Problems With Scan - Am I Still Infected?

Started by mykidsmomtx , Apr 11 2012 01:58 PM

This topic is locked

21 replies to this topic

#1 mykidsmomtx

Advanced Member

Members
45 posts

Posted 11 April 2012 - 01:58 PM

Originally posted in wrong forum so reposting here with logs. The scan hangs at System Window Volume and also says that 3 items were identified but I don't see them quarantined or removed. I reset system restore and rescanned with same issues.

Some history ... I had been using Bsafe Online for years and hadn't realized they terminated their Mcafee anti-virus contract so I had been running 3 PCs with no protection for months. 2 are fine after clean up, however, my laptop got hit hard. I had the SMART HDD virus along with dozens of other problems. I used several different programs to try to salvage my pc. I had always used the free Adaware but Malwarebytes and AVG were the recommended solutions so that is what I tried.

I was successful in deleting the SMART HDD (I think) but some of my Microsoft files are messed up. I get an error when trying to turn on Microsoft firewall and many of my program folders are empty. I can open a document or spreadsheet and use Word or Excel, but the shortcuts are all gone. I tried the unhide.exe and most of my desktop has been restored but the programs are still pretty messed up..

I had AVG and did 2 full scans with Malwarebytes and I still was getting major browser hijacking. Since their scans couldn't find the problem I uninstalled AVG and loaded the Adaware Pro (free 30 trial). I did a smart scan and it identified a few objects and put them in quarantine. I thought the items were deleted but when I look at the report it shows 0 objects identified, quarantined or deleted.

My PC seems to be working fine. I am not noticing any hijacking or other problems, but I am concerned that I still have a lurking issue. Should all detections be placed in quarantine? Is there something there that the Adaware is not able to clean? Is there anyway to get my Microsoft Office Programs back? Thanks for your help.

PS The good news is that I have all my important data backed up (pics, music, etc) but I will want my PC back!
**********************************************************************************************************************************************************************
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/13/2008 4:37:45 AM
System Uptime: 4/11/2012 6:17:10 AM (1 hours ago)
.
Motherboard: Wistron | | 3612
Processor: Pentium® Dual-Core CPU T4200 @ 2.00GHz | CPU | 1600/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 287 GiB total, 197.229 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.817 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Dell V305
Device ID: ROOT\IMAGE\0000
Manufacturer: Dell
Name: Dell V305 #2
PNP Device ID: ROOT\IMAGE\0000
Service: usbscan
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
ABBYY FineReader 6.0 Sprint
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Ad-Aware Antivirus
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.5.0
Adobe Shockwave Player
Amazon MP3 Downloader 1.0.3
Atheros Driver Installation Program
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Conexant HD Audio
CyberLink DVD Suite
CyberLink YouCam
Dell V305
ESU for Microsoft Vista
Garmin Communicator Plugin
Garmin USB Drivers
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP DVD Play 3.7
HP Help and Support
HP Quick Launch Buttons 6.40 H2
HP Total Care Advisor
HP Update
HP User Guides 0118
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
HPTCSSetup
Intel® Graphics Media Accelerator Driver
Java Auto Updater
Java™ 6 Update 23
Juno Preloader
Kies mini
LabelPrint
LightScribe System Software 1.14.17.1
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Calculator Plus
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
My HP Games
NetWaiting
NetZero Preloader
OGA Notifier 2.0.0048.0
Power2Go
PowerDirector
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek USB 2.0 Card Reader
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Spelling Dictionaries Support For Adobe Reader 9
SPORE Creature Creator Trial Edition
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VMware View Client
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
.
==== Event Viewer Messages From Past Week ========
.
4/8/2012 9:50:45 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: spldr Wanarpv6
4/8/2012 9:50:45 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
4/8/2012 9:50:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/8/2012 9:50:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/8/2012 9:50:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
4/8/2012 9:50:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/8/2012 9:50:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/8/2012 9:49:37 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21
4/8/2012 8:53:49 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
4/8/2012 8:06:29 PM, Error: EventLog [6008] - The previous system shutdown at 8:04:37 PM on 4/8/2012 was unexpected.
4/8/2012 7:58:53 PM, Error: Service Control Manager [7022] - The KtmRm for Distributed Transaction Coordinator service hung on starting.
4/8/2012 7:54:45 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Health Check Service service to connect.
4/8/2012 7:54:45 PM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/8/2012 7:50:08 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{689824B3-1CE9-4657-99A4-665F63D995A3} because another computer on the network has the same name. The server could not start.
4/8/2012 7:49:26 PM, Error: EventLog [6008] - The previous system shutdown at 7:47:38 PM on 4/8/2012 was unexpected.
4/8/2012 7:39:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
4/8/2012 7:30:58 PM, Error: EventLog [6008] - The previous system shutdown at 5:05:16 AM on 4/7/2012 was unexpected.
4/7/2012 4:23:24 AM, Error: EventLog [6008] - The previous system shutdown at 4:21:55 AM on 4/7/2012 was unexpected.
4/6/2012 9:54:44 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CryptSvc service.
4/6/2012 9:40:02 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
4/6/2012 9:30:49 AM, Error: EventLog [6008] - The previous system shutdown at 5:44:31 AM on 4/6/2012 was unexpected.
4/6/2012 5:42:41 AM, Error: EventLog [6008] - The previous system shutdown at 11:52:22 PM on 4/5/2012 was unexpected.
4/6/2012 10:18:41 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.5.132 for the Network Card with network address 00234E33CF13 has been denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message).
4/6/2012 10:04:53 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
4/6/2012 10:04:53 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/6/2012 10:04:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/5/2012 9:34:03 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running.
4/5/2012 9:34:02 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
4/5/2012 9:29:43 AM, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050a001 Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. Signatures loading: Backup Loading signature version: 1.123.738.0 Loading engine version: 1.1.8101.0
4/5/2012 9:26:22 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Lavasoft Ad-Aware Service service to connect.
4/5/2012 9:26:22 AM, Error: Service Control Manager [7000] - The Lavasoft Ad-Aware Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/5/2012 9:12:40 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
4/5/2012 9:12:07 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
4/5/2012 9:08:39 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss SbFw SbTis Smb spldr tdx Wanarpv6 ws2ifsl
4/5/2012 9:08:39 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/5/2012 9:08:39 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
4/5/2012 9:08:39 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
4/5/2012 9:08:39 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/5/2012 9:08:39 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
4/5/2012 9:08:39 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/5/2012 9:08:39 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/5/2012 9:08:39 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
4/5/2012 9:08:39 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/5/2012 9:08:39 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/5/2012 9:08:39 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/5/2012 9:08:39 AM, Error: Service Control Manager [7001] - The CloudCare service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/5/2012 9:08:39 AM, Error: Service Control Manager [7001] - The CloudCare AntiVirus service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/5/2012 11:52:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
4/5/2012 11:52:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
4/5/2012 11:51:45 PM, Error: EventLog [6008] - The previous system shutdown at 11:50:28 PM on 4/5/2012 was unexpected.
4/5/2012 11:48:39 PM, Error: EventLog [6008] - The previous system shutdown at 11:37:11 PM on 4/5/2012 was unexpected.
4/5/2012 10:54:13 AM, Error: EventLog [6008] - The previous system shutdown at 10:52:17 AM on 4/5/2012 was unexpected.
4/5/2012 10:48:30 AM, Error: EventLog [6008] - The previous system shutdown at 10:46:20 AM on 4/5/2012 was unexpected.
4/5/2012 10:40:19 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error: An instance of the service is already running.
4/5/2012 10:24:29 AM, Error: EventLog [6008] - The previous system shutdown at 10:22:39 AM on 4/5/2012 was unexpected.
4/4/2012 9:52:06 PM, Error: Service Control Manager [7023] - The Vtserver service terminated with the following error: The specified module could not be found.
4/4/2012 9:51:26 PM, Error: EventLog [6008] - The previous system shutdown at 9:49:38 PM on 4/4/2012 was unexpected.
4/4/2012 9:49:38 PM, Error: EventLog [6008] - The previous system shutdown at 9:48:18 PM on 4/4/2012 was unexpected.
4/4/2012 8:38:39 AM, Error: EventLog [6008] - The previous system shutdown at 8:25:24 AM on 4/4/2012 was unexpected.
4/4/2012 3:16:12 PM, Error: EventLog [6008] - The previous system shutdown at 3:14:21 PM on 4/4/2012 was unexpected.
4/4/2012 10:05:16 PM, Error: EventLog [6008] - The previous system shutdown at 10:03:15 PM on 4/4/2012 was unexpected.
4/4/2012 1:22:12 PM, Error: Service Control Manager [7001] - The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
4/11/2012 6:19:16 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
4/11/2012 6:19:16 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the dldtCATSCustConnectService service to connect.
4/11/2012 6:19:16 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
4/11/2012 6:19:16 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
4/11/2012 6:19:16 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
4/11/2012 6:19:16 AM, Error: Service Control Manager [7000] - The dldtCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/10/2012 6:25:14 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
4/10/2012 6:25:14 AM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/10/2012 6:25:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
4/10/2012 6:22:39 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.5.134 for the Network Card with network address 00234E33CF13 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19190
Run by Jan at 7:35:27 on 2012-04-11
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3002.1579 [GMT -5:00]
.
AV: CloudCare *Disabled/Updated* {567F6DDD-22AE-6081-DE6F-F28A4699C7E6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: CloudCare AntiSpyware *Disabled/Updated* {ED1E8C39-0494-6F0F-E4DF-C9F83D1E8D5B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
C:\Windows\system32\dldtcoms.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Dell V305\dldtmon.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Dell V305\dldtMsdMon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\PROGRA~1\AD-AWA~1\AdAware.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Ad-Aware Antivirus\Engine\SBAMSvc.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10w_ActiveX.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [dldtmon.exe] "c:\program files\dell v305\dldtmon.exe"
mRun: [dldtamon] "c:\program files\dell v305\dldtamon.exe"
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [uUvtuwLOevUVX.exe] c:\programdata\uUvtuwLOevUVX.exe
mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run
dRun: [dplaysvr] c:\windows\system32\config\systemprofile\appdata\local\dplaysvr.exe
StartupFolder: c:\users\jan\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {DBDC1CDA-B64B-49F7-9535-6317AA416E51} - hxxps://viewtest.coba.unt.edu/downloads/VMware-viewclient.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1 192.168.1.1 192.168.5.1
TCP: Interfaces\{689824B3-1CE9-4657-99A4-665F63D995A3} : DhcpNameServer = 192.168.2.1 192.168.1.1 192.168.5.1
Notify: igfxcui - igfxdev.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-9-7 64512]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-4-9 221784]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-9-7 101720]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2012-4-9 78936]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2012-3-29 1161072]
R2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe -service --> c:\windows\system32\dldtcoms.exe -service [?]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-23 365952]
R2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\engine\SBAMSvc.exe [2011-5-17 2804280]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-5-11 74968]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-23 193840]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2012-4-9 69208]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-4-9 94040]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldtserv.exe [2008-2-25 99568]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-10-3 30312]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-4-9 26224]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-4-9 40776]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2012-4-9 69208]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-10-3 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-10-3 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-10-3 121576]
.
=============== Created Last 30 ================
.
2012-04-10 03:11:57 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-04-10 02:45:28 94040 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-04-10 02:45:25 78936 ----a-w- c:\windows\system32\drivers\sbtis.sys
2012-04-10 02:44:25 69208 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-04-10 02:44:24 221784 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-04-10 01:47:39 -------- d-----w- c:\users\jan\appdata\local\Privatefirewall
2012-04-10 01:40:27 -------- d-----w- c:\programdata\Privacyware
2012-04-09 10:39:39 -------- d-----w- c:\users\jan\appdata\roaming\AVG2012
2012-04-09 10:37:28 -------- d-----w- c:\programdata\AVG2012
2012-04-09 10:35:26 -------- d-----w- c:\program files\AVG
2012-04-09 10:30:35 -------- d-----w- c:\programdata\Common Files
2012-04-09 10:30:18 -------- d-----w- c:\programdata\MFAData
2012-04-09 10:02:15 26224 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-04-09 00:47:41 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-05 15:49:03 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-04-05 14:40:26 -------- d-----w- c:\users\jan\appdata\roaming\Malwarebytes
2012-04-05 14:39:50 -------- d-----w- c:\programdata\Malwarebytes
2012-04-05 14:39:48 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-05 14:39:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-05 14:30:01 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{194fe189-312d-4e5b-a3bb-5b288a1d484e}\mpengine.dll
2012-04-04 02:13:21 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-04-04 02:12:09 -------- d-----w- c:\users\jan\appdata\local\adawarebp
2012-04-04 02:11:57 -------- d-----w- c:\program files\Toolbar Cleaner
2012-04-04 02:11:31 -------- d-----w- c:\program files\adawaretb
2012-04-04 02:04:12 -------- d-----w- c:\users\jan\appdata\roaming\Ad-Aware Antivirus
2012-03-17 08:00:55 -------- d-----w- c:\windows\CheckSur
2012-03-16 02:44:10 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-16 02:44:06 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-16 02:44:06 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-16 02:43:43 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-16 02:43:43 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-16 02:43:43 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-16 02:43:43 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-16 02:43:43 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-16 02:43:39 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
.
==================== Find3M ====================
.
2012-04-09 00:49:08 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2012-02-23 14:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-25 16:06:44 410583 ----a-w- c:\programdata\SPL94BD.tmp
.
============= FINISH: 7:38:33.36 ===============

#2 Blade81

Advanced Member

Volunteer Security Advisor
6557 posts

Posted 11 April 2012 - 02:01 PM

Hi,

There're still some malware signs left there.

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingc...to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Microsoft MVP Consumer Security 2008 2009 2010 2011 2012

ASAP & UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#3 mykidsmomtx

Advanced Member

Members
45 posts

Posted 12 April 2012 - 03:24 AM

Below is the ComboFix Log. What is the verdict? Next steps? Thank you so much!

ComboFix 12-04-11.03 - Jan 04/11/2012 20:23:13.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3002.2061 [GMT -5:00]
Running from: c:\users\Jan\Desktop\ComboFix.exe
AV: CloudCare *Disabled/Updated* {567F6DDD-22AE-6081-DE6F-F28A4699C7E6}
SP: CloudCare AntiSpyware *Disabled/Updated* {ED1E8C39-0494-6F0F-E4DF-C9F83D1E8D5B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\nVX0m9RWUH4fKa
c:\programdata\SPL3B2F.tmp
c:\programdata\SPL94BD.tmp
c:\programdata\SPL9EDE.tmp
c:\programdata\Y5ACIlvQ3mQKPk
c:\users\Jan\AppData\Roaming\skynet.dat
c:\users\Jan\Bsecure.exe
c:\users\Jan\GoToAssistDownloadHelper.exe
c:\users\Public\CommunicatorPlugin_281.exe
c:\users\Stan\GoToAssistDownloadHelper.exe
c:\windows\$NtUninstallKB62280$\485945278\L\qnbwvoto
c:\windows\system32\dds_trash_log.cmd
.
.
((((((((((((((((((((((((( Files Created from 2012-03-12 to 2012-04-12 )))))))))))))))))))))))))))))))
.
.
2012-04-12 01:44 . 2012-04-12 01:53 -------- d-----w- c:\users\Jan\AppData\Local\temp
2012-04-12 01:44 . 2012-04-12 01:44 -------- d-----w- c:\users\Jessseeekuuhh\AppData\Local\temp
2012-04-12 01:44 . 2012-04-12 01:44 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-04-12 01:44 . 2012-04-12 01:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-12 01:44 . 2012-04-12 01:44 -------- d-----w- c:\users\Stan\AppData\Local\temp
2012-04-12 01:44 . 2012-04-12 01:44 -------- d-----w- c:\users\Jesss\AppData\Local\temp
2012-04-12 01:44 . 2012-04-12 01:44 -------- d-----w- c:\users\Jessica\AppData\Local\temp
2012-04-10 03:11 . 2012-04-10 03:18 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-04-10 02:45 . 2011-04-05 22:35 94040 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-04-10 02:45 . 2011-04-05 22:35 78936 ----a-w- c:\windows\system32\drivers\sbtis.sys
2012-04-10 02:44 . 2011-02-08 14:14 69208 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-04-10 02:44 . 2011-04-05 22:35 221784 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-04-10 01:47 . 2012-04-10 01:47 -------- d-----w- c:\users\Jan\AppData\Local\Privatefirewall
2012-04-10 01:40 . 2012-04-10 01:40 -------- d-----w- c:\programdata\Privacyware
2012-04-09 12:13 . 2012-04-09 12:13 -------- d-----w- c:\users\admin2
2012-04-09 10:39 . 2012-04-09 10:39 -------- d-----w- c:\users\Jan\AppData\Roaming\AVG2012
2012-04-09 10:37 . 2012-04-10 02:30 -------- d-----w- c:\programdata\AVG2012
2012-04-09 10:35 . 2012-04-09 10:35 -------- d-----w- c:\program files\AVG
2012-04-09 10:30 . 2012-04-09 10:30 -------- d-----w- c:\programdata\Common Files
2012-04-09 10:30 . 2012-04-10 02:28 -------- d-----w- c:\programdata\MFAData
2012-04-09 10:02 . 2012-04-10 03:11 26224 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-04-09 00:47 . 2012-04-09 01:01 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-05 14:40 . 2012-04-05 14:40 -------- d-----w- c:\users\Jan\AppData\Roaming\Malwarebytes
2012-04-05 14:39 . 2012-04-05 14:39 -------- d-----w- c:\programdata\Malwarebytes
2012-04-05 14:39 . 2012-04-10 03:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-05 14:39 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-05 14:30 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{194FE189-312D-4E5B-A3BB-5B288A1D484E}\mpengine.dll
2012-04-05 02:29 . 2012-04-05 02:29 -------- d-----w- c:\users\Guest\AppData\Local\adaware
2012-04-04 18:16 . 2012-04-04 18:16 -------- d-----w- c:\users\Jessseeekuuhh\AppData\Roaming\Ad-Aware Antivirus
2012-04-04 18:16 . 2012-04-04 18:16 -------- d-----w- c:\users\Jessseeekuuhh\AppData\Local\adaware
2012-04-04 02:13 . 2012-04-10 02:44 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-04-04 02:12 . 2012-04-04 02:12 -------- d-----w- c:\users\Jan\AppData\Local\adawarebp
2012-04-04 02:11 . 2012-04-04 02:11 -------- d-----w- c:\program files\Toolbar Cleaner
2012-04-04 02:11 . 2012-04-04 02:11 -------- d-----w- c:\program files\adawaretb
2012-04-04 02:04 . 2012-04-10 02:50 -------- d-----w- c:\users\Jan\AppData\Roaming\Ad-Aware Antivirus
2012-03-17 08:00 . 2012-03-17 08:00 -------- d-----w- c:\windows\CheckSur
2012-03-16 02:44 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-16 02:44 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-16 02:44 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-16 02:43 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-16 02:43 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-16 02:43 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-16 02:43 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-16 02:43 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-16 02:43 . 2012-01-31 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-09 00:49 . 2011-06-15 14:24 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2012-02-23 14:18 . 2009-10-03 09:31 237072 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"dldtmon.exe"="c:\program files\Dell V305\dldtmon.exe" [2008-03-20 668912]
"dldtamon"="c:\program files\Dell V305\dldtamon.exe" [2008-03-20 16624]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\users\Jessseeekuuhh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R3 57830685;57830685; [x]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [2012-03-29 1161072]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
isamsmt
webcompserver
mindretrieve
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-10 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
- c:\progra~1\AD-AWA~1\AdAwareLauncher.exe [2012-03-29 17:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 192.168.1.1 192.168.5.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
HKLM-Run-uUvtuwLOevUVX.exe - c:\programdata\uUvtuwLOevUVX.exe
SafeBoot-79503896.sys
SafeBoot-Lavasoft Ad-Aware Service
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\dldtcoms.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\SMINST\BLService.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\VMware\VMware View\Client\bin\wsnm.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Ad-Aware Antivirus\Engine\SBAMSvc.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Dell V305\dldtMsdMon.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\progra~1\AD-AWA~1\AdAware.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-04-11 21:05:32 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-12 02:04
.
Pre-Run: 211,822,505,984 bytes free
Post-Run: 212,688,736,256 bytes free
.
- - End Of File - - 4EFB10CAF2539DC874F0146AEC0BAB28

#4 mykidsmomtx

Advanced Member

Members
45 posts

Posted 12 April 2012 - 03:45 AM

Here are the logs ... When I was done with ComboFix, I got a notice to update Adobe and I did. It appeared to be the legit Adobe notice. In retrospect, this probably was not wise. I hope this didn't further the problem. Let me know what I can do next.

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19190
Run by Jan at 21:30:00 on 2012-04-11
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3002.1708 [GMT -5:00]
.
AV: Lavasoft Ad-Aware *Enabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Enabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
FW: Lavasoft Ad-Aware *Enabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
C:\Windows\system32\dldtcoms.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Dell V305\dldtmon.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell V305\dldtMsdMon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\PROGRA~1\AD-AWA~1\AdAware.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Ad-Aware Antivirus\Engine\SBAMSvc.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [dldtmon.exe] "c:\program files\dell v305\dldtmon.exe"
mRun: [dldtamon] "c:\program files\dell v305\dldtamon.exe"
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run
StartupFolder: c:\users\jan\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {DBDC1CDA-B64B-49F7-9535-6317AA416E51} - hxxps://viewtest.coba.unt.edu/downloads/VMware-viewclient.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1 192.168.1.1 192.168.5.1
TCP: Interfaces\{689824B3-1CE9-4657-99A4-665F63D995A3} : DhcpNameServer = 192.168.2.1 192.168.1.1 192.168.5.1
Notify: igfxcui - igfxdev.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-9-7 64512]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-4-9 221784]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-9-7 101720]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2012-4-9 78936]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2012-3-29 1161072]
R2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe -service --> c:\windows\system32\dldtcoms.exe -service [?]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-23 365952]
R2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\engine\SBAMSvc.exe [2011-5-17 2804280]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-5-11 74968]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-23 193840]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2012-4-9 69208]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-4-9 94040]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldtserv.exe [2008-2-25 99568]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-10-3 30312]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-4-9 26224]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-4-9 40776]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2012-4-9 69208]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-10-3 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-10-3 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-10-3 121576]
.
=============== Created Last 30 ================
.
2012-04-12 01:44:53 -------- d-----w- c:\users\jan\appdata\local\temp
2012-04-12 01:03:21 98816 ----a-w- c:\windows\sed.exe
2012-04-12 01:03:21 518144 ----a-w- c:\windows\SWREG.exe
2012-04-12 01:03:21 256000 ----a-w- c:\windows\PEV.exe
2012-04-12 01:03:21 208896 ----a-w- c:\windows\MBR.exe
2012-04-12 01:03:00 -------- d-----w- C:\ComboFix
2012-04-10 03:11:57 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-04-10 02:45:28 94040 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-04-10 02:45:25 78936 ----a-w- c:\windows\system32\drivers\sbtis.sys
2012-04-10 02:44:25 69208 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-04-10 02:44:24 221784 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-04-10 01:47:39 -------- d-----w- c:\users\jan\appdata\local\Privatefirewall
2012-04-10 01:40:27 -------- d-----w- c:\programdata\Privacyware
2012-04-09 10:39:39 -------- d-----w- c:\users\jan\appdata\roaming\AVG2012
2012-04-09 10:37:28 -------- d-----w- c:\programdata\AVG2012
2012-04-09 10:35:26 -------- d-----w- c:\program files\AVG
2012-04-09 10:30:35 -------- d-----w- c:\programdata\Common Files
2012-04-09 10:30:18 -------- d-----w- c:\programdata\MFAData
2012-04-09 10:02:15 26224 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-04-09 00:47:41 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-05 14:40:26 -------- d-----w- c:\users\jan\appdata\roaming\Malwarebytes
2012-04-05 14:39:50 -------- d-----w- c:\programdata\Malwarebytes
2012-04-05 14:39:48 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-05 14:39:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-05 14:30:01 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{194fe189-312d-4e5b-a3bb-5b288a1d484e}\mpengine.dll
2012-04-04 02:13:21 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-04-04 02:12:09 -------- d-----w- c:\users\jan\appdata\local\adawarebp
2012-04-04 02:11:57 -------- d-----w- c:\program files\Toolbar Cleaner
2012-04-04 02:11:31 -------- d-----w- c:\program files\adawaretb
2012-04-04 02:04:12 -------- d-----w- c:\users\jan\appdata\roaming\Ad-Aware Antivirus
2012-03-26 15:41:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2012-03-17 08:00:55 -------- d-----w- c:\windows\CheckSur
2012-03-16 02:44:10 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-16 02:44:06 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-16 02:44:06 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-16 02:43:43 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-16 02:43:43 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-16 02:43:43 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-16 02:43:43 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-16 02:43:43 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-16 02:43:39 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
.
==================== Find3M ====================
.
2012-04-09 00:49:08 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2012-02-23 14:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 21:32:20.21 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/13/2008 4:37:45 AM
System Uptime: 4/11/2012 9:17:37 PM (0 hours ago)
.
Motherboard: Wistron | | 3612
Processor: Pentium® Dual-Core CPU T4200 @ 2.00GHz | CPU | 2000/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 287 GiB total, 198.064 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.817 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Dell V305
Device ID: ROOT\IMAGE\0000
Manufacturer: Dell
Name: Dell V305 #2
PNP Device ID: ROOT\IMAGE\0000
Service: usbscan
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
ABBYY FineReader 6.0 Sprint
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Ad-Aware Antivirus
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.5.1
Adobe Shockwave Player
Amazon MP3 Downloader 1.0.3
Atheros Driver Installation Program
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Conexant HD Audio
CyberLink DVD Suite
CyberLink YouCam
Dell V305
ESU for Microsoft Vista
Garmin Communicator Plugin
Garmin USB Drivers
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP DVD Play 3.7
HP Help and Support
HP Quick Launch Buttons 6.40 H2
HP Total Care Advisor
HP Update
HP User Guides 0118
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
HPTCSSetup
Intel® Graphics Media Accelerator Driver
Java Auto Updater
Java™ 6 Update 23
Juno Preloader
Kies mini
LabelPrint
LightScribe System Software 1.14.17.1
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Calculator Plus
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
My HP Games
NetWaiting
NetZero Preloader
OGA Notifier 2.0.0048.0
Power2Go
PowerDirector
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek USB 2.0 Card Reader
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Spelling Dictionaries Support For Adobe Reader 9
SPORE Creature Creator Trial Edition
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VMware View Client
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
.
==== Event Viewer Messages From Past Week ========
.
4/8/2012 9:50:45 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: spldr Wanarpv6
4/8/2012 9:50:45 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
4/8/2012 9:50:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/8/2012 9:50:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/8/2012 9:50:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
4/8/2012 9:50:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/8/2012 9:50:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/8/2012 9:49:37 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21
4/8/2012 8:06:29 PM, Error: EventLog [6008] - The previous system shutdown at 8:04:37 PM on 4/8/2012 was unexpected.
4/8/2012 7:58:53 PM, Error: Service Control Manager [7022] - The KtmRm for Distributed Transaction Coordinator service hung on starting.
4/8/2012 7:54:45 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Health Check Service service to connect.
4/8/2012 7:54:45 PM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/8/2012 7:49:26 PM, Error: EventLog [6008] - The previous system shutdown at 7:47:38 PM on 4/8/2012 was unexpected.
4/8/2012 7:39:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
4/8/2012 7:30:58 PM, Error: EventLog [6008] - The previous system shutdown at 5:05:16 AM on 4/7/2012 was unexpected.
4/7/2012 4:23:24 AM, Error: EventLog [6008] - The previous system shutdown at 4:21:55 AM on 4/7/2012 was unexpected.
4/6/2012 9:54:44 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CryptSvc service.
4/6/2012 9:40:02 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
4/6/2012 9:30:49 AM, Error: EventLog [6008] - The previous system shutdown at 5:44:31 AM on 4/6/2012 was unexpected.
4/6/2012 5:42:41 AM, Error: EventLog [6008] - The previous system shutdown at 11:52:22 PM on 4/5/2012 was unexpected.
4/6/2012 10:18:41 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.5.132 for the Network Card with network address 00234E33CF13 has been denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message).
4/5/2012 9:34:03 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running.
4/5/2012 9:34:02 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
4/5/2012 9:29:43 AM, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050a001 Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. Signatures loading: Backup Loading signature version: 1.123.738.0 Loading engine version: 1.1.8101.0
4/5/2012 9:26:22 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Lavasoft Ad-Aware Service service to connect.
4/5/2012 9:26:22 AM, Error: Service Control Manager [7000] - The Lavasoft Ad-Aware Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/5/2012 9:12:40 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
4/5/2012 9:12:07 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
4/5/2012 9:08:39 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss SbFw SbTis Smb spldr tdx Wanarpv6 ws2ifsl
4/5/2012 9:08:39 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/5/2012 9:08:39 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
4/5/2012 9:08:39 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
4/5/2012 9:08:39 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/5/2012 9:08:39 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
4/5/2012 9:08:39 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/5/2012 9:08:39 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/5/2012 9:08:39 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
4/5/2012 9:08:39 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/5/2012 9:08:39 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/5/2012 9:08:39 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/5/2012 9:08:39 AM, Error: Service Control Manager [7001] - The CloudCare service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/5/2012 9:08:39 AM, Error: Service Control Manager [7001] - The CloudCare AntiVirus service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/5/2012 11:52:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
4/5/2012 11:52:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
4/5/2012 11:51:45 PM, Error: EventLog [6008] - The previous system shutdown at 11:50:28 PM on 4/5/2012 was unexpected.
4/5/2012 11:48:39 PM, Error: EventLog [6008] - The previous system shutdown at 11:37:11 PM on 4/5/2012 was unexpected.
4/5/2012 10:54:13 AM, Error: EventLog [6008] - The previous system shutdown at 10:52:17 AM on 4/5/2012 was unexpected.
4/5/2012 10:48:30 AM, Error: EventLog [6008] - The previous system shutdown at 10:46:20 AM on 4/5/2012 was unexpected.
4/5/2012 10:40:19 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error: An instance of the service is already running.
4/5/2012 10:24:29 AM, Error: EventLog [6008] - The previous system shutdown at 10:22:39 AM on 4/5/2012 was unexpected.
4/4/2012 9:52:06 PM, Error: Service Control Manager [7023] - The Vtserver service terminated with the following error: The specified module could not be found.
4/4/2012 9:51:26 PM, Error: EventLog [6008] - The previous system shutdown at 9:49:38 PM on 4/4/2012 was unexpected.
4/4/2012 9:49:38 PM, Error: EventLog [6008] - The previous system shutdown at 9:48:18 PM on 4/4/2012 was unexpected.
4/4/2012 8:38:39 AM, Error: EventLog [6008] - The previous system shutdown at 8:25:24 AM on 4/4/2012 was unexpected.
4/4/2012 3:16:12 PM, Error: EventLog [6008] - The previous system shutdown at 3:14:21 PM on 4/4/2012 was unexpected.
4/4/2012 10:05:16 PM, Error: EventLog [6008] - The previous system shutdown at 10:03:15 PM on 4/4/2012 was unexpected.
4/4/2012 1:22:12 PM, Error: Service Control Manager [7001] - The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
4/11/2012 9:18:22 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{689824B3-1CE9-4657-99A4-665F63D995A3} because another computer on the network has the same name. The server could not start.
4/11/2012 9:18:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the dldtCATSCustConnectService service to connect.
4/11/2012 9:18:15 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
4/11/2012 9:18:15 PM, Error: Service Control Manager [7000] - The dldtCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/11/2012 9:15:42 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
4/11/2012 9:15:42 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/11/2012 9:15:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/11/2012 8:58:37 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
4/11/2012 8:55:45 PM, Error: Service Control Manager [7022] - The Ad-Aware service hung on starting.
4/11/2012 8:49:01 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
4/11/2012 8:22:15 PM, Error: Service Control Manager [7034] - The XAudioService service terminated unexpectedly. It has done this 1 time(s).
4/11/2012 8:22:15 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
4/11/2012 8:22:15 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
4/11/2012 8:22:15 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
4/10/2012 6:25:14 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
4/10/2012 6:25:14 AM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/10/2012 6:25:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
4/10/2012 6:22:39 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.5.134 for the Network Card with network address 00234E33CF13 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================

#5 Blade81

Advanced Member

Volunteer Security Advisor
6557 posts

Posted 12 April 2012 - 06:21 AM

Hi again,

Open notepad and copy/paste the text in the quotebox below into it:

NetSvc::
isamsmt
webcompserver
mindretrieve

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Posted Image

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log.

Uninstall your current Adobe shockwave player and get the fresh one here if needed.

Uninstall vulnerable Flash versions by following instructions here. Fresh version can be obtained here.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 7 Update 3.
Click the

Download
button under JRE.
Check the box that says:

Accept License Agreement.
Click on the jre-7u3-windows-i586.exe link to download Windows Offline Installation and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-7u3-windows-i586.exe to install the newest version.

* Go here to run an online scanner from ESET.

Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
Click Scan
Wait for the scan to finish.

Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

#6 mykidsmomtx

Advanced Member

Members
45 posts

Posted 13 April 2012 - 12:59 AM

I dropped the text into Combofix but then realized Adaware was still running. I tried to close it but now the Combofix icon is gone. I restarted and still gone ... Is there a way to recover?

#7 mykidsmomtx

Advanced Member

Members
45 posts

Posted 13 April 2012 - 04:54 AM

Ok, I think I got it all done. I got all the scans to run and did the Flash, Adobe and Java fixes. Looks like lots of nasty stuff. Hope you can help. Let me know what to do next. Thank you!!!!!!!!!!!!!!!!

ESET Scan Results:
C:\TDSSKiller_Quarantine\08.04.2012_19.45.15\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\08.04.2012_19.45.15\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\08.04.2012_19.45.15\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan
C:\TDSSKiller_Quarantine\08.04.2012_19.45.15\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AG trojan
C:\TDSSKiller_Quarantine\08.04.2012_19.45.15\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.KS trojan
C:\TDSSKiller_Quarantine\08.04.2012_19.45.15\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmarik.AF trojan
C:\TDSSKiller_Quarantine\08.04.2012_19.45.15\mbr0000\tdlfs0000\tsk0010.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\08.04.2012_19.45.15\mbr0000\tdlfs0000\tsk0011.dta Win64/Olmarik.X trojan
C:\TDSSKiller_Quarantine\08.04.2012_19.45.15\rtkt0000\svc0000\tsk0000.dta Win32/Sirefef.DA trojan
C:\TDSSKiller_Quarantine\08.04.2012_19.45.15\rtkt0000\zafs0000\tsk0002.dta Win32/Sirefef.DN trojan
C:\TDSSKiller_Quarantine\08.04.2012_19.45.15\rtkt0000\zafs0000\tsk0007.dta Win32/Sirefef.ES trojan
C:\TDSSKiller_Quarantine\08.04.2012_19.45.15\rtkt0000\zafs0000\tsk0009.dta a variant of Win32/Sirefef.EU trojan
C:\TDSSKiller_Quarantine\08.04.2012_19.45.15\zaea0000\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\08.04.2012_19.59.07\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\08.04.2012_19.59.07\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\08.04.2012_19.59.07\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan
C:\TDSSKiller_Quarantine\08.04.2012_19.59.07\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AG trojan
C:\TDSSKiller_Quarantine\08.04.2012_19.59.07\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.KS trojan
C:\TDSSKiller_Quarantine\08.04.2012_19.59.07\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmarik.AF trojan
C:\TDSSKiller_Quarantine\08.04.2012_19.59.07\mbr0000\tdlfs0000\tsk0010.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\08.04.2012_19.59.07\mbr0000\tdlfs0000\tsk0011.dta Win64/Olmarik.X trojan
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\601d500c-3997a78f multiple threats
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\3a5b5f9a-1efbc8e0 multiple threats
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\5610ed5e-77e1bacf Java/Exploit.CVE-2011-3544.AX trojan
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\2cf3aa5f-3a6c141d Java/Exploit.Agent.NAP trojan
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\4ab3f26b-1e531b18 Java/Exploit.CVE-2011-3544.L trojan
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\17a88d28-3c7e3888 a variant of Java/Exploit.CVE-2012-0507.H trojan

DDS:.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19190
Run by Jan at 22:44:59 on 2012-04-12
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3002.1813 [GMT -5:00]
.
AV: Lavasoft Ad-Aware *Enabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Enabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
FW: Lavasoft Ad-Aware *Enabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
C:\Windows\system32\dldtcoms.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Dell V305\dldtmon.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Dell V305\dldtMsdMon.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\ehome\ehtray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\PROGRA~1\AD-AWA~1\AdAware.exe
C:\Program Files\Ad-Aware Antivirus\Engine\SBAMSvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [dldtmon.exe] "c:\program files\dell v305\dldtmon.exe"
mRun: [dldtamon] "c:\program files\dell v305\dldtamon.exe"
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\jan\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {DBDC1CDA-B64B-49F7-9535-6317AA416E51} - hxxps://viewtest.coba.unt.edu/downloads/VMware-viewclient.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1 192.168.1.1 192.168.5.1
TCP: Interfaces\{689824B3-1CE9-4657-99A4-665F63D995A3} : DhcpNameServer = 192.168.2.1 192.168.1.1 192.168.5.1
Notify: igfxcui - igfxdev.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-9-7 64512]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-4-9 221784]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-9-7 101720]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2012-4-9 78936]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2012-3-29 1161072]
R2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe -service --> c:\windows\system32\dldtcoms.exe -service [?]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-23 365952]
R2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\engine\SBAMSvc.exe [2011-5-17 2804280]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-5-11 74968]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-23 193840]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2012-4-9 69208]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-4-9 94040]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldtserv.exe [2008-2-25 99568]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-12 253600]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-10-3 30312]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-4-9 26224]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-4-9 40776]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2012-4-9 69208]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-10-3 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-10-3 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-10-3 121576]
.
=============== Created Last 30 ================
.
2012-04-13 01:55:07 -------- d-----w- c:\program files\ESET
2012-04-13 01:49:50 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-04-13 01:29:18 -------- d-----w- c:\users\jan\appdata\local\Google
2012-04-13 01:29:08 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-13 01:29:08 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-13 01:12:26 6582328 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{2c3313c7-d44d-4195-b5a6-bad12fd67a6d}\mpengine.dll
2012-04-13 01:06:10 6582328 ------w- c:\programdata\microsoft\windows defender\definition updates\updates\mpengine.dll
2012-04-13 00:56:24 -------- d-sh--w- C:\$RECYCLE.BIN
2012-04-13 00:35:31 -------- d-----w- c:\users\jan\appdata\local\temp
2012-04-12 01:03:21 98816 ----a-w- c:\windows\sed.exe
2012-04-12 01:03:21 518144 ----a-w- c:\windows\SWREG.exe
2012-04-12 01:03:21 256000 ----a-w- c:\windows\PEV.exe
2012-04-12 01:03:21 208896 ----a-w- c:\windows\MBR.exe
2012-04-10 03:11:57 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-04-10 02:45:28 94040 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-04-10 02:45:25 78936 ----a-w- c:\windows\system32\drivers\sbtis.sys
2012-04-10 02:44:25 69208 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-04-10 02:44:24 221784 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-04-10 01:47:39 -------- d-----w- c:\users\jan\appdata\local\Privatefirewall
2012-04-10 01:40:27 -------- d-----w- c:\programdata\Privacyware
2012-04-09 10:39:39 -------- d-----w- c:\users\jan\appdata\roaming\AVG2012
2012-04-09 10:37:28 -------- d-----w- c:\programdata\AVG2012
2012-04-09 10:35:26 -------- d-----w- c:\program files\AVG
2012-04-09 10:30:35 -------- d-----w- c:\programdata\Common Files
2012-04-09 10:30:18 -------- d-----w- c:\programdata\MFAData
2012-04-09 10:02:15 26224 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-04-09 00:47:41 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-05 14:40:26 -------- d-----w- c:\users\jan\appdata\roaming\Malwarebytes
2012-04-05 14:39:50 -------- d-----w- c:\programdata\Malwarebytes
2012-04-05 14:39:48 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-05 14:39:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-04 02:13:21 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-04-04 02:12:09 -------- d-----w- c:\users\jan\appdata\local\adawarebp
2012-04-04 02:11:57 -------- d-----w- c:\program files\Toolbar Cleaner
2012-04-04 02:11:31 -------- d-----w- c:\program files\adawaretb
2012-04-04 02:04:12 -------- d-----w- c:\users\jan\appdata\roaming\Ad-Aware Antivirus
2012-03-26 15:41:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2012-03-17 08:00:55 -------- d-----w- c:\windows\CheckSur
2012-03-16 02:44:10 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-16 02:44:06 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-16 02:44:06 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-16 02:43:43 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-16 02:43:43 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-16 02:43:43 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-16 02:43:43 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-16 02:43:43 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-16 02:43:39 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
.
==================== Find3M ====================
.
2012-04-13 01:48:59 567696 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-09 00:49:08 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2012-02-23 15:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 22:46:46.09 ===============
Attach:.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/13/2008 4:37:45 AM
System Uptime: 4/12/2012 8:44:14 PM (2 hours ago)
.
Motherboard: Wistron | | 3612
Processor: Pentium® Dual-Core CPU T4200 @ 2.00GHz | CPU | 2000/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 287 GiB total, 193.822 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.817 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Dell V305
Device ID: ROOT\IMAGE\0000
Manufacturer: Dell
Name: Dell V305 #2
PNP Device ID: ROOT\IMAGE\0000
Service: usbscan
.
==== System Restore Points ===================
.
RP698: 4/12/2012 7:10:42 PM - ComboFix created restore point
RP699: 4/12/2012 8:04:40 PM - Windows Update
RP700: 4/12/2012 8:40:57 PM - Removed Java™ 6 Update 23
RP701: 4/12/2012 8:47:25 PM - Installed Java™ 7 Update 3
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
ABBYY FineReader 6.0 Sprint
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Ad-Aware Antivirus
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.1
Adobe Shockwave Player
Amazon MP3 Downloader 1.0.3
Atheros Driver Installation Program
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Conexant HD Audio
CyberLink DVD Suite
CyberLink YouCam
Dell V305
ESET Online Scanner v3
ESU for Microsoft Vista
Garmin Communicator Plugin
Garmin USB Drivers
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP DVD Play 3.7
HP Help and Support
HP Quick Launch Buttons 6.40 H2
HP Total Care Advisor
HP Update
HP User Guides 0118
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
HPTCSSetup
Intel® Graphics Media Accelerator Driver
Java Auto Updater
Java™ 7 Update 3
Juno Preloader
Kies mini
LabelPrint
LightScribe System Software 1.14.17.1
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Calculator Plus
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
My HP Games
NetWaiting
NetZero Preloader
OGA Notifier 2.0.0048.0
Power2Go
PowerDirector
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek USB 2.0 Card Reader
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Spelling Dictionaries Support For Adobe Reader 9
SPORE Creature Creator Trial Edition
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VMware View Client
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
.
==== Event Viewer Messages From Past Week ========
.
4/8/2012 9:50:45 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: spldr Wanarpv6
4/8/2012 9:50:45 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
4/8/2012 9:50:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/8/2012 9:50:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/8/2012 9:50:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
4/8/2012 9:50:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/8/2012 9:50:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/8/2012 9:49:37 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21
4/8/2012 8:06:29 PM, Error: EventLog [6008] - The previous system shutdown at 8:04:37 PM on 4/8/2012 was unexpected.
4/8/2012 7:58:53 PM, Error: Service Control Manager [7022] - The KtmRm for Distributed Transaction Coordinator service hung on starting.
4/8/2012 7:54:45 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Health Check Service service to connect.
4/8/2012 7:54:45 PM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/8/2012 7:49:26 PM, Error: EventLog [6008] - The previous system shutdown at 7:47:38 PM on 4/8/2012 was unexpected.
4/8/2012 7:39:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
4/8/2012 7:30:58 PM, Error: EventLog [6008] - The previous system shutdown at 5:05:16 AM on 4/7/2012 was unexpected.
4/7/2012 4:23:24 AM, Error: EventLog [6008] - The previous system shutdown at 4:21:55 AM on 4/7/2012 was unexpected.
4/6/2012 9:54:44 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CryptSvc service.
4/6/2012 9:40:02 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
4/6/2012 9:30:49 AM, Error: EventLog [6008] - The previous system shutdown at 5:44:31 AM on 4/6/2012 was unexpected.
4/6/2012 5:42:41 AM, Error: EventLog [6008] - The previous system shutdown at 11:52:22 PM on 4/5/2012 was unexpected.
4/6/2012 10:18:41 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.5.132 for the Network Card with network address 00234E33CF13 has been denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message).
4/5/2012 9:34:03 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running.
4/5/2012 9:34:02 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
4/5/2012 9:29:43 AM, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050a001 Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. Signatures loading: Backup Loading signature version: 1.123.738.0 Loading engine version: 1.1.8101.0
4/5/2012 9:26:22 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Lavasoft Ad-Aware Service service to connect.
4/5/2012 9:26:22 AM, Error: Service Control Manager [7000] - The Lavasoft Ad-Aware Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/5/2012 9:12:40 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
4/5/2012 9:12:07 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
4/5/2012 9:08:39 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss SbFw SbTis Smb spldr tdx Wanarpv6 ws2ifsl
4/5/2012 9:08:39 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/5/2012 9:08:39 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
4/5/2012 9:08:39 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
4/5/2012 9:08:39 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/5/2012 9:08:39 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
4/5/2012 9:08:39 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/5/2012 9:08:39 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/5/2012 9:08:39 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
4/5/2012 9:08:39 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/5/2012 9:08:39 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/5/2012 9:08:39 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/5/2012 9:08:39 AM, Error: Service Control Manager [7001] - The CloudCare service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/5/2012 9:08:39 AM, Error: Service Control Manager [7001] - The CloudCare AntiVirus service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/5/2012 11:52:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
4/5/2012 11:52:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
4/5/2012 11:51:45 PM, Error: EventLog [6008] - The previous system shutdown at 11:50:28 PM on 4/5/2012 was unexpected.
4/5/2012 11:48:39 PM, Error: EventLog [6008] - The previous system shutdown at 11:37:11 PM on 4/5/2012 was unexpected.
4/5/2012 10:54:13 AM, Error: EventLog [6008] - The previous system shutdown at 10:52:17 AM on 4/5/2012 was unexpected.
4/5/2012 10:48:30 AM, Error: EventLog [6008] - The previous system shutdown at 10:46:20 AM on 4/5/2012 was unexpected.
4/5/2012 10:40:19 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error: An instance of the service is already running.
4/5/2012 10:24:29 AM, Error: EventLog [6008] - The previous system shutdown at 10:22:39 AM on 4/5/2012 was unexpected.
4/12/2012 8:44:52 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the dldtCATSCustConnectService service to connect.
4/12/2012 8:44:52 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
4/12/2012 8:44:52 PM, Error: Service Control Manager [7000] - The dldtCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/12/2012 8:30:00 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {4991D34B-80A1-4291-83B6-3328366B9097} to the user Jan-PC\Jan SID (S-1-5-21-940529157-1554030405-1903592981-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
4/12/2012 7:55:17 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
4/12/2012 7:40:59 PM, Error: Service Control Manager [7034] - The XAudioService service terminated unexpectedly. It has done this 1 time(s).
4/12/2012 7:20:01 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
4/12/2012 6:37:57 PM, Error: EventLog [6008] - The previous system shutdown at 5:36:02 AM on 4/12/2012 was unexpected.
4/11/2012 9:18:22 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{689824B3-1CE9-4657-99A4-665F63D995A3} because another computer on the network has the same name. The server could not start.
4/11/2012 9:15:42 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
4/11/2012 9:15:42 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/11/2012 9:15:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/11/2012 8:58:37 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
4/11/2012 8:55:45 PM, Error: Service Control Manager [7022] - The Ad-Aware service hung on starting.
4/11/2012 8:22:15 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
4/11/2012 8:22:15 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
4/11/2012 8:22:15 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
4/10/2012 6:25:14 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
4/10/2012 6:25:14 AM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/10/2012 6:25:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
4/10/2012 6:22:39 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.5.134 for the Network Card with network address 00234E33CF13 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================

COMBOFIX File:

ComboFix 12-04-12.03 - Jan 04/12/2012 19:44:44.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3002.1854 [GMT -5:00]
Running from: c:\users\Jan\Desktop\ComboFix.exe
Command switches used :: c:\users\Jan\Desktop\CFScript.txt
AV: Lavasoft Ad-Aware *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
SP: Lavasoft Ad-Aware *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-13 to 2012-04-13 )))))))))))))))))))))))))))))))
.
.
2012-04-13 00:55 . 2012-04-13 00:55 -------- d-----w- c:\users\Stan\AppData\Local\temp
2012-04-13 00:55 . 2012-04-13 00:55 -------- d-----w- c:\users\Jessseeekuuhh\AppData\Local\temp
2012-04-13 00:55 . 2012-04-13 00:55 -------- d-----w- c:\users\Jesss\AppData\Local\temp
2012-04-13 00:55 . 2012-04-13 00:55 -------- d-----w- c:\users\Jessica\AppData\Local\temp
2012-04-13 00:55 . 2012-04-13 00:55 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-04-13 00:55 . 2012-04-13 00:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-13 00:35 . 2012-04-13 00:55 -------- d-----w- c:\users\Jan\AppData\Local\temp
2012-04-10 03:11 . 2012-04-10 03:18 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-04-10 02:45 . 2011-04-05 22:35 94040 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-04-10 02:45 . 2011-04-05 22:35 78936 ----a-w- c:\windows\system32\drivers\sbtis.sys
2012-04-10 02:44 . 2011-02-08 14:14 69208 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-04-10 02:44 . 2011-04-05 22:35 221784 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-04-10 01:47 . 2012-04-10 01:47 -------- d-----w- c:\users\Jan\AppData\Local\Privatefirewall
2012-04-10 01:40 . 2012-04-10 01:40 -------- d-----w- c:\programdata\Privacyware
2012-04-09 12:13 . 2012-04-09 12:13 -------- d-----w- c:\users\admin2
2012-04-09 10:39 . 2012-04-09 10:39 -------- d-----w- c:\users\Jan\AppData\Roaming\AVG2012
2012-04-09 10:37 . 2012-04-10 02:30 -------- d-----w- c:\programdata\AVG2012
2012-04-09 10:35 . 2012-04-09 10:35 -------- d-----w- c:\program files\AVG
2012-04-09 10:30 . 2012-04-09 10:30 -------- d-----w- c:\programdata\Common Files
2012-04-09 10:30 . 2012-04-10 02:28 -------- d-----w- c:\programdata\MFAData
2012-04-09 10:02 . 2012-04-10 03:11 26224 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-04-09 00:47 . 2012-04-09 01:01 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-05 14:40 . 2012-04-05 14:40 -------- d-----w- c:\users\Jan\AppData\Roaming\Malwarebytes
2012-04-05 14:39 . 2012-04-05 14:39 -------- d-----w- c:\programdata\Malwarebytes
2012-04-05 14:39 . 2012-04-10 03:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-05 14:39 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-05 14:30 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{194FE189-312D-4E5B-A3BB-5B288A1D484E}\mpengine.dll
2012-04-05 02:29 . 2012-04-05 02:29 -------- d-----w- c:\users\Guest\AppData\Local\adaware
2012-04-04 18:16 . 2012-04-04 18:16 -------- d-----w- c:\users\Jessseeekuuhh\AppData\Roaming\Ad-Aware Antivirus
2012-04-04 18:16 . 2012-04-04 18:16 -------- d-----w- c:\users\Jessseeekuuhh\AppData\Local\adaware
2012-04-04 02:13 . 2012-04-10 02:44 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-04-04 02:12 . 2012-04-04 02:12 -------- d-----w- c:\users\Jan\AppData\Local\adawarebp
2012-04-04 02:11 . 2012-04-04 02:11 -------- d-----w- c:\program files\Toolbar Cleaner
2012-04-04 02:11 . 2012-04-04 02:11 -------- d-----w- c:\program files\adawaretb
2012-04-04 02:04 . 2012-04-12 23:50 -------- d-----w- c:\users\Jan\AppData\Roaming\Ad-Aware Antivirus
2012-03-26 15:41 . 2012-03-26 15:41 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2012-03-17 08:00 . 2012-03-17 08:00 -------- d-----w- c:\windows\CheckSur
2012-03-16 02:44 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-16 02:44 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-16 02:44 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-16 02:43 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-16 02:43 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-16 02:43 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-16 02:43 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-16 02:43 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-16 02:43 . 2012-01-31 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-09 00:49 . 2011-06-15 14:24 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2012-02-23 14:18 . 2009-10-03 09:31 237072 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"dldtmon.exe"="c:\program files\Dell V305\dldtmon.exe" [2008-03-20 668912]
"dldtamon"="c:\program files\Dell V305\dldtamon.exe" [2008-03-20 16624]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\users\Jessseeekuuhh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R3 57830685;57830685; [x]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [2012-03-29 1161072]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-10 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
- c:\progra~1\AD-AWA~1\AdAwareLauncher.exe [2012-03-29 17:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 192.168.1.1 192.168.5.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-12 19:55
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-04-12 19:57:18
ComboFix-quarantined-files.txt 2012-04-13 00:57
ComboFix2.txt 2012-04-13 00:35
ComboFix3.txt 2012-04-12 02:05
.
Pre-Run: 210,410,557,440 bytes free
Post-Run: 210,366,533,632 bytes free
.
- - End Of File - - D8E9CD1FBB2210B6D6BB6D3F89AF653B

#8 Blade81

Advanced Member

Volunteer Security Advisor
6557 posts

Posted 13 April 2012 - 05:25 AM

Hi again,

Open notepad and copy/paste the text in the quotebox below into it:

Folder::
C:\TDSSKiller_Quarantine
File::
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\601d500c-3997a78f
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\3a5b5f9a-1efbc8e0
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\5610ed5e-77e1bacf
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\2cf3aa5f-3a6c141d
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\4ab3f26b-1e531b18
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\17a88d28-3c7e3888

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Posted Image

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log. How's the system running?

#9 mykidsmomtx

Advanced Member

Members
45 posts

Posted 13 April 2012 - 12:52 PM

ComboFix Log:

ComboFix 12-04-12.03 - Jan 04/13/2012 6:11.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3002.1930 [GMT -5:00]
Running from: c:\users\Jan\Desktop\ComboFix.exe
Command switches used :: c:\users\Jan\Desktop\CFScript.txt
AV: Lavasoft Ad-Aware *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
SP: Lavasoft Ad-Aware *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\601d500c-3997a78f"
"c:\users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\3a5b5f9a-1efbc8e0"
"c:\users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\5610ed5e-77e1bacf"
"c:\users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\2cf3aa5f-3a6c141d"
"c:\users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\4ab3f26b-1e531b18"
"c:\windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\17a88d28-3c7e3888"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\TDSSKiller_Quarantine
c:\tdsskiller_quarantine\08.04.2012_19.45.15\mbr0000\mbr0000\object.ini
c:\tdsskiller_quarantine\08.04.2012_19.45.15\mbr0000\mbr0000\tsk0000.dta
c:\tdsskiller_quarantine\08.04.2012_19.45.15\mbr0000\mbr0000\tsk0000.ini
c:\tdsskiller_quarantine\08.04.2012_19.45.15\mbr0000\mbr0000\tsk0001.dta
c:\tdsskiller_quarantine\08.04.2012_19.45.15\mbr0000\mbr0000\tsk0001.ini
c:\tdsskiller_quarantine\08.04.2012_19.45.15\mbr0000\object.ini
c:\tdsskiller_quarantine\08.04.2012_19.45.15\mbr0000\tdlfs0000\object.ini
c:\tdsskiller_quarantine\08.04.2012_19.45.15\mbr0000\tdlfs0000\tsk0000.dta
c:\tdsskiller_quarantine\08.04.2012_19.45.15\mbr0000\tdlfs0000\tsk0000.ini
c:\tdsskiller_quarantine\08.04.2012_19.45.15\mbr0000\tdlfs0000\tsk0001.dta
c:\tdsskiller_quarantine\08.04.2012_19.45.15\mbr0000\tdlfs0000\tsk0001.ini
c:\tdsskiller_quarantine\08.04.2012_19.45.15\mbr0000\tdlfs0000\tsk0002.dta
c:\tdsskiller_quarantine\08.04.2012_19.45.15\mbr0000\tdlfs0000\tsk0002.ini
c:\tdsskiller_quarantine\08.04.2012_19.45.15\mbr0000\tdlfs0000\tsk0003.dta
c:\tdsskiller_quarantine\08.04.2012_19.45.15\mbr0000\tdlfs0000\tsk0003.ini
c:\tdsskiller_quarantine\08.04.2012_19.45.15\mbr0000\tdlfs0000\tsk0004.dta
c:\tdsskiller_quarantine\08.04.2012_19.45.15\mbr0000\tdlfs0000\tsk0004.ini
c:\tdsskiller_quarantine\08.04.2012_19.45.15\mbr0000\tdlfs0000\tsk0005.dta
c:\tdsskiller_quarantine\08.04.2012_19.45.15\mbr0000\tdlfs0000\tsk0005.ini
c:\tdsskiller_quarantine\08.04.2012_19.45.15\mbr0000\tdlfs0000\tsk0006.dta
c:\tdsskiller_quarantine\08.04.2012_19.45.15\mbr0000\tdlfs0000\tsk0006.ini
c:\tdsskiller_quarantine\08.04.2012_19.45.15\mbr0000\tdlfs0000\tsk0007.dta
c:\tdsskiller_quarantine\08.04.2012_19.45.15\mbr0000\tdlfs0000\tsk0007.ini
c:\tdsskiller_quarantine\08.04.2012_19.45.15\mbr0000\tdlfs0000\tsk0008.dta
c:\tdsskiller_quarantine\08.04.2012_19.45.15\mbr0000\tdlfs0000\tsk0008.ini
c:\tdsskiller_quarantine\08.04.2012_19.45.15\mbr0000\tdlfs0000\tsk0009.dta
c:\tdsskiller_quarantine\08.04.2012_19.45.15\mbr0000\tdlfs0000\tsk0009.ini
c:\tdsskiller_quarantine\08.04.2012_19.45.15\mbr0000\tdlfs0000\tsk0010.dta
c:\tdsskiller_quarantine\08.04.2012_19.45.15\mbr0000\tdlfs0000\tsk0010.ini
c:\tdsskiller_quarantine\08.04.2012_19.45.15\mbr0000\tdlfs0000\tsk0011.dta
c:\tdsskiller_quarantine\08.04.2012_19.45.15\mbr0000\tdlfs0000\tsk0011.ini
c:\tdsskiller_quarantine\08.04.2012_19.45.15\rtkt0000\object.ini
c:\tdsskiller_quarantine\08.04.2012_19.45.15\rtkt0000\svc0000\object.ini
c:\tdsskiller_quarantine\08.04.2012_19.45.15\rtkt0000\svc0000\tsk0000.dta
c:\tdsskiller_quarantine\08.04.2012_19.45.15\rtkt0000\svc0000\tsk0000.ini
c:\tdsskiller_quarantine\08.04.2012_19.45.15\rtkt0000\svc0000\tsk0001.dta
c:\tdsskiller_quarantine\08.04.2012_19.45.15\rtkt0000\svc0000\tsk0001.ini
c:\tdsskiller_quarantine\08.04.2012_19.45.15\rtkt0000\zafs0000\tsk0000.dta
c:\tdsskiller_quarantine\08.04.2012_19.45.15\rtkt0000\zafs0000\tsk0000.ini
c:\tdsskiller_quarantine\08.04.2012_19.45.15\rtkt0000\zafs0000\tsk0001.dta
c:\tdsskiller_quarantine\08.04.2012_19.45.15\rtkt0000\zafs0000\tsk0001.ini
c:\tdsskiller_quarantine\08.04.2012_19.45.15\rtkt0000\zafs0000\tsk0002.dta
c:\tdsskiller_quarantine\08.04.2012_19.45.15\rtkt0000\zafs0000\tsk0002.ini
c:\tdsskiller_quarantine\08.04.2012_19.45.15\rtkt0000\zafs0000\tsk0003.dta
c:\tdsskiller_quarantine\08.04.2012_19.45.15\rtkt0000\zafs0000\tsk0003.ini
c:\tdsskiller_quarantine\08.04.2012_19.45.15\rtkt0000\zafs0000\tsk0004.dta
c:\tdsskiller_quarantine\08.04.2012_19.45.15\rtkt0000\zafs0000\tsk0004.ini
c:\tdsskiller_quarantine\08.04.2012_19.45.15\rtkt0000\zafs0000\tsk0005.dta
c:\tdsskiller_quarantine\08.04.2012_19.45.15\rtkt0000\zafs0000\tsk0005.ini
c:\tdsskiller_quarantine\08.04.2012_19.45.15\rtkt0000\zafs0000\tsk0006.dta
c:\tdsskiller_quarantine\08.04.2012_19.45.15\rtkt0000\zafs0000\tsk0006.ini
c:\tdsskiller_quarantine\08.04.2012_19.45.15\rtkt0000\zafs0000\tsk0007.dta
c:\tdsskiller_quarantine\08.04.2012_19.45.15\rtkt0000\zafs0000\tsk0007.ini
c:\tdsskiller_quarantine\08.04.2012_19.45.15\rtkt0000\zafs0000\tsk0008.dta
c:\tdsskiller_quarantine\08.04.2012_19.45.15\rtkt0000\zafs0000\tsk0008.ini
c:\tdsskiller_quarantine\08.04.2012_19.45.15\rtkt0000\zafs0000\tsk0009.dta
c:\tdsskiller_quarantine\08.04.2012_19.45.15\rtkt0000\zafs0000\tsk0009.ini
c:\tdsskiller_quarantine\08.04.2012_19.45.15\rtkt0000\zafs0000\tsk0010.dta
c:\tdsskiller_quarantine\08.04.2012_19.45.15\rtkt0000\zafs0000\tsk0010.ini
c:\tdsskiller_quarantine\08.04.2012_19.45.15\zaea0000\object.ini
c:\tdsskiller_quarantine\08.04.2012_19.45.15\zaea0000\svc0000\object.ini
c:\tdsskiller_quarantine\08.04.2012_19.45.15\zaea0000\svc0000\tsk0000.dta
c:\tdsskiller_quarantine\08.04.2012_19.45.15\zaea0000\svc0000\tsk0000.ini
c:\tdsskiller_quarantine\08.04.2012_19.59.07\mbr0000\mbr0000\object.ini
c:\tdsskiller_quarantine\08.04.2012_19.59.07\mbr0000\mbr0000\tsk0000.dta
c:\tdsskiller_quarantine\08.04.2012_19.59.07\mbr0000\mbr0000\tsk0000.ini
c:\tdsskiller_quarantine\08.04.2012_19.59.07\mbr0000\mbr0000\tsk0001.dta
c:\tdsskiller_quarantine\08.04.2012_19.59.07\mbr0000\mbr0000\tsk0001.ini
c:\tdsskiller_quarantine\08.04.2012_19.59.07\mbr0000\object.ini
c:\tdsskiller_quarantine\08.04.2012_19.59.07\mbr0000\tdlfs0000\object.ini
c:\tdsskiller_quarantine\08.04.2012_19.59.07\mbr0000\tdlfs0000\tsk0000.dta
c:\tdsskiller_quarantine\08.04.2012_19.59.07\mbr0000\tdlfs0000\tsk0000.ini
c:\tdsskiller_quarantine\08.04.2012_19.59.07\mbr0000\tdlfs0000\tsk0001.dta
c:\tdsskiller_quarantine\08.04.2012_19.59.07\mbr0000\tdlfs0000\tsk0001.ini
c:\tdsskiller_quarantine\08.04.2012_19.59.07\mbr0000\tdlfs0000\tsk0002.dta
c:\tdsskiller_quarantine\08.04.2012_19.59.07\mbr0000\tdlfs0000\tsk0002.ini
c:\tdsskiller_quarantine\08.04.2012_19.59.07\mbr0000\tdlfs0000\tsk0003.dta
c:\tdsskiller_quarantine\08.04.2012_19.59.07\mbr0000\tdlfs0000\tsk0003.ini
c:\tdsskiller_quarantine\08.04.2012_19.59.07\mbr0000\tdlfs0000\tsk0004.dta
c:\tdsskiller_quarantine\08.04.2012_19.59.07\mbr0000\tdlfs0000\tsk0004.ini
c:\tdsskiller_quarantine\08.04.2012_19.59.07\mbr0000\tdlfs0000\tsk0005.dta
c:\tdsskiller_quarantine\08.04.2012_19.59.07\mbr0000\tdlfs0000\tsk0005.ini
c:\tdsskiller_quarantine\08.04.2012_19.59.07\mbr0000\tdlfs0000\tsk0006.dta
c:\tdsskiller_quarantine\08.04.2012_19.59.07\mbr0000\tdlfs0000\tsk0006.ini
c:\tdsskiller_quarantine\08.04.2012_19.59.07\mbr0000\tdlfs0000\tsk0007.dta
c:\tdsskiller_quarantine\08.04.2012_19.59.07\mbr0000\tdlfs0000\tsk0007.ini
c:\tdsskiller_quarantine\08.04.2012_19.59.07\mbr0000\tdlfs0000\tsk0008.dta
c:\tdsskiller_quarantine\08.04.2012_19.59.07\mbr0000\tdlfs0000\tsk0008.ini
c:\tdsskiller_quarantine\08.04.2012_19.59.07\mbr0000\tdlfs0000\tsk0009.dta
c:\tdsskiller_quarantine\08.04.2012_19.59.07\mbr0000\tdlfs0000\tsk0009.ini
c:\tdsskiller_quarantine\08.04.2012_19.59.07\mbr0000\tdlfs0000\tsk0010.dta
c:\tdsskiller_quarantine\08.04.2012_19.59.07\mbr0000\tdlfs0000\tsk0010.ini
c:\tdsskiller_quarantine\08.04.2012_19.59.07\mbr0000\tdlfs0000\tsk0011.dta
c:\tdsskiller_quarantine\08.04.2012_19.59.07\mbr0000\tdlfs0000\tsk0011.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-03-13 to 2012-04-13 )))))))))))))))))))))))))))))))
.
.
2012-04-13 11:23 . 2012-04-13 11:23 -------- d-----w- c:\users\Stan\AppData\Local\temp
2012-04-13 11:23 . 2012-04-13 11:23 -------- d-----w- c:\users\Jessseeekuuhh\AppData\Local\temp
2012-04-13 11:23 . 2012-04-13 11:23 -------- d-----w- c:\users\Jesss\AppData\Local\temp
2012-04-13 11:23 . 2012-04-13 11:23 -------- d-----w- c:\users\Jessica\AppData\Local\temp
2012-04-13 11:23 . 2012-04-13 11:23 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-04-13 11:23 . 2012-04-13 11:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-13 01:55 . 2012-04-13 01:55 -------- d-----w- c:\program files\ESET
2012-04-13 01:51 . 2012-04-13 01:51 -------- d-----w- c:\program files\Common Files\Java
2012-04-13 01:49 . 2012-04-13 01:48 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-04-13 01:29 . 2012-04-13 01:31 -------- d-----w- c:\users\Jan\AppData\Local\Google
2012-04-13 01:29 . 2012-04-13 01:44 -------- d-----w- c:\program files\Google
2012-04-13 01:29 . 2012-04-13 01:29 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-13 01:29 . 2012-04-13 01:29 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-13 01:12 . 2012-03-20 08:53 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2C3313C7-D44D-4195-B5A6-BAD12FD67A6D}\mpengine.dll
2012-04-13 00:35 . 2012-04-13 11:23 -------- d-----w- c:\users\Jan\AppData\Local\temp
2012-04-12 23:50 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-04-10 03:11 . 2012-04-10 03:18 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-04-10 02:45 . 2011-04-05 22:35 94040 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-04-10 02:45 . 2011-04-05 22:35 78936 ----a-w- c:\windows\system32\drivers\sbtis.sys
2012-04-10 02:44 . 2011-02-08 14:14 69208 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-04-10 02:44 . 2011-04-05 22:35 221784 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-04-10 01:47 . 2012-04-10 01:47 -------- d-----w- c:\users\Jan\AppData\Local\Privatefirewall
2012-04-10 01:40 . 2012-04-10 01:40 -------- d-----w- c:\programdata\Privacyware
2012-04-09 12:13 . 2012-04-09 12:13 -------- d-----w- c:\users\admin2
2012-04-09 10:39 . 2012-04-09 10:39 -------- d-----w- c:\users\Jan\AppData\Roaming\AVG2012
2012-04-09 10:37 . 2012-04-10 02:30 -------- d-----w- c:\programdata\AVG2012
2012-04-09 10:35 . 2012-04-09 10:35 -------- d-----w- c:\program files\AVG
2012-04-09 10:30 . 2012-04-09 10:30 -------- d-----w- c:\programdata\Common Files
2012-04-09 10:30 . 2012-04-10 02:28 -------- d-----w- c:\programdata\MFAData
2012-04-09 10:02 . 2012-04-10 03:11 26224 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-04-05 14:40 . 2012-04-05 14:40 -------- d-----w- c:\users\Jan\AppData\Roaming\Malwarebytes
2012-04-05 14:39 . 2012-04-05 14:39 -------- d-----w- c:\programdata\Malwarebytes
2012-04-05 14:39 . 2012-04-10 03:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-05 14:39 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-05 02:29 . 2012-04-05 02:29 -------- d-----w- c:\users\Guest\AppData\Local\adaware
2012-04-04 18:16 . 2012-04-04 18:16 -------- d-----w- c:\users\Jessseeekuuhh\AppData\Roaming\Ad-Aware Antivirus
2012-04-04 18:16 . 2012-04-04 18:16 -------- d-----w- c:\users\Jessseeekuuhh\AppData\Local\adaware
2012-04-04 02:13 . 2012-04-10 02:44 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-04-04 02:12 . 2012-04-04 02:12 -------- d-----w- c:\users\Jan\AppData\Local\adawarebp
2012-04-04 02:11 . 2012-04-04 02:11 -------- d-----w- c:\program files\Toolbar Cleaner
2012-04-04 02:11 . 2012-04-04 02:11 -------- d-----w- c:\program files\adawaretb
2012-04-04 02:04 . 2012-04-12 23:50 -------- d-----w- c:\users\Jan\AppData\Roaming\Ad-Aware Antivirus
2012-03-26 15:41 . 2012-03-26 15:41 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2012-03-17 08:00 . 2012-03-17 08:00 -------- d-----w- c:\windows\CheckSur
2012-03-16 02:44 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-16 02:44 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-16 02:44 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-16 02:43 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-16 02:43 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-16 02:43 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-16 02:43 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-16 02:43 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-13 01:48 . 2011-02-05 13:25 567696 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-09 00:49 . 2011-06-15 14:24 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2012-02-23 15:18 . 2009-10-03 09:31 237072 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"dldtmon.exe"="c:\program files\Dell V305\dldtmon.exe" [2008-03-20 668912]
"dldtamon"="c:\program files\Dell V305\dldtamon.exe" [2008-03-20 16624]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\users\Jessseeekuuhh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R3 57830685;57830685; [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 253600]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [2012-03-29 1161072]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-10 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
- c:\progra~1\AD-AWA~1\AdAwareLauncher.exe [2012-03-29 17:44]
.
2012-04-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 01:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1 192.168.1.1 192.168.5.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-13 06:23
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-04-13 06:26:29
ComboFix-quarantined-files.txt 2012-04-13 11:26
ComboFix2.txt 2012-04-13 00:57
ComboFix3.txt 2012-04-13 00:35
ComboFix4.txt 2012-04-12 02:05
.
Pre-Run: 208,049,160,192 bytes free
Post-Run: 208,062,705,664 bytes free
.
- - End Of File - - DB391557EC19E8AE987ECEE8B12C7B53

Will post the DDS separately after reboot because my clipboard won't clear and keep pasting prior stuff ... never had this problem before.

#10 mykidsmomtx

Advanced Member

Members
45 posts

Posted 13 April 2012 - 01:09 PM

Attach 413.txt 15.25K 133 downloads

DDS 413.txt 14.65K 57 downloads

#11 mykidsmomtx

Advanced Member

Members
45 posts

Posted 13 April 2012 - 01:10 PM

Copy/Paste is not working so I had to just attach the files. Apologies. Are we making any progress? Let me know next steps. Thank you!!

#12 mykidsmomtx

Advanced Member

Members
45 posts

Posted 13 April 2012 - 02:05 PM

While I am working on this, should I do Window updates, etc when prompted or hold off on all these. I don't want to further the problem. Please advise. Thanks.

#13 Blade81

Advanced Member

Volunteer Security Advisor
6557 posts

Posted 13 April 2012 - 07:16 PM

Hi,

While I am working on this, should I do Window updates, etc when prompted or hold off on all these. I don't want to further the problem. Please advise. Thanks.

Let's finish with other steps before Windows updating. Does the copy-pasting problem appear with all copy-pasting or just some specific operations?

#14 mykidsmomtx

Advanced Member

Members
45 posts

Posted 13 April 2012 - 07:51 PM

Ok, I won't do any more updates or anything until done. Sorry about that.

As for the copy/paste issue, this is a brand new problem that happened with the latest steps I did this morning. I tried rebooting and it appears the copy/paste is not working across the board in different applications (Word and notepad at least; I didn't try any other applications). Sometimes it doesn't work at all then sometimes it just pastes parts of what is copied or pastes prior copied text.

Another strange thing I noticed is that after completion of one of the tasks, my sreen had only the recycle bin and the SMART HDD icon ... When I rebooted it was back to normal.

Let me know!

#15 Blade81

Advanced Member

Volunteer Security Advisor
6557 posts

Posted 14 April 2012 - 09:46 AM

Hi,

That's really weird symptom. Usually if copy-paste related functionality breaks up then it won't work at all - not even partially. Is problem present with other user accounts?

Previous fix didn't contain anything that should affect copy-pasting.

#16 mykidsmomtx

Advanced Member

Members
45 posts

Posted 14 April 2012 - 02:46 PM

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/13/2008 4:37:45 AM
System Uptime: 4/13/2012 6:38:55 AM (0 hours ago)
.
Motherboard: Wistron | | 3612
Processor: Pentium® Dual-Core CPU T4200 @ 2.00GHz | CPU | 2000/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 287 GiB total, 193.239 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.817 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Dell V305
Device ID: ROOT\IMAGE\0000
Manufacturer: Dell
Name: Dell V305 #2
PNP Device ID: ROOT\IMAGE\0000
Service: usbscan
.
==== System Restore Points ===================
.
RP698: 4/12/2012 7:10:42 PM - ComboFix created restore point
RP699: 4/12/2012 8:04:40 PM - Windows Update
RP700: 4/12/2012 8:40:57 PM - Removed Java™ 6 Update 23
RP701: 4/12/2012 8:47:25 PM - Installed Java™ 7 Update 3
RP702: 4/13/2012 6:01:14 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
ABBYY FineReader 6.0 Sprint
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Ad-Aware Antivirus
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.1
Adobe Shockwave Player
Amazon MP3 Downloader 1.0.3
Atheros Driver Installation Program
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Conexant HD Audio
CyberLink DVD Suite
CyberLink YouCam
Dell V305
ESET Online Scanner v3
ESU for Microsoft Vista
Garmin Communicator Plugin
Garmin USB Drivers
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP DVD Play 3.7
HP Help and Support
HP Quick Launch Buttons 6.40 H2
HP Total Care Advisor
HP Update
HP User Guides 0118
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
HPTCSSetup
Intel® Graphics Media Accelerator Driver
Java Auto Updater
Java™ 7 Update 3
Juno Preloader
Kies mini
LabelPrint
LightScribe System Software 1.14.17.1
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Calculator Plus
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
My HP Games
NetWaiting
NetZero Preloader
OGA Notifier 2.0.0048.0
Power2Go
PowerDirector
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek USB 2.0 Card Reader
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Spelling Dictionaries Support For Adobe Reader 9
SPORE Creature Creator Trial Edition
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VMware View Client
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
.
==== Event Viewer Messages From Past Week ========
.
4/8/2012 9:50:45 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: spldr Wanarpv6
4/8/2012 9:50:45 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
4/8/2012 9:50:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/8/2012 9:50:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/8/2012 9:50:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
4/8/2012 9:50:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/8/2012 9:50:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/8/2012 9:49:37 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21
4/8/2012 8:06:29 PM, Error: EventLog [6008] - The previous system shutdown at 8:04:37 PM on 4/8/2012 was unexpected.
4/8/2012 7:58:53 PM, Error: Service Control Manager [7022] - The KtmRm for Distributed Transaction Coordinator service hung on starting.
4/8/2012 7:54:45 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Health Check Service service to connect.
4/8/2012 7:54:45 PM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/8/2012 7:49:26 PM, Error: EventLog [6008] - The previous system shutdown at 7:47:38 PM on 4/8/2012 was unexpected.
4/8/2012 7:39:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
4/8/2012 7:30:58 PM, Error: EventLog [6008] - The previous system shutdown at 5:05:16 AM on 4/7/2012 was unexpected.
4/7/2012 4:23:24 AM, Error: EventLog [6008] - The previous system shutdown at 4:21:55 AM on 4/7/2012 was unexpected.
4/6/2012 9:54:44 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CryptSvc service.
4/6/2012 9:40:02 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
4/6/2012 9:30:49 AM, Error: EventLog [6008] - The previous system shutdown at 5:44:31 AM on 4/6/2012 was unexpected.
4/6/2012 5:42:41 AM, Error: EventLog [6008] - The previous system shutdown at 11:52:22 PM on 4/5/2012 was unexpected.
4/6/2012 10:18:41 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.5.132 for the Network Card with network address 00234E33CF13 has been denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message).
4/13/2012 6:40:25 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the dldtCATSCustConnectService service to connect.
4/13/2012 6:40:25 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
4/13/2012 6:40:25 AM, Error: Service Control Manager [7000] - The dldtCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/13/2012 6:23:41 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
4/13/2012 6:15:46 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706be: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2656368).
4/13/2012 6:15:46 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Windows Vista (KB2679255).
4/13/2012 6:15:46 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows Vista (KB2653956).
4/13/2012 6:15:46 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Microsoft Works 9 (KB2680317).
4/13/2012 6:15:46 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Microsoft Office 2007 suites (KB2598041).
4/13/2012 6:15:46 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Microsoft Office 2007 suites (KB2596871).
4/13/2012 6:15:46 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Cumulative Security Update for Internet Explorer 8 for Windows Vista (KB2675157).
4/13/2012 6:05:19 AM, Error: Service Control Manager [7034] - The XAudioService service terminated unexpectedly. It has done this 1 time(s).
4/12/2012 8:30:00 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {4991D34B-80A1-4291-83B6-3328366B9097} to the user Jan-PC\Jan SID (S-1-5-21-940529157-1554030405-1903592981-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
4/12/2012 7:20:01 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
4/12/2012 6:37:57 PM, Error: EventLog [6008] - The previous system shutdown at 5:36:02 AM on 4/12/2012 was unexpected.
4/11/2012 9:18:22 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{689824B3-1CE9-4657-99A4-665F63D995A3} because another computer on the network has the same name. The server could not start.
4/11/2012 9:15:42 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
4/11/2012 9:15:42 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/11/2012 9:15:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/11/2012 8:58:37 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
4/11/2012 8:55:45 PM, Error: Service Control Manager [7022] - The Ad-Aware service hung on starting.
4/11/2012 8:22:15 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
4/11/2012 8:22:15 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
4/11/2012 8:22:15 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
4/10/2012 6:25:14 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
4/10/2012 6:25:14 AM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/10/2012 6:25:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
4/10/2012 6:22:39 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.5.134 for the Network Card with network address 00234E33CF13 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19190
Run by Jan at 6:45:07 on 2012-04-13
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3002.1739 [GMT -5:00]
.
AV: Lavasoft Ad-Aware *Enabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Enabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
FW: Lavasoft Ad-Aware *Enabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
C:\Windows\system32\dldtcoms.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Dell V305\dldtmon.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Dell V305\dldtMsdMon.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~1\AD-AWA~1\AdAware.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Ad-Aware Antivirus\Engine\SBAMSvc.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [dldtmon.exe] "c:\program files\dell v305\dldtmon.exe"
mRun: [dldtamon] "c:\program files\dell v305\dldtamon.exe"
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\jan\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {DBDC1CDA-B64B-49F7-9535-6317AA416E51} - hxxps://viewtest.coba.unt.edu/downloads/VMware-viewclient.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1 192.168.1.1 192.168.5.1
TCP: Interfaces\{689824B3-1CE9-4657-99A4-665F63D995A3} : DhcpNameServer = 192.168.2.1 192.168.1.1 192.168.5.1
Notify: igfxcui - igfxdev.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-9-7 64512]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-4-9 221784]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-9-7 101720]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2012-4-9 78936]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2012-3-29 1161072]
R2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe -service --> c:\windows\system32\dldtcoms.exe -service [?]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-23 365952]
R2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\engine\SBAMSvc.exe [2011-5-17 2804280]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-5-11 74968]
R2 wsnm;VMware View Client Service;c:\program files\vmware\vmware view\client\bin\wsnm.exe [2010-2-10 151552]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-23 193840]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2012-4-9 69208]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-4-9 94040]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldtserv.exe [2008-2-25 99568]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-12 253600]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-10-3 30312]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-4-9 26224]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-4-9 40776]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2012-4-9 69208]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-10-3 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-10-3 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-10-3 121576]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-04-13 11:26:33 -------- d-sh--w- C:\$RECYCLE.BIN
2012-04-13 01:55:07 -------- d-----w- c:\program files\ESET
2012-04-13 01:49:50 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-04-13 01:29:18 -------- d-----w- c:\users\jan\appdata\local\Google
2012-04-13 01:29:08 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-13 01:29:08 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-13 01:12:26 6582328 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{2c3313c7-d44d-4195-b5a6-bad12fd67a6d}\mpengine.dll
2012-04-13 01:06:10 6582328 ------w- c:\programdata\microsoft\windows defender\definition updates\updates\mpengine.dll
2012-04-13 00:35:31 -------- d-----w- c:\users\jan\appdata\local\temp
2012-04-12 23:50:16 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-04-12 01:03:21 98816 ----a-w- c:\windows\sed.exe
2012-04-12 01:03:21 518144 ----a-w- c:\windows\SWREG.exe
2012-04-12 01:03:21 256000 ----a-w- c:\windows\PEV.exe
2012-04-12 01:03:21 208896 ----a-w- c:\windows\MBR.exe
2012-04-10 03:11:57 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-04-10 02:45:28 94040 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-04-10 02:45:25 78936 ----a-w- c:\windows\system32\drivers\sbtis.sys
2012-04-10 02:44:25 69208 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-04-10 02:44:24 221784 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-04-10 01:47:39 -------- d-----w- c:\users\jan\appdata\local\Privatefirewall
2012-04-10 01:40:27 -------- d-----w- c:\programdata\Privacyware
2012-04-09 10:39:39 -------- d-----w- c:\users\jan\appdata\roaming\AVG2012
2012-04-09 10:37:28 -------- d-----w- c:\programdata\AVG2012
2012-04-09 10:35:26 -------- d-----w- c:\program files\AVG
2012-04-09 10:30:35 -------- d-----w- c:\programdata\Common Files
2012-04-09 10:30:18 -------- d-----w- c:\programdata\MFAData
2012-04-09 10:02:15 26224 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-04-05 14:40:26 -------- d-----w- c:\users\jan\appdata\roaming\Malwarebytes
2012-04-05 14:39:50 -------- d-----w- c:\programdata\Malwarebytes
2012-04-05 14:39:48 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-05 14:39:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-04 02:13:21 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-04-04 02:12:09 -------- d-----w- c:\users\jan\appdata\local\adawarebp
2012-04-04 02:11:57 -------- d-----w- c:\program files\Toolbar Cleaner
2012-04-04 02:11:31 -------- d-----w- c:\program files\adawaretb
2012-04-04 02:04:12 -------- d-----w- c:\users\jan\appdata\roaming\Ad-Aware Antivirus
2012-03-26 15:41:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2012-03-17 08:00:55 -------- d-----w- c:\windows\CheckSur
2012-03-16 02:44:10 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-16 02:44:06 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-16 02:44:06 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-16 02:43:43 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-16 02:43:43 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-16 02:43:43 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-16 02:43:43 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-16 02:43:43 1068544 ----a-w- c:\windows\system32\DWrite.dll
.
==================== Find3M ====================
.
2012-04-13 01:48:59 567696 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-09 00:49:08 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2012-02-23 15:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 6:46:31.85 ===============

#17 mykidsmomtx

Advanced Member

Members
45 posts

Posted 14 April 2012 - 02:56 PM

I was able to copy/paste the above. I did some testing and it appears there is just a problem with "select all". If I use that it doesn't work. If I just highlight the text and use copy/paste it works fine. I really don't see a problem if I avoid the "select all" option. I never used notepad before but I would think the select all should work. I tested other user accounts and no problems.

#18 mykidsmomtx

Advanced Member

Members
45 posts

Posted 14 April 2012 - 03:06 PM

Ok, did some more testing in different accounts and different programs and the only problem is the select all in notepad. Again, I never used notepad in the past so it might just be user error. In Word and Excel the copy/paste works appropriately for all users. In notepad, I can copy/paste if I select the text. Hope this helps. Sorry for the confusion.

#19 Blade81

Advanced Member

Volunteer Security Advisor
6557 posts

Posted 15 April 2012 - 11:02 AM

Hi,

In notepad, I can copy/paste if I select the text.

That's how it should work.

Since logs look clean from malware, it's time to secure your system to prevent against further intrusions.

THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

A To disable the System Restore feature:

1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Uncheck any checkboxes listed for your hard drives.
7. Press OK.

B. Reboot.

C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 6. check any checkboxes listed for your hard drives.

Now lets uninstall ComboFix:

Click START then RUN
Now copy-paste Combofix /uninstall in the runbox and click OK

UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

Download and run Secunia Personal Software Inspector (PSI) and fix its findings. Leave the program installed so you'll stay alarmed about vulnerable components in future too.

Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade

#20 mykidsmomtx

Advanced Member

Members
45 posts

Posted 15 April 2012 - 07:44 PM

Thank you Blade!!

I did all the steps you outlined and all appears to be working well. The only problem that I see has not been resolved is that my Microsoft Office links are no longer available. I can open existing documents and access the programs that way, but if I just want to launch Word or Excel, my folders are empty. Is there anyway to restore these links? Thank you!

Back to Resolved/Inactive HijackThis Logs

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users