Jump to content


Photo
- - - - -

Windows Defender Error 0x80070424


  • This topic is locked This topic is locked
8 replies to this topic

#1 kbalanis

kbalanis

    New Member

  • Members
  • Pip
  • 8 posts

Posted 28 April 2011 - 06:57 PM

I'm hoping I can finally get this issue resolved. Usually I am able to get everything working again after getting a virus but this is something that I cannot get to work. A few days ago my computer was infected with the Win 7 Total Security 2011 virus. At least I think that's what it was called, there are so many different names of these types of viruses. I was able to find the files associated with this virus through a scan with MBAM, but now my Windows Defender isn't working at all. After I open it up, I get an error message that states: The specified service does not exist as an installed service. (Error Code: 0x80070424). I don't know if I still have a virus that's blocking this program from working or the Win 7 virus did something to the registry, or if some important files got corrupted. I did a scan with Avira but it came up with no viruses. Also, I could not find a way to disable my script blocker so I have no DDS or Attach .txt files, and the GMER scanner didn't detect anything wrong so there was nothing in the log file. So basically I just have my MBAM log file and the DeFogger log file.

I ran the DeFogger. I don't think I got an error message but I did get a defogger_disable log. Here's what that shows:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:56 on 28/04/2011 (kbalanis)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Here's the log of the MBAM scan:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6449

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

4/28/2011 4:48:24 PM
mbam-log-2011-04-28 (16-48-24).txt

Scan type: Full scan (C:\|)
Objects scanned: 408660
Time elapsed: 1 hour(s), 9 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

As you can see, MBAM hasn't detected any malicious software. So I don't really have much to go on.

I was able to get the DDS file to work. Here's the DDS.txt log:

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by kbalanis at 14:48:08.46 on Fri 04/29/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.8190.4998 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe
C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\PanelHelper32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 7\PSP.EXE
C:\Program Files (x86)\AVG\AVG10\avgchsva.exe
C:\Program Files (x86)\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Windows\system32\msiexec.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\kbalanis\Desktop\dds.com
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Trend Micro NSC BHO: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - TmIEPlugInBHO Class
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTOCA~1.LNK - C:\Program Files (x86)\Common Files\Autodesk Shared\acstart16.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLCO~1.LNK - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TDMNOT~1.LNK - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll
BHO-X64: Trend Micro NSC BHO - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
mRun-x64: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
mRun-x64: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
mRun-x64: [DellControlPoint] "c:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe"
mRun-x64: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
.
============= SERVICES / DRIVERS ===============
.
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2011-1-19 37456]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-10-15 466944]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-10-12 55280]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2011-1-7 304720]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-3-1 41552]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2011-2-10 376400]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-2-15 7421280]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2010-2-8 515952]
R2 McAfeeEngineService;McAfee Engine Service;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2009-4-29 19720]
R2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2009-1-16 103744]
R2 McShield;McAfee McShield;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe [2009-4-29 176872]
R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [2009-4-29 62800]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2010-10-15 78992]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-10-27 6807656]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2011-3-30 118352]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2011-2-10 29264]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-10-15 120096]
S0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2011-2-22 26704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-1-4 1436424]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2010-10-15 76696]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-15 1255736]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2011-04-29 16:11:42 6533152 ----a-w- C:\Users\kbalanis\XobniSetup.exe
2011-04-29 16:11:42 -------- d-----w- C:\Program Files (x86)\Xobni
2011-04-29 16:10:54 -------- d-----w- C:\Users\kbalanis\AppData\Roaming\AVG10
2011-04-29 16:05:36 -------- d--h--w- C:\PROGRA~3\Common Files
2011-04-29 16:05:28 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2011-04-29 16:04:57 -------- d-----w- C:\Windows\System32\drivers\AVG
2011-04-29 16:04:57 -------- d-----w- C:\PROGRA~3\AVG10
2011-04-29 16:04:24 -------- d-----w- C:\Program Files (x86)\AVG
2011-04-29 15:57:50 -------- d-----w- C:\PROGRA~3\MFAData
2011-04-28 19:26:12 -------- d-----w- C:\Users\kbalanis\AppData\Local\Threat Expert
2011-04-28 18:44:23 -------- d-sh--w- C:\$RECYCLE.BIN
2011-04-28 18:36:49 89088 ----a-w- C:\Windows\MBR.exe
2011-04-28 18:36:47 98816 ----a-w- C:\Windows\sed.exe
2011-04-28 18:36:47 256512 ----a-w- C:\Windows\PEV.exe
2011-04-28 18:36:47 161792 ----a-w- C:\Windows\SWREG.exe
2011-04-28 18:06:03 -------- d-----w- C:\PROGRA~3\Kaspersky Lab Setup Files
2011-04-28 16:56:29 374664 ----a-w- C:\Windows\System32\drivers\netio.sys
2011-04-28 15:53:11 19528 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2011-04-28 15:53:09 -------- d-----w- C:\Program Files\Hitman Pro 3.5
2011-04-28 15:52:54 -------- d-----w- C:\PROGRA~3\Hitman Pro
2011-04-27 22:18:21 -------- d-----w- C:\Program Files (x86)\Eusing Free Registry Cleaner
2011-04-27 15:01:01 2870272 ----a-w- C:\Windows\explorer.exe
2011-04-27 15:01:01 2614784 ----a-w- C:\Windows\SysWow64\explorer.exe
2011-04-26 18:34:58 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-26 18:34:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-04-25 22:23:33 -------- d-----w- C:\Users\kbalanis\AppData\Local\Wave Systems Corp
2011-04-25 18:08:39 -------- d-----w- C:\Users\kbalanis\AppData\Roaming\IObit
2011-04-25 17:59:16 8802128 ------w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
2011-04-25 17:25:23 -------- d-----w- C:\Users\kbalanis\AppData\Roaming\ParetoLogic
2011-04-25 17:25:23 -------- d-----w- C:\Users\kbalanis\AppData\Roaming\DriverCure
2011-04-25 17:25:12 -------- d-----w- C:\PROGRA~3\ParetoLogic
2011-04-22 00:24:03 -------- d-----w- C:\Users\kbalanis\AppData\Roaming\Malwarebytes
2011-04-22 00:23:59 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-04-22 00:23:56 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-04-20 23:50:20 -------- d-----w- C:\Users\kbalanis\AppData\Local\{FC297FF4-13DE-493F-A0FB-D9B79D83B1CD}
2011-04-19 14:22:37 8802128 ------w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{ACE488A6-8877-4AD8-AFE8-100C60025AD1}\mpengine.dll
2011-04-15 23:55:32 -------- d-----w- C:\Users\kbalanis\AppData\Local\{B916030E-4E6C-4C9D-8A9E-12C87CF716D6}
2011-04-15 23:53:54 56832 ----a-w- C:\Windows\SysWow64\Iyvu9_32.dll
2011-04-15 23:53:54 391168 ----a-w- C:\Windows\SysWow64\i263_32.drv
2011-04-15 23:53:54 27648 ----a-w- C:\Windows\SysWow64\ir50_lcs.dll
2011-04-15 23:53:54 143872 ----a-w- C:\Windows\SysWow64\iacenc.dll
2011-04-15 23:53:40 305152 ----a-w- C:\Windows\IsUninst.exe
2011-04-15 23:02:48 175616 ----a-w- C:\Windows\SysWow64\unrar.dll
2011-04-15 22:57:18 737072 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-04-15 22:56:46 4283672 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-04-15 22:56:18 42776 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-04-15 22:56:10 539968 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-04-15 22:56:10 -------- d-----w- C:\Users\kbalanis\AppData\Local\{AF809551-663D-4FCB-B7F2-3963393B2015}
2011-04-15 18:42:19 -------- d-----w- C:\Users\kbalanis\AppData\Local\{C8CB5FA3-EB69-4EE6-A995-8708C862B5C8}
2011-04-15 18:41:56 -------- d-----w- C:\Users\kbalanis\AppData\Local\{EB6F81BC-E876-4A38-9B41-F12103101298}
2011-04-15 16:30:05 -------- d-----w- C:\Users\kbalanis\AppData\Local\{86C5F188-1C3C-4E2D-B30A-EE32C33D0F2E}
2011-04-15 16:04:00 -------- d-----w- C:\Users\kbalanis\AppData\Local\{3A9D6DA1-5646-4B8B-B389-9D6A0E8A5F9C}
2011-04-14 20:57:52 -------- d-----w- C:\Users\kbalanis\AppData\Local\{0622E935-683C-45F8-B81C-17261BE92DBC}
2011-04-14 20:55:26 -------- d-----w- C:\Users\kbalanis\AppData\Local\{F390F25A-942B-4075-B28E-E1278A487295}
2011-04-14 20:53:58 -------- d-----w- C:\Users\kbalanis\AppData\Local\{8F67EFFB-85FA-4636-8D08-0FF915FC6EA6}
2011-04-14 20:52:29 -------- d-----w- C:\Users\kbalanis\AppData\Local\{06BD9DBF-CDEE-49EA-8CCE-3529EFA00C6C}
2011-04-14 20:51:22 -------- d-----w- C:\Users\kbalanis\AppData\Local\{6D6682A6-35A9-40EF-9C8B-87F116457AF3}
2011-04-14 20:50:28 -------- d-----w- C:\Users\kbalanis\AppData\Local\{BAC6BC2D-E3F6-4067-9E88-B90CD31914CB}
2011-04-11 14:51:27 -------- d-----w- C:\CTS
2011-03-31 00:17:00 118352 ----a-w- C:\Windows\System32\drivers\AVGIDSDriver.sys
.
==================== Find3M ====================
.
2011-04-16 18:45:29 848 --sha-w- C:\Windows\SysWow64\KGyGaAvL.sys
2011-03-12 12:03:46 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-03-12 11:31:58 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-03-11 06:23:13 187264 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-03-11 06:23:06 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-03-11 06:23:06 1657216 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-03-11 06:23:06 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-03-11 06:23:00 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-03-11 06:22:41 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2011-03-11 06:22:40 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2011-03-11 06:19:26 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-11 06:19:26 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-11 06:18:20 2566144 ----a-w- C:\Windows\System32\esent.dll
2011-03-11 06:15:54 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-03-11 05:40:24 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:40:24 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-11 05:39:35 1686016 ----a-w- C:\Windows\SysWow64\esent.dll
2011-03-11 05:37:34 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-03-08 06:14:30 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-08 05:38:13 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-04 06:17:25 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:17:24 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:17:10 182272 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-03-03 06:14:38 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-03-03 05:27:30 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-03-03 03:58:32 3133440 ----a-w- C:\Windows\System32\win32k.sys
2011-03-01 21:25:18 41552 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2011-02-24 06:30:00 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-02-24 06:29:15 1197056 ----a-w- C:\Windows\System32\wininet.dll
2011-02-24 06:24:57 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-02-24 05:32:52 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-02-24 05:32:44 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-02-24 05:30:16 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-02-24 05:05:13 482816 ----a-w- C:\Windows\System32\html.iec
2011-02-24 04:24:04 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-02-24 04:23:48 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-02-24 03:50:26 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-02-23 05:16:28 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-02-23 05:16:01 401920 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-02-23 05:15:50 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-02-23 05:15:27 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-02-23 05:15:14 286720 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-02-23 05:15:13 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-02-23 05:15:06 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-02-22 15:12:46 26704 ----a-w- C:\Windows\System32\drivers\AVGIDSEH.sys
2011-02-19 06:37:44 1135104 ----a-w- C:\Windows\System32\FntCache.dll
2011-02-19 06:37:10 1540608 ----a-w- C:\Windows\System32\DWrite.dll
2011-02-19 06:36:49 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-02-19 06:36:13 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-02-19 05:32:48 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-02-19 05:32:35 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-02-19 05:32:08 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-02-19 04:13:39 367104 ----a-w- C:\Windows\System32\atmfd.dll
2011-02-19 03:37:02 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-02-18 06:37:05 612352 ----a-w- C:\Windows\System32\vbscript.dll
2011-02-18 06:33:50 31232 ----a-w- C:\Windows\System32\prevhost.exe
2011-02-18 05:36:26 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-02-18 05:33:29 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-02-12 06:14:41 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2011-02-10 14:53:58 376400 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2011-02-10 14:53:34 29264 ----a-w- C:\Windows\System32\drivers\AVGIDSFilter.sys
2011-02-05 12:41:43 556928 ----a-w- C:\Windows\System32\winresume.efi
2011-02-05 12:41:35 640896 ----a-w- C:\Windows\System32\winload.efi
2011-02-05 12:41:24 20352 ----a-w- C:\Windows\System32\kdusb.dll
2011-02-05 12:41:24 19328 ----a-w- C:\Windows\System32\kd1394.dll
2011-02-05 12:41:23 17792 ----a-w- C:\Windows\System32\kdcom.dll
2011-02-05 12:39:21 603976 ----a-w- C:\Windows\System32\winload.exe
2011-02-05 12:39:21 518160 ----a-w- C:\Windows\System32\winresume.exe
2011-02-03 04:40:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 14:48:47.06 ===============


As stated above, the GMER program didn't detect anything wrong so there is no log file for that so I've attached the attach.zip file which only contains the attach.txt file from the DDS program.Attached File  Attach.zip   3.19KB   12 downloads

#2 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 02 May 2011 - 11:41 AM

Hi,

I notice that you are using more than one antivirus program (McAfee and AVG). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program.


Restart your computer and see if the Windows Defender error persists.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3 kbalanis

kbalanis

    New Member

  • Members
  • Pip
  • 8 posts

Posted 02 May 2011 - 11:57 AM

Hi,

I notice that you are using more than one antivirus program (McAfee and AVG). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program.


Restart your computer and see if the Windows Defender error persists.


I won't be able to get rid of the McAfee since it's a work computer and it needs to be on it, but I will get rid of AVG. I only installed AVG after the issue with Defender not working since I didn't feel like I had enough security since it wasn't working. But I'll get rid of AVG anyway, then reboot. I'll let you know if Defender works after that but I'm pretty sure it won't.

#4 kbalanis

kbalanis

    New Member

  • Members
  • Pip
  • 8 posts

Posted 02 May 2011 - 12:07 PM

So I uninstalled AVG, then rebooted, it still doesn't work and I get the same error code. I did some online searching about the error and found that I can start the Defender process through the services.msc file. I tried that but the Defender process wasn't even there FOR me to start so I don't know what else to do.

#5 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 05 May 2011 - 02:00 AM

Hi,

There may be malware still left.

Please visit this webpage for instructions for running ComboFix:
http://www.bleepingc...to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.


-screen317
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#6 kbalanis

kbalanis

    New Member

  • Members
  • Pip
  • 8 posts

Posted 05 May 2011 - 11:06 AM

Here's the ComboFix log:

ComboFix 11-05-04.04 - kbalanis 05/05/2011 8:24.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8190.6548 [GMT -7:00]
Running from: c:\users\kbalanis\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\kbalanis\XobniSetup.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-04-05 to 2011-05-05 )))))))))))))))))))))))))))))))
.
.
2011-05-05 15:31 . 2011-05-05 15:31 -------- d-----w- c:\users\Keith Balanis\AppData\Local\temp
2011-05-05 15:31 . 2011-05-05 15:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-04 23:44 . 2011-05-04 23:44 -------- d-----w- c:\windows\system32\SPReview
2011-05-04 23:42 . 2011-05-04 23:42 -------- d-----w- c:\windows\system32\EventProviders
2011-05-04 23:37 . 2010-11-20 13:34 363392 ----a-w- c:\windows\system32\drivers\volmgrx.sys
2011-05-04 23:36 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll
2011-05-04 23:36 . 2010-11-20 12:17 209920 ----a-w- c:\windows\SysWow64\PkgMgr.exe
2011-05-04 23:36 . 2010-11-20 12:18 323072 ----a-w- c:\windows\SysWow64\drvstore.dll
2011-05-04 23:36 . 2010-11-20 12:18 257024 ----a-w- c:\windows\SysWow64\dpx.dll
2011-05-04 23:36 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2011-05-04 23:36 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2011-05-04 23:34 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-05-04 23:34 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-05-04 23:34 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-05-04 23:34 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll
2011-05-04 23:34 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe
2011-05-04 23:33 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll
2011-05-04 23:33 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2011-05-04 23:02 . 2011-05-04 23:16 -------- d-----w- C:\8bd29fcf06f28268469d6a56
2011-05-03 00:11 . 2011-05-03 00:11 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-05-03 00:04 . 2011-05-03 00:04 -------- d-----w- c:\users\kbalanis\AppData\Local\TuneUpMedic
2011-04-29 16:11 . 2011-04-29 16:11 -------- d-----w- c:\program files (x86)\Xobni
2011-04-29 16:10 . 2011-04-29 16:10 -------- d-----w- c:\users\kbalanis\AppData\Roaming\AVG10
2011-04-29 16:05 . 2011-04-29 16:05 -------- d--h--w- c:\programdata\Common Files
2011-04-29 16:04 . 2011-05-02 17:03 -------- d-----w- c:\programdata\AVG10
2011-04-29 16:04 . 2011-04-29 16:04 -------- d-----w- c:\program files (x86)\AVG
2011-04-29 15:57 . 2011-05-02 17:02 -------- d-----w- c:\programdata\MFAData
2011-04-28 19:26 . 2011-04-28 19:26 -------- d-----w- c:\users\kbalanis\AppData\Local\Threat Expert
2011-04-28 18:06 . 2011-04-28 18:06 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2011-04-28 15:53 . 2011-04-28 16:47 19528 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-04-28 15:53 . 2011-04-28 15:53 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-04-28 15:52 . 2011-04-28 15:52 -------- d-----w- c:\programdata\Hitman Pro
2011-04-27 22:18 . 2011-04-29 00:08 -------- d-----w- c:\program files (x86)\Eusing Free Registry Cleaner
2011-04-27 15:01 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe
2011-04-27 15:01 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
2011-04-26 18:34 . 2011-05-02 23:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-04-25 22:23 . 2011-04-25 22:23 -------- d-----w- c:\users\kbalanis\AppData\Local\Wave Systems Corp
2011-04-25 22:22 . 2011-04-25 22:22 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-04-25 18:08 . 2011-04-25 18:08 -------- d-----w- c:\users\kbalanis\AppData\Roaming\IObit
2011-04-25 17:25 . 2011-04-25 17:25 -------- d-----w- c:\users\kbalanis\AppData\Roaming\ParetoLogic
2011-04-25 17:25 . 2011-04-25 17:25 -------- d-----w- c:\users\kbalanis\AppData\Roaming\DriverCure
2011-04-25 17:25 . 2011-04-26 17:58 -------- d-----w- c:\programdata\ParetoLogic
2011-04-22 00:24 . 2011-04-22 00:24 -------- d-----w- c:\users\kbalanis\AppData\Roaming\Malwarebytes
2011-04-22 00:23 . 2011-04-22 00:23 -------- d-----w- c:\programdata\Malwarebytes
2011-04-22 00:23 . 2010-12-21 01:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-20 23:50 . 2011-04-20 23:50 -------- d-----w- c:\users\kbalanis\AppData\Local\{FC297FF4-13DE-493F-A0FB-D9B79D83B1CD}
2011-04-19 14:22 . 2011-04-11 08:21 8802128 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ACE488A6-8877-4AD8-AFE8-100C60025AD1}\mpengine.dll
2011-04-15 23:55 . 2011-04-15 23:55 -------- d-----w- c:\users\kbalanis\AppData\Local\{B916030E-4E6C-4C9D-8A9E-12C87CF716D6}
2011-04-15 23:53 . 1998-02-13 21:30 143872 ----a-w- c:\windows\SysWow64\iacenc.dll
2011-04-15 23:53 . 1997-11-06 19:53 27648 ----a-w- c:\windows\SysWow64\ir50_lcs.dll
2011-04-15 23:53 . 1997-08-27 16:53 391168 ----a-w- c:\windows\SysWow64\i263_32.drv
2011-04-15 23:53 . 1997-06-13 15:56 56832 ----a-w- c:\windows\SysWow64\Iyvu9_32.dll
2011-04-15 23:53 . 1998-07-30 19:51 305152 ----a-w- c:\windows\IsUninst.exe
2011-04-15 23:04 . 2011-04-15 23:04 -------- d-----w- c:\users\kbalanis\AppData\Roaming\Media Player Classic
2011-04-15 23:02 . 2011-03-02 10:43 175616 ----a-w- c:\windows\SysWow64\unrar.dll
2011-04-15 22:57 . 2011-04-15 22:57 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-04-15 22:56 . 2011-04-15 22:56 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-04-15 22:56 . 2011-04-15 22:56 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-04-15 22:56 . 2011-04-15 22:56 -------- d-----w- c:\users\kbalanis\AppData\Local\{AF809551-663D-4FCB-B7F2-3963393B2015}
2011-04-15 22:56 . 2011-04-15 22:56 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-04-15 18:42 . 2011-04-15 18:42 -------- d-----w- c:\users\kbalanis\AppData\Local\{C8CB5FA3-EB69-4EE6-A995-8708C862B5C8}
2011-04-15 18:41 . 2011-04-15 18:41 -------- d-----w- c:\users\kbalanis\AppData\Local\{EB6F81BC-E876-4A38-9B41-F12103101298}
2011-04-15 16:30 . 2011-04-15 16:30 -------- d-----w- c:\users\kbalanis\AppData\Local\{86C5F188-1C3C-4E2D-B30A-EE32C33D0F2E}
2011-04-15 16:04 . 2011-04-15 16:04 -------- d-----w- c:\users\kbalanis\AppData\Local\{3A9D6DA1-5646-4B8B-B389-9D6A0E8A5F9C}
2011-04-14 20:57 . 2011-04-14 20:58 -------- d-----w- c:\users\kbalanis\AppData\Local\{0622E935-683C-45F8-B81C-17261BE92DBC}
2011-04-14 20:55 . 2011-04-14 20:55 -------- d-----w- c:\users\kbalanis\AppData\Local\{F390F25A-942B-4075-B28E-E1278A487295}
2011-04-14 20:53 . 2011-04-14 20:54 -------- d-----w- c:\users\kbalanis\AppData\Local\{8F67EFFB-85FA-4636-8D08-0FF915FC6EA6}
2011-04-14 20:52 . 2011-04-14 20:52 -------- d-----w- c:\users\kbalanis\AppData\Local\{06BD9DBF-CDEE-49EA-8CCE-3529EFA00C6C}
2011-04-14 20:51 . 2011-04-14 20:51 -------- d-----w- c:\users\kbalanis\AppData\Local\{6D6682A6-35A9-40EF-9C8B-87F116457AF3}
2011-04-14 20:50 . 2011-04-14 20:50 -------- d-----w- c:\users\kbalanis\AppData\Local\{BAC6BC2D-E3F6-4067-9E88-B90CD31914CB}
2011-04-13 15:01 . 2011-03-03 06:24 183296 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-11 14:51 . 2011-04-11 14:51 -------- d-----w- C:\CTS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-04 23:50 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-05-04 23:50 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-03-16 14:52 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-04 06:19 . 2011-04-27 15:00 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19 . 2011-04-27 15:00 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-02-19 12:05 . 2011-03-09 15:03 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 12:04 . 2011-03-09 15:03 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 12:04 . 2011-03-09 15:03 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 06:30 . 2011-03-09 15:03 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 06:30 . 2011-03-09 15:03 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-04-23 1314816]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2009-01-16 136512]
"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-04-30 124240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-11-04 611712]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files (x86)\Common Files\Autodesk Shared\acstart16.exe [2005-3-5 10872]
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2010-2-8 1416560]
TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2010-3-29 185192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-01-04 1436424]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 w4shwdrv;w4shwdrv;c:\users\kbalanis\AppData\Local\Temp\w4s266A.tmp [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2010-02-08 515952]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2009-04-30 19720]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-10-27 6807656]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2010-03-29 18:00 60784 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2010-03-29 18:00 60784 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-12-03 1712232]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-11-02 657920]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-06-22 34232]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\w4shwdrv]
"ImagePath"="\??\c:\users\kbalanis\AppData\Local\Temp\w4s266A.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1369809732-1291637309-727275192-1616\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1369809732-1291637309-727275192-1616\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-05 08:34:11
ComboFix-quarantined-files.txt 2011-05-05 15:34
.
Pre-Run: 256,822,259,712 bytes free
Post-Run: 256,571,719,680 bytes free
.
- - End Of File - - 0703D1EB62ED721CE00D5E5DEE8C7FFF

Even though I have ScripScan disabled in McAfee I couldn't get the DDS file to work. I got it to work last time though, I don't get it.

#7 kbalanis

kbalanis

    New Member

  • Members
  • Pip
  • 8 posts

Posted 05 May 2011 - 11:56 AM

Attached File  Attach.txt   10.69KB   23 downloadsI was able to get the DDS.scr file to work. Here is the DDS.txt log:

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by kbalanis at 9:50:50.63 on Thu 05/05/2011
Internet Explorer: 8.0.7601.17514
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8190.5819 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe
C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\PanelHelper32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 7\PSP.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\kbalanis\Desktop\dds.com
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Trend Micro NSC BHO: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - TmIEPlugInBHO Class
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTOCA~1.LNK - C:\Program Files (x86)\Common Files\Autodesk Shared\acstart16.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLCO~1.LNK - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TDMNOT~1.LNK - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll
BHO-X64: Trend Micro NSC BHO - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
mRun-x64: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
mRun-x64: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
mRun-x64: [DellControlPoint] "c:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe"
mRun-x64: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-10-15 466944]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-10-12 55280]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2010-2-8 515952]
R2 McAfeeEngineService;McAfee Engine Service;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2009-4-29 19720]
R2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2009-1-16 103744]
R2 McShield;McAfee McShield;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe [2009-4-29 176872]
R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [2009-4-29 62800]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2010-10-15 78992]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-10-27 6807656]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-10-15 120096]
S2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-1-4 1436424]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2010-10-15 76696]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-4 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-15 1255736]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2011-05-05 16:37:32 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-05 15:34:35 -------- d-sh--w- C:\$RECYCLE.BIN
2011-05-05 15:22:54 -------- d-----w- C:\ComboFix
2011-05-04 23:44:02 -------- d-----w- C:\Windows\System32\SPReview
2011-05-04 23:42:19 -------- d-----w- C:\Windows\System32\EventProviders
2011-05-04 23:37:59 905216 ----a-w- C:\Windows\SysWow64\mmsys.cpl
2011-05-04 23:36:47 209920 ----a-w- C:\Windows\SysWow64\PkgMgr.exe
2011-05-04 23:36:47 189952 ----a-w- C:\Windows\SysWow64\wdscore.dll
2011-05-04 23:36:31 323072 ----a-w- C:\Windows\SysWow64\drvstore.dll
2011-05-04 23:36:31 257024 ----a-w- C:\Windows\SysWow64\dpx.dll
2011-05-04 23:36:24 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2011-05-04 23:36:24 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2011-05-04 23:34:41 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-05-04 23:34:41 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2011-05-04 23:34:41 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll
2011-05-04 23:34:29 933376 ----a-w- C:\Windows\System32\SmiEngine.dll
2011-05-04 23:34:21 199168 ----a-w- C:\Windows\System32\PkgMgr.exe
2011-05-04 23:33:48 422912 ----a-w- C:\Windows\System32\drvstore.dll
2011-05-04 23:33:47 399872 ----a-w- C:\Windows\System32\dpx.dll
2011-05-04 23:02:09 -------- d-----w- C:\8bd29fcf06f28268469d6a56
2011-05-03 00:11:07 -------- d-----w- C:\PROGRA~3\SUPERAntiSpyware.com
2011-05-03 00:04:56 -------- d-----w- C:\Users\kbalanis\AppData\Local\TuneUpMedic
2011-04-29 16:10:54 -------- d-----w- C:\Users\kbalanis\AppData\Roaming\AVG10
2011-04-29 16:05:36 -------- d--h--w- C:\PROGRA~3\Common Files
2011-04-29 16:04:57 -------- d-----w- C:\PROGRA~3\AVG10
2011-04-29 16:04:24 -------- d-----w- C:\Program Files (x86)\AVG
2011-04-29 15:57:50 -------- d-----w- C:\PROGRA~3\MFAData
2011-04-28 19:26:12 -------- d-----w- C:\Users\kbalanis\AppData\Local\Threat Expert
2011-04-28 18:36:49 89088 ----a-w- C:\Windows\MBR.exe
2011-04-28 18:36:47 98816 ----a-w- C:\Windows\sed.exe
2011-04-28 18:36:47 256512 ----a-w- C:\Windows\PEV.exe
2011-04-28 18:36:47 161792 ----a-w- C:\Windows\SWREG.exe
2011-04-28 18:06:03 -------- d-----w- C:\PROGRA~3\Kaspersky Lab Setup Files
2011-04-28 15:53:11 19528 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2011-04-28 15:53:09 -------- d-----w- C:\Program Files\Hitman Pro 3.5
2011-04-28 15:52:54 -------- d-----w- C:\PROGRA~3\Hitman Pro
2011-04-27 15:01:01 2871808 ----a-w- C:\Windows\explorer.exe
2011-04-27 15:01:01 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
2011-04-26 18:34:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-04-25 22:23:33 -------- d-----w- C:\Users\kbalanis\AppData\Local\Wave Systems Corp
2011-04-25 18:08:39 -------- d-----w- C:\Users\kbalanis\AppData\Roaming\IObit
2011-04-25 17:59:16 8802128 ------w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
2011-04-25 17:25:23 -------- d-----w- C:\Users\kbalanis\AppData\Roaming\ParetoLogic
2011-04-25 17:25:23 -------- d-----w- C:\Users\kbalanis\AppData\Roaming\DriverCure
2011-04-25 17:25:12 -------- d-----w- C:\PROGRA~3\ParetoLogic
2011-04-22 00:24:03 -------- d-----w- C:\Users\kbalanis\AppData\Roaming\Malwarebytes
2011-04-22 00:23:59 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-04-22 00:23:56 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-04-20 23:50:20 -------- d-----w- C:\Users\kbalanis\AppData\Local\{FC297FF4-13DE-493F-A0FB-D9B79D83B1CD}
2011-04-19 14:22:37 8802128 ------w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{ACE488A6-8877-4AD8-AFE8-100C60025AD1}\mpengine.dll
2011-04-15 23:55:32 -------- d-----w- C:\Users\kbalanis\AppData\Local\{B916030E-4E6C-4C9D-8A9E-12C87CF716D6}
2011-04-15 23:53:54 56832 ----a-w- C:\Windows\SysWow64\Iyvu9_32.dll
2011-04-15 23:53:54 391168 ----a-w- C:\Windows\SysWow64\i263_32.drv
2011-04-15 23:53:54 27648 ----a-w- C:\Windows\SysWow64\ir50_lcs.dll
2011-04-15 23:53:54 143872 ----a-w- C:\Windows\SysWow64\iacenc.dll
2011-04-15 23:53:40 305152 ----a-w- C:\Windows\IsUninst.exe
2011-04-15 23:02:48 175616 ----a-w- C:\Windows\SysWow64\unrar.dll
2011-04-15 22:57:18 737072 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-04-15 22:56:46 4283672 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-04-15 22:56:18 42776 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-04-15 22:56:10 539968 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-04-15 22:56:10 -------- d-----w- C:\Users\kbalanis\AppData\Local\{AF809551-663D-4FCB-B7F2-3963393B2015}
2011-04-15 18:42:19 -------- d-----w- C:\Users\kbalanis\AppData\Local\{C8CB5FA3-EB69-4EE6-A995-8708C862B5C8}
2011-04-15 18:41:56 -------- d-----w- C:\Users\kbalanis\AppData\Local\{EB6F81BC-E876-4A38-9B41-F12103101298}
2011-04-15 16:30:05 -------- d-----w- C:\Users\kbalanis\AppData\Local\{86C5F188-1C3C-4E2D-B30A-EE32C33D0F2E}
2011-04-15 16:04:00 -------- d-----w- C:\Users\kbalanis\AppData\Local\{3A9D6DA1-5646-4B8B-B389-9D6A0E8A5F9C}
2011-04-14 20:57:52 -------- d-----w- C:\Users\kbalanis\AppData\Local\{0622E935-683C-45F8-B81C-17261BE92DBC}
2011-04-14 20:55:26 -------- d-----w- C:\Users\kbalanis\AppData\Local\{F390F25A-942B-4075-B28E-E1278A487295}
2011-04-14 20:53:58 -------- d-----w- C:\Users\kbalanis\AppData\Local\{8F67EFFB-85FA-4636-8D08-0FF915FC6EA6}
2011-04-14 20:52:29 -------- d-----w- C:\Users\kbalanis\AppData\Local\{06BD9DBF-CDEE-49EA-8CCE-3529EFA00C6C}
2011-04-14 20:51:22 -------- d-----w- C:\Users\kbalanis\AppData\Local\{6D6682A6-35A9-40EF-9C8B-87F116457AF3}
2011-04-14 20:50:28 -------- d-----w- C:\Users\kbalanis\AppData\Local\{BAC6BC2D-E3F6-4067-9E88-B90CD31914CB}
2011-04-11 14:51:27 -------- d-----w- C:\CTS
.
==================== Find3M ====================
.
2011-05-04 23:50:42 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-05-04 23:50:41 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-04-16 18:45:29 848 --sha-w- C:\Windows\SysWow64\KGyGaAvL.sys
2011-03-12 12:08:49 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-03-12 11:23:45 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-03-11 06:41:37 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-03-11 06:41:34 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-03-11 06:41:34 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-03-11 06:41:34 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-03-11 06:41:26 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-03-11 06:41:12 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2011-03-11 06:41:12 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2011-03-11 06:34:51 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-11 06:34:50 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-11 06:33:29 2565632 ----a-w- C:\Windows\System32\esent.dll
2011-03-11 06:30:28 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-03-11 05:33:59 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:33:59 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-11 05:33:09 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2011-03-11 05:31:07 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-03-08 06:29:32 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-08 05:28:29 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-07 06:31:44 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-03-07 05:33:13 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-03-07 04:24:34 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-03-07 03:52:25 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-03-04 06:19:28 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19:27 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:24:16 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-03-03 06:21:57 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-03-03 05:36:16 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-03-03 03:52:08 3135488 ----a-w- C:\Windows\System32\win32k.sys
2011-02-24 06:15:44 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-02-24 05:38:54 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-02-23 04:56:31 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-02-23 04:56:27 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-02-23 04:56:03 411648 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-02-23 04:55:47 167936 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-02-23 04:55:12 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-02-23 04:55:12 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-02-23 04:55:04 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-02-19 12:05:15 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2011-02-19 12:04:37 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2011-02-19 12:04:17 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-02-19 12:03:46 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-02-19 09:00:32 367616 ----a-w- C:\Windows\System32\atmfd.dll
2011-02-19 06:30:51 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-02-19 06:30:50 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-02-19 06:30:46 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-02-19 04:34:54 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-02-18 10:56:44 613376 ----a-w- C:\Windows\System32\vbscript.dll
2011-02-18 10:51:16 31232 ----a-w- C:\Windows\System32\prevhost.exe
2011-02-18 05:43:28 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-02-18 05:39:44 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-02-12 11:34:16 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2011-02-05 17:10:16 642944 ----a-w- C:\Windows\System32\winload.efi
2011-02-05 17:10:08 20352 ----a-w- C:\Windows\System32\kdusb.dll
2011-02-05 17:10:08 19328 ----a-w- C:\Windows\System32\kd1394.dll
2011-02-05 17:10:08 17792 ----a-w- C:\Windows\System32\kdcom.dll
2011-02-05 17:06:41 605552 ----a-w- C:\Windows\System32\winload.exe
2011-02-05 17:06:41 566208 ----a-w- C:\Windows\System32\winresume.efi
2011-02-05 17:06:41 518672 ----a-w- C:\Windows\System32\winresume.exe
.
============= FINISH: 9:51:35.28 ===============


I've also attached the attach.txt log to this post.

#8 kbalanis

kbalanis

    New Member

  • Members
  • Pip
  • 8 posts

Posted 05 May 2011 - 05:54 PM

Please close this thread as it looks like I'm going to have to do a clean install of Windows 7 to repair my problem. Thanks.

#9 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 06 May 2011 - 07:31 PM

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users