ran by Video (administrator) on 01-08-2012 at 15:29:36
Running from "C:\Users\Video\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Auto
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

I also tried to install Microsoft Security Essentials last night, but I get an install error every time. I even tried to install it with a selective startup, and with MalwareBytes uninstalled, but it still gave me install errors. Could this be Sirefef aftermath even though FSS comes out clean? Or is it unnecessary to worry about MSE if I'm using MWB?

Edited by tawalu, 01 August 2012 - 02:39 PM.


#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:30 AM

Posted 01 August 2012 - 02:58 PM

FSS looks fine,

c:\users\Video\AppData\Roaming\Ad-Aware Antivirus


the antivirus component of adaware may not be allowing the installation of MSE as you should only have one AV installed

clear the proxy in IE

Open up I.E.
  • Check internet options settings.
  • Tools > Internet Options > Connections
  • LAN settings
  • Choose "automatically detect settings"
  • uncheck both proxy settings boxes


did you run the system through ESET online scanner to make sure there are no leftovers?


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 tawalu

tawalu
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 01 August 2012 - 03:22 PM

AdAware was uninstalled, but I've now deleted that leftover folder and MSE still gives install errors.

Cleared the IE proxy, but it doesn't appear that it was actually activated.

Yes, I did run ESET and it found three java exploits that I was able to clean with ComboFix by modeling off of other logs I read. I do not still have any of those logs though because I deleted them last night after clearing combofix from my system. I did not rerun ESET after the clean though because it took nearly six hours to complete the scan.

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:30 AM

Posted 01 August 2012 - 03:25 PM

Give windows defender off-line a run,

it may clear up whatever is preventing MSE to install

http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 tawalu

tawalu
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 01 August 2012 - 06:55 PM

I ran Windows Defender Offline and it did not find anything.

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:30 AM

Posted 01 August 2012 - 07:30 PM

run this and see if any components belonging to MSE are on your system that need to be removed first


right click on the icon and select "run as administrator"

Please download AppRemover and save it to your desktop.
  • Double click on AppRemover.exe to run it.
  • Uncheck "Enable anonymous usage statistics. No personal data will be recorded."
  • Click on the Next button.
  • Click on "Remove Security Application" or "Clean Up a Failed Uninstall" depending on what you want to do. (you want the failed uninstall)
  • Click on the Next button.
  • A scan begins, please wait. Once done, click on the Next button.
  • Now you should have a list of your installed programs, if your see MSE listed click on the Next button.
  • Follow the last step and reboot if asked to do so.

then try and install it again

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 tawalu

tawalu
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 01 August 2012 - 08:08 PM

AppRemover did not find anything.

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:30 AM

Posted 01 August 2012 - 08:21 PM

do you get any type or error code when you try and install it?

How far along with the installation does it get?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 tawalu

tawalu
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 01 August 2012 - 08:34 PM

Error Code: 0x80070643
It does not appear to progress at all.

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:30 AM

Posted 01 August 2012 - 08:53 PM

make sure you have all the latest windows updates installed, the infection had broken your windows update service so there may be a few waiting for you to install


then make sure your windows Installer service is working:

Start the Windows Installer service

Click Start, type Services.msc and press {ENTER}
Double-click Windows Installer
Set the Startup type of Windows Installer to Manual
Click Start to start the service. Note down the error message if any.
Click OK.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 tawalu

tawalu
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 01 August 2012 - 09:06 PM

Windows Installer was set to Manual startup and I was able to start it without any error messages.

The only uninstalled updates are Microsoft SQL Server 2005 Express Edition Service Pack 4, which will not install either, and MSE.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users