flipper202

Members
  • Content count

    19
  • Joined

  • Last visited

About flipper202

  • Rank
    New Member
  1. Hey Maniac, Ran a full scan and everything looks fine. Thank you again for all your help
  2. Hey Maniac, I think it worked! I can restart Windows Security Center and Microsoft Security Essentials. Google seems to be sending me to the right place as well. Thank you! Alex
  3. Maniac, Seems like I just have to re-enable Windows Security Center. Here is the log: Farbar Service Scanner Version: 01-03-2012 Ran by User (administrator) on 11-04-2012 at 08:55:25 Running from "C:\Users\User\Downloads" Microsoft Windows 7 Home Premium Service Pack 1 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Yahoo IP is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ wscsvc Service is not running. Checking service configuration: The start type of wscsvc service is set to Disabled. The default start type is Auto. The ImagePath of wscsvc service is OK. The ServiceDll of wscsvc service is OK. Windows Update: ============ File Check: ======== C:\Windows\system32\nsisvc.dll => MD5 is legit C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit C:\Windows\system32\dhcpcore.dll => MD5 is legit C:\Windows\system32\Drivers\afd.sys => MD5 is legit C:\Windows\system32\Drivers\tdx.sys => MD5 is legit C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit C:\Windows\system32\dnsrslvr.dll => MD5 is legit C:\Windows\system32\mpssvc.dll => MD5 is legit C:\Windows\system32\bfe.dll => MD5 is legit C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit C:\Windows\system32\SDRSVC.dll => MD5 is legit C:\Windows\system32\vssvc.exe => MD5 is legit C:\Windows\system32\wscsvc.dll => MD5 is legit C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\system32\wuaueng.dll => MD5 is legit C:\Windows\system32\qmgr.dll => MD5 is legit C:\Windows\system32\es.dll => MD5 is legit C:\Windows\system32\cryptsvc.dll => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit **** End of log ****
  4. Google seems to be fine now. Ran a couple searches and didn't send me to some weird ad pages. Only problem is that I still can't turn on Windows Security Center and it won't let me run a scan of Microsoft Security Essentials. Should I re-install them?
  5. Maniac, Please see the log below: MiniToolBox by Farbar Version: 18-01-2012 Ran by User (administrator) on 10-04-2012 at 00:06:46 Microsoft Windows 7 Home Premium Service Pack 1 (X86) Boot Mode: Normal *************************************************************************** ========================= Flush DNS: =================================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========================= IE Proxy Settings: ============================== Proxy is not enabled. No Proxy Server is set. "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= Hosts content: ================================= 127.0.0.1 localhost ========================= IP Configuration: ================================ Intel® WiFi Link 1000 BGN = Wireless Network Connection 2 (Connected) Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20) = Local Area Connection (Media disconnected) TAP-Win32 Adapter V9 = Local Area Connection 2 (Media disconnected) # ---------------------------------- # IPv4 Configuration # ---------------------------------- pushd interface ipv4 reset set global popd # End of IPv4 configuration Windows IP Configuration Host Name . . . . . . . . . . . . : User-PC Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : lan Ethernet adapter Local Area Connection 2: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : TAP-Win32 Adapter V9 Physical Address. . . . . . . . . : 00-FF-19-D5-15-E1 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Wireless LAN adapter Wireless Network Connection 2: Connection-specific DNS Suffix . : lan Description . . . . . . . . . . . : Intel® WiFi Link 1000 BGN Physical Address. . . . . . . . . : 00-1E-64-29-4E-76 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::bc1c:259c:9149:fb51%13(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.1.65(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : 06 April 2012 19:43:37 Lease Expires . . . . . . . . . . : 10 April 2012 15:29:45 Default Gateway . . . . . . . . . : 192.168.1.254 DHCP Server . . . . . . . . . . . : 192.168.1.254 DHCPv6 IAID . . . . . . . . . . . : 335552100 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-BC-91-0E-00-26-2D-70-52-B7 DNS Servers . . . . . . . . . . . : 192.168.1.254 NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20) Physical Address. . . . . . . . . : 00-26-2D-70-52-B7 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{19D515E1-851B-4B8B-B932-FED1713FC829}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Teredo Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:1498:1d9f:a13d:9821(Preferred) Link-local IPv6 Address . . . . . : fe80::1498:1d9f:a13d:9821%12(Preferred) Default Gateway . . . . . . . . . : :: NetBIOS over Tcpip. . . . . . . . : Disabled Tunnel adapter isatap.lan: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : lan Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{1CAC04CD-6190-4548-83B7-7D9E69D64440}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Server: dsldevice.lan Address: 192.168.1.254 Name: google.com Addresses: 173.194.34.164 173.194.34.161 173.194.34.162 173.194.34.168 173.194.34.163 173.194.34.169 173.194.34.166 173.194.34.165 173.194.34.160 173.194.34.167 173.194.34.174 Pinging google.com [173.194.34.104] with 32 bytes of data: Reply from 173.194.34.104: bytes=32 time=23ms TTL=57 Reply from 173.194.34.104: bytes=32 time=24ms TTL=57 Ping statistics for 173.194.34.104: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 23ms, Maximum = 24ms, Average = 23ms Server: dsldevice.lan Address: 192.168.1.254 Name: yahoo.com Addresses: 98.139.183.24 209.191.122.70 72.30.38.140 Pinging yahoo.com [209.191.122.70] with 32 bytes of data: Reply from 209.191.122.70: bytes=32 time=145ms TTL=54 Reply from 209.191.122.70: bytes=32 time=145ms TTL=54 Ping statistics for 209.191.122.70: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 145ms, Maximum = 145ms, Average = 145ms Server: dsldevice.lan Address: 192.168.1.254 Name: bleepingcomputer.com Address: 208.43.87.2 Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data: Reply from 208.43.87.2: Destination host unreachable. Reply from 208.43.87.2: Destination host unreachable. Ping statistics for 208.43.87.2: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms =========================================================================== Interface List 14...00 ff 19 d5 15 e1 ......TAP-Win32 Adapter V9 13...00 1e 64 29 4e 76 ......Intel® WiFi Link 1000 BGN 10...00 26 2d 70 52 b7 ......Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20) 1...........................Software Loopback Interface 1 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface 18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3 =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.65 26 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.1.0 255.255.255.0 On-link 192.168.1.65 281 192.168.1.65 255.255.255.255 On-link 192.168.1.65 281 192.168.1.255 255.255.255.255 On-link 192.168.1.65 281 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.1.65 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.1.65 281 =========================================================================== Persistent Routes: None IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 12 58 ::/0 On-link 1 306 ::1/128 On-link 12 58 2001::/32 On-link 12 306 2001:0:5ef5:79fd:1498:1d9f:a13d:9821/128 On-link 13 281 fe80::/64 On-link 12 306 fe80::/64 On-link 12 306 fe80::1498:1d9f:a13d:9821/128 On-link 13 281 fe80::bc1c:259c:9149:fb51/128 On-link 1 306 ff00::/8 On-link 12 306 ff00::/8 On-link 13 281 ff00::/8 On-link =========================================================================== Persistent Routes: None ========================= Winsock entries ===================================== Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation) Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation) Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.) Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.) Catalog5 07 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation) Catalog5 08 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation) Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 27 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 28 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 29 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 30 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 31 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 32 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 33 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 34 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) ========================= Event log errors: =============================== Application errors: ================== Error: (04/09/2012 11:22:25 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (04/09/2012 11:22:00 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (04/09/2012 11:21:07 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "imaging1".Error in manifest or policy file "imaging2" on line imaging3. The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows. Error: (04/09/2012 11:20:18 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (04/09/2012 11:19:25 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (04/07/2012 02:20:51 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "imaging1".Error in manifest or policy file "imaging2" on line imaging3. The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows. Error: (04/07/2012 02:20:10 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (04/07/2012 02:19:38 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (04/05/2012 11:46:37 PM) (Source: Application Error) (User: ) Description: Faulting application name: Skype.exe, version: 5.8.0.158, time stamp: 0x4f4de709 Faulting module name: Skype.exe, version: 5.8.0.158, time stamp: 0x4f4de709 Exception code: 0xc0000005 Fault offset: 0x001e4f47 Faulting process id: 0xba8 Faulting application start time: 0xSkype.exe0 Faulting application path: Skype.exe1 Faulting module path: Skype.exe2 Report Id: Skype.exe3 Error: (04/05/2012 10:31:23 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "imaging1".Error in manifest or policy file "imaging2" on line imaging3. The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows. System errors: ============= Error: (04/10/2012 00:06:35 AM) (Source: NetBT) (User: ) Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.65. The computer with the IP address 192.168.1.66 did not allow the name to be claimed by this computer. Error: (04/10/2012 00:01:25 AM) (Source: NetBT) (User: ) Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.65. The computer with the IP address 192.168.1.66 did not allow the name to be claimed by this computer. Error: (04/09/2012 11:56:15 PM) (Source: NetBT) (User: ) Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.65. The computer with the IP address 192.168.1.66 did not allow the name to be claimed by this computer. Error: (04/09/2012 11:51:05 PM) (Source: NetBT) (User: ) Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.65. The computer with the IP address 192.168.1.66 did not allow the name to be claimed by this computer. Error: (04/09/2012 11:45:55 PM) (Source: NetBT) (User: ) Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.65. The computer with the IP address 192.168.1.66 did not allow the name to be claimed by this computer. Error: (04/09/2012 11:40:45 PM) (Source: NetBT) (User: ) Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.65. The computer with the IP address 192.168.1.66 did not allow the name to be claimed by this computer. Error: (04/09/2012 11:35:35 PM) (Source: NetBT) (User: ) Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.65. The computer with the IP address 192.168.1.66 did not allow the name to be claimed by this computer. Error: (04/09/2012 11:30:25 PM) (Source: NetBT) (User: ) Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.65. The computer with the IP address 192.168.1.66 did not allow the name to be claimed by this computer. Error: (04/09/2012 11:25:15 PM) (Source: NetBT) (User: ) Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.65. The computer with the IP address 192.168.1.66 did not allow the name to be claimed by this computer. Error: (04/09/2012 11:20:05 PM) (Source: NetBT) (User: ) Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.65. The computer with the IP address 192.168.1.66 did not allow the name to be claimed by this computer. Microsoft Office Sessions: ========================= =========================== Installed Programs ============================ Update for Microsoft Office 2007 (KB2508958) Adobe Flash Player 11 ActiveX (Version: 11.1.102.63) Apple Software Update (Version: 2.1.1.116) BlackBerry Desktop Software 6.1 (Version: 6.1.0.36) BlackBerry Device Software Updater (Version: 6.0.1.37) Broadcom 802.11 Wireless LAN Adapter (Version: 4.10.47.0) Broadcom Wireless Utility (Version: 4.10.47.0) Cisco EAP-FAST Module (Version: 2.2.14) D3DX10 (Version: 15.4.2368.0902) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition DivX Setup (Version: 2.6.1.8) Dropbox (Version: 1.3.34) DVD43 v4.6.0 Google Chrome (Version: 18.0.1025.151) GStreamer WinBuilds 0.10.6 (GPL) (Version: 0.10.6) HandBrake 0.9.6 (Version: 0.9.6) HP MediaSmart Server 3.0 Update 1 (Version: 3.0.14.33080) HP Update (Version: 4.000.011.006) Java Auto Updater (Version: 2.0.7.1) Java 6 Update 31 (Version: 6.0.310) Lightworks (Version: 10.0.35.0) Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000) Mesh Runtime (Version: 15.4.5722.2) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft Antimalware (Version: 3.0.8402.2) Microsoft Application Error Reporting (Version: 12.0.6012.5000) Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000) Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office File Validation Add-In (Version: 14.0.5130.5003) Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000) Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000) Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014) Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Single Image 2010 (Version: 14.0.6029.1000) Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Security Client (Version: 2.1.1116.0) Microsoft Security Essentials (Version: 2.1.1116.0) Microsoft Silverlight (Version: 4.1.10111.0) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) MSVCRT (Version: 15.4.2862.0708) Nitro Reader 2 (Version: 2.2.1.14) Picasa 3 (Version: 3.8) QuickTime (Version: 7.62.14.0) Skype Click to Call (Version: 5.9.9216) Skype™ 5.8 (Version: 5.8.158) Spotify (Version: 0.8.2.610.g090a06f8) TunnelBear 1.0.29 (Version: 1.0.29) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition Update for Microsoft Outlook Social Connector (KB2583935) VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0) VLC media player 2.0.0 (Version: 2.0.0) Windows Driver Package - Intel (NETwLv32) net (10/07/2010 13.4.0.139) (Version: 10/07/2010 13.4.0.139) Windows Driver Package - Intel (NETwNs32) net (10/27/2011 14.3.0.6) (Version: 10/27/2011 14.3.0.6) Windows Home Server Connector (Version: 6.0.3436.0) Windows Live Communications Platform (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3538.0513) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0) Windows Live Installer (Version: 15.4.3502.0922) Windows Live Mesh (Version: 15.4.3502.0922) Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2) Windows Live PIMT Platform (Version: 15.4.3508.1109) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (Version: 15.4.3502.0922) Windows Live SOXE Definitions (Version: 15.4.3502.0922) Windows Live UX Platform (Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (Version: 15.4.3508.1109) ========================= Devices: ================================ Name: catchme Description: catchme Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: catchme Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ========================= Memory info: =================================== Percentage of memory in use: 39% Total physical RAM: 1978.79 MB Available physical RAM: 1198.13 MB Total Pagefile: 4212.32 MB Available Pagefile: 2832.63 MB Total Virtual: 2047.88 MB Available Virtual: 1933.21 MB ========================= Partitions: ===================================== 1 Drive c: () (Fixed) (Total:465.66 GB) (Free:385.96 GB) NTFS 2 Drive d: (MTD0EUF1 ) (CDROM) (Total:6.87 GB) (Free:0 GB) UDF ========================= Users: ======================================== User accounts for \\USER-PC Administrator Guest Mcx1-USER-PC User ========================= Minidump Files ================================== No minidump file found **** End of log ****
  6. Yeah, the sneaky thing is still there. In IE, still redirects on google results and won't let me run the Windows Security Center. Would it be better to re-run some of these processes in safe mode or with RKill?
  7. Goodmorning Maniac, here is my new combofix log file: ComboFix 12-04-08.02 - User 09/04/2012 10:29:56.3.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1979.1083 [GMT 1:00] Running from: c:\users\User\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-03-09 to 2012-04-09 ))))))))))))))))))))))))))))))) . . 2012-04-09 09:39 . 2012-04-09 09:39 -------- d-----w- c:\users\Mcx1-USER-PC\AppData\Local\temp 2012-04-09 09:39 . 2012-04-09 09:39 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-05 00:28 . 2012-04-05 00:28 -------- d-----w- c:\users\User\AppData\Roaming\QuickScan 2012-03-28 22:54 . 2012-04-09 09:07 -------- d-----w- c:\programdata\SecTaskMan 2012-03-27 22:45 . 2012-03-27 22:45 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes 2012-03-27 22:45 . 2012-03-27 22:45 -------- d-----w- c:\programdata\Malwarebytes 2012-03-27 22:45 . 2012-03-27 22:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-03-27 22:45 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-27 19:48 . 2012-04-04 23:30 -------- d-----w- c:\program files\Spybot - Search & Destroy 2012-03-27 19:48 . 2012-04-04 23:17 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-03-25 01:05 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BBA6C972-5613-475A-9C65-7219A969AC74}\mpengine.dll 2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr 2012-03-17 23:01 . 2012-03-17 23:01 18816 ----a-w- c:\windows\system32\drivers\dvd43llh.sys 2012-03-17 23:01 . 2012-03-17 23:01 -------- d-----w- c:\program files\dvd43 2012-03-17 20:31 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll 2012-03-17 20:31 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll 2012-03-16 20:29 . 2012-03-25 00:36 -------- d-----w- c:\users\User\AppData\Roaming\dvdcss 2012-03-16 20:28 . 2012-03-25 00:39 -------- d-----w- c:\users\User\AppData\Roaming\HandBrake 2012-03-15 03:01 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-03-15 03:01 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-15 01:12 . 2009-03-09 15:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll 2012-03-15 01:12 . 2009-03-16 14:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2012-03-15 01:12 . 2009-03-16 14:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll 2012-03-15 01:12 . 2009-03-16 14:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll 2012-03-15 01:11 . 2012-03-15 01:11 -------- d-----w- c:\program files\Lightworks 2012-03-15 00:36 . 2012-03-15 00:36 -------- d-----w- c:\program files\OSSBuild 2012-03-15 00:27 . 2012-03-15 00:41 -------- d-----w- c:\program files\Handbrake 2012-03-14 23:48 . 2012-03-14 23:48 -------- d-----w- c:\program files\Common Files\Java 2012-03-14 23:47 . 2012-03-14 23:47 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-03-14 23:47 . 2012-03-14 23:47 -------- d-----w- c:\program files\Java 2012-03-13 23:50 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys 2012-03-13 23:50 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll 2012-03-13 23:49 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-03-13 23:49 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-03-13 23:49 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-03-13 23:49 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll 2012-03-13 23:49 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-03-13 23:49 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-14 02:15 . 2012-02-05 04:33 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-03-06 23:50 . 2012-02-03 14:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-27 22:49 . 2012-02-27 22:49 53248 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe 2012-02-20 07:39 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll 2012-02-17 01:36 . 2011-03-28 18:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-02-10 16:58 . 2012-02-10 17:00 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7CDCC94C-D765-4D15-8A85-B8550996959A}\gapaengine.dll 2012-02-08 22:59 . 2012-02-12 23:30 27640 ----a-w- c:\windows\system32\nitrolocalmon2.dll 2012-02-08 22:59 . 2012-02-12 23:30 18936 ----a-w- c:\windows\system32\nitrolocalui2.dll 2012-02-06 19:23 . 2012-02-06 19:23 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2012-02-06 19:23 . 2012-02-06 19:23 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2012-02-06 19:22 . 2012-02-06 19:22 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-02-04 12:37 . 2012-02-10 17:00 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-02-04 00:23 . 2012-02-04 00:23 86528 ----a-w- c:\windows\system32\iesysprep.dll 2012-02-04 00:23 . 2012-02-04 00:23 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-02-04 00:23 . 2012-02-04 00:23 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-02-04 00:23 . 2012-02-04 00:23 74752 ----a-w- c:\windows\system32\iesetup.dll 2012-02-04 00:23 . 2012-02-04 00:23 63488 ----a-w- c:\windows\system32\tdc.ocx 2012-02-04 00:23 . 2012-02-04 00:23 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-02-04 00:23 . 2012-02-04 00:23 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-02-04 00:23 . 2012-02-04 00:23 367104 ----a-w- c:\windows\system32\html.iec 2012-02-04 00:23 . 2012-02-04 00:23 23552 ----a-w- c:\windows\system32\licmgr10.dll 2012-02-04 00:23 . 2012-02-04 00:23 161792 ----a-w- c:\windows\system32\msls31.dll 2012-02-04 00:23 . 2012-02-04 00:23 152064 ----a-w- c:\windows\system32\wextract.exe 2012-02-04 00:23 . 2012-02-04 00:23 150528 ----a-w- c:\windows\system32\iexpress.exe 2012-02-04 00:23 . 2012-02-04 00:23 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-02-04 00:23 . 2012-02-04 00:23 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-02-04 00:23 . 2012-02-04 00:23 35840 ----a-w- c:\windows\system32\imgutil.dll 2012-02-04 00:23 . 2012-02-04 00:23 11776 ----a-w- c:\windows\system32\mshta.exe 2012-02-04 00:23 . 2012-02-04 00:23 101888 ----a-w- c:\windows\system32\admparse.dll 2012-02-03 14:19 . 2011-10-31 15:56 7522304 ----a-w- c:\windows\system32\drivers\NETwNs32.sys 2012-02-03 14:19 . 2010-05-18 22:31 2760704 ----a-w- c:\windows\system32\NETwNr32.dll 2012-02-03 14:19 . 2010-05-18 22:29 684032 ----a-w- c:\windows\system32\NETwNc32.dll 2012-01-31 12:44 . 2012-02-02 19:02 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-01-17 04:39 . 2012-02-03 14:25 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A22EA17E-FE7D-457E-8232-0352C1BAC298}\mpengine.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552] "WLSync"="c:\program files\Windows Live\Mesh\WLSync.exe" [2011-05-13 1449312] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-01-19 1236992] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] "RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-23 827904] . c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-4-6 26945440] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2012-2-20 603504] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-01-31 158856] R3 CFcatchme;CFcatchme;c:\users\User\AppData\Local\Temp\CFcatchme.sys [x] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392] R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-06 1343400] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2011-01-10 239472] S2 esClient;Windows Media Center Client Service;c:\program files\Windows Home Server\esClient.exe [2011-01-10 97136] S2 HPMSSConnectorSvc;HPMSSConnectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe [2009-10-05 20992] S2 MediaCollectorService;MediaCollectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe [2009-10-05 81920] S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [2012-02-08 198136] S2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [2011-01-10 376688] S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-13 50688] S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2012-02-03 7522304] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 13167656 *NewlyCreated* - 1708232DRV *NewlyCreated* - ASWMBR *NewlyCreated* - KXLDAPOB *Deregistered* - aswMBR *Deregistered* - kxldapob . Contents of the 'Scheduled Tasks' folder . 2012-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4278735001-178053511-1665522800-1000Core.job - c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-03 20:55] . 2012-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4278735001-178053511-1665522800-1000UA.job - c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-03 20:55] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.254 . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(8048) c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . Completion time: 2012-04-09 10:43:11 ComboFix-quarantined-files.txt 2012-04-09 09:43 ComboFix2.txt 2012-04-06 15:37 . Pre-Run: 415,288,967,168 bytes free Post-Run: 415,231,205,376 bytes free . - - End Of File - - 8929F39A66A975EBC5F2EFDC585BAB94
  8. <p> </p> <div>Status: Disinfected (events: 1)<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div>08/04/2012 17:18:36<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program HEUR:Trojan.Win32.Generic<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\User\Downloads\google_.zip<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div>Status: Quarantined (events: 2)<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div>08/04/2012 17:18:36<span class="Apple-tab-span" style="white-space:pre"> </span>Quarantined<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program HEUR:Trojan.Win32.Generic<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\User\Downloads\google_.zip/google_.exe<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div>08/04/2012 17:18:36<span class="Apple-tab-span" style="white-space:pre"> </span>Quarantined<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program HEUR:Trojan.Win32.Generic<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\User\Downloads\google_.zip/google_.exe//UPX<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div> </div>
  9. <p>Maniac,</p> <p> </p> <p>See below the log:</p> <p> </p> <p> </p> <div>Status: Disinfected (events: 1)<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div>08/04/2012 17:18:36<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program HEUR:Trojan.Win32.Generic<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\User\Downloads\google_.zip<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div>Status: Quarantined (events: 2)<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div>08/04/2012 17:18:36<span class="Apple-tab-span" style="white-space:pre"> </span>Quarantined<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program HEUR:Trojan.Win32.Generic<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\User\Downloads\google_.zip/google_.exe<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div>08/04/2012 17:18:36<span class="Apple-tab-span" style="white-space:pre"> </span>Quarantined<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program HEUR:Trojan.Win32.Generic<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\User\Downloads\google_.zip/google_.exe//UPX<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div> </div>
  10. Maniac, I ran the scan again..this was the file that was in the threat quarantine: C:\\Windows\System32\C_20297U.dll thanks! Let me know what else I can do.
  11. <p>Hmmm not sure if this log correct:</p> <p> </p> <p> </p> <div>ESETSmartInstaller@High as CAB hook log:</div> <div>OnlineScanner.ocx - registred OK</div> <div> </div> <div>I did a scan and it came out that there was a threat that was quarantined. Let me know if I need to re-run.</div>
  12. Maniac, I think I did this right. Here is the log file for GMER GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-04-07 14:14:24 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST9500325AS rev.0001SDM1 Running: m0ic33pn.exe; Driver: C:\Users\User\AppData\Local\Temp\kxldapob.sys ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKey + 13C1 82A933D9 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82ACCD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ? C:\Users\User\AppData\Local\Temp\aswMBR.sys The system cannot find the file specified. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtCreateFile + 6 77CA55CE 4 Bytes [28, 00, 2D, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtCreateFile + B 77CA55D3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtMapViewOfSection + 6 77CA5C2E 1 Byte [28] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtMapViewOfSection + 6 77CA5C2E 4 Bytes [28, 03, 2D, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtMapViewOfSection + B 77CA5C33 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtOpenFile + 6 77CA5CDE 4 Bytes [68, 00, 2D, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtOpenFile + B 77CA5CE3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtOpenProcess + 6 77CA5D8E 4 Bytes [A8, 01, 2D, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtOpenProcess + B 77CA5D93 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtOpenProcessToken + 6 77CA5D9E 4 Bytes CALL 76CA8AA4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtOpenProcessToken + B 77CA5DA3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtOpenProcessTokenEx + 6 77CA5DAE 4 Bytes [A8, 02, 2D, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtOpenProcessTokenEx + B 77CA5DB3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtOpenThread + 6 77CA5E0E 4 Bytes [68, 01, 2D, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtOpenThread + B 77CA5E13 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtOpenThreadToken + 6 77CA5E1E 4 Bytes [68, 02, 2D, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtOpenThreadToken + B 77CA5E23 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtOpenThreadTokenEx + 6 77CA5E2E 4 Bytes CALL 76CA8B35 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtOpenThreadTokenEx + B 77CA5E33 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtQueryAttributesFile + 6 77CA5F3E 4 Bytes [A8, 00, 2D, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtQueryAttributesFile + B 77CA5F43 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtQueryFullAttributesFile + 6 77CA5FEE 4 Bytes CALL 76CA8CF3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtQueryFullAttributesFile + B 77CA5FF3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtSetInformationFile + 6 77CA663E 4 Bytes [28, 01, 2D, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtSetInformationFile + B 77CA6643 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtSetInformationThread + 6 77CA669E 4 Bytes [28, 02, 2D, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtSetInformationThread + B 77CA66A3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtUnmapViewOfSection + 6 77CA69BE 1 Byte [68] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtUnmapViewOfSection + 6 77CA69BE 4 Bytes [68, 03, 2D, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtUnmapViewOfSection + B 77CA69C3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtCreateFile + 6 77CA55CE 4 Bytes [28, 00, 13, 00] {SUB [EAX], AL; ADC EAX, [EAX]} .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtCreateFile + B 77CA55D3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtMapViewOfSection + 6 77CA5C2E 1 Byte [28] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtMapViewOfSection + 6 77CA5C2E 4 Bytes [28, 03, 13, 00] {SUB [EBX], AL; ADC EAX, [EAX]} .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtMapViewOfSection + B 77CA5C33 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenFile + 6 77CA5CDE 4 Bytes [68, 00, 13, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenFile + B 77CA5CE3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenProcess + 6 77CA5D8E 4 Bytes [A8, 01, 13, 00] {TEST AL, 0x1; ADC EAX, [EAX]} .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenProcess + B 77CA5D93 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenProcessToken + 6 77CA5D9E 4 Bytes CALL 76CA70A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenProcessToken + B 77CA5DA3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenProcessTokenEx + 6 77CA5DAE 4 Bytes [A8, 02, 13, 00] {TEST AL, 0x2; ADC EAX, [EAX]} .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenProcessTokenEx + B 77CA5DB3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenThread + 6 77CA5E0E 4 Bytes [68, 01, 13, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenThread + B 77CA5E13 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenThreadToken + 6 77CA5E1E 4 Bytes [68, 02, 13, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenThreadToken + B 77CA5E23 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenThreadTokenEx + 6 77CA5E2E 4 Bytes CALL 76CA7135 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenThreadTokenEx + B 77CA5E33 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtQueryAttributesFile + 6 77CA5F3E 4 Bytes [A8, 00, 13, 00] {TEST AL, 0x0; ADC EAX, [EAX]} .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtQueryAttributesFile + B 77CA5F43 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtQueryFullAttributesFile + 6 77CA5FEE 4 Bytes CALL 76CA72F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtQueryFullAttributesFile + B 77CA5FF3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtSetInformationFile + 6 77CA663E 4 Bytes [28, 01, 13, 00] {SUB [ECX], AL; ADC EAX, [EAX]} .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtSetInformationFile + B 77CA6643 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtSetInformationThread + 6 77CA669E 4 Bytes [28, 02, 13, 00] {SUB [EDX], AL; ADC EAX, [EAX]} .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtSetInformationThread + B 77CA66A3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtUnmapViewOfSection + 6 77CA69BE 1 Byte [68] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtUnmapViewOfSection + 6 77CA69BE 4 Bytes [68, 03, 13, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtUnmapViewOfSection + B 77CA69C3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtQueryInformationProcess 77CA6048 5 Bytes JMP 027B5A3A .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] GDI32.dll!ExtTextOutW 77398192 5 Bytes JMP 0279F09E .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] GDI32.dll!GetGlyphIndicesW 7739B78F 5 Bytes JMP 0279F52B .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] GDI32.dll!TextOutW 7739FDE4 5 Bytes JMP 0279EB6A .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] GDI32.dll!ExtTextOutA 773A03F9 5 Bytes JMP 0279EFBA .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] GDI32.dll!TextOutA 773A077D 5 Bytes JMP 0279EA9E .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] GDI32.dll!GetGlyphIndicesA 773BBB6A 5 Bytes JMP 0279F45E .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] USER32.dll!DrawTextExW 775D5894 5 Bytes JMP 0279EED3 .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] USER32.dll!DrawTextW 775D5B6A 5 Bytes JMP 0279ED11 .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] USER32.dll!SetClipboardData 775E2962 5 Bytes JMP 0279E987 .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] USER32.dll!DialogBoxParamW 775E3B9B 5 Bytes JMP 0279DC86 .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] USER32.dll!DrawTextA 775EAE29 5 Bytes JMP 0279EC36 .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] USER32.dll!DrawTextExA 775EAE60 5 Bytes JMP 0279EDEC .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] WS2_32.dll!closesocket 77DB3918 5 Bytes JMP 0279E8E0 .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] WS2_32.dll!getaddrinfo 77DB4296 5 Bytes JMP 0279D7D7 .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] WS2_32.dll!WSASend 77DB4406 5 Bytes JMP 0279E5A8 .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] WS2_32.dll!GetAddrInfoW 77DB4889 5 Bytes JMP 0279D8B7 .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] WS2_32.dll!recv 77DB6B0E 5 Bytes JMP 0279E4FA .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] WS2_32.dll!send 77DB6F01 5 Bytes JMP 0279E455 .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] WS2_32.dll!WSARecv 77DB7089 5 Bytes JMP 0279E67C .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] WS2_32.dll!WSAGetOverlappedResult 77DB7489 5 Bytes JMP 0279E7C0 .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] WS2_32.dll!WSAAsyncGetHostByName 77DC726A 5 Bytes JMP 0279DBA7 .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] WS2_32.dll!gethostbyname 77DC7673 5 Bytes JMP 0279D716 .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] WININET.dll!InternetCrackUrlA 77710326 5 Bytes JMP 0279F7F1 .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] WININET.dll!InternetCrackUrlW 77723129 5 Bytes JMP 0279F93A .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtCreateFile + 6 77CA55CE 4 Bytes [28, 00, 0A, 00] {SUB [EAX], AL; OR AL, [EAX]} .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtCreateFile + B 77CA55D3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtMapViewOfSection + 6 77CA5C2E 1 Byte [28] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtMapViewOfSection + 6 77CA5C2E 4 Bytes [28, 03, 0A, 00] {SUB [EBX], AL; OR AL, [EAX]} .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtMapViewOfSection + B 77CA5C33 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenFile + 6 77CA5CDE 4 Bytes [68, 00, 0A, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenFile + B 77CA5CE3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenProcess + 6 77CA5D8E 4 Bytes [A8, 01, 0A, 00] {TEST AL, 0x1; OR AL, [EAX]} .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenProcess + B 77CA5D93 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenProcessToken + 6 77CA5D9E 4 Bytes CALL 76CA67A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenProcessToken + B 77CA5DA3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenProcessTokenEx + 6 77CA5DAE 4 Bytes [A8, 02, 0A, 00] {TEST AL, 0x2; OR AL, [EAX]} .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenProcessTokenEx + B 77CA5DB3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenThread + 6 77CA5E0E 4 Bytes [68, 01, 0A, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenThread + B 77CA5E13 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenThreadToken + 6 77CA5E1E 4 Bytes [68, 02, 0A, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenThreadToken + B 77CA5E23 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenThreadTokenEx + 6 77CA5E2E 4 Bytes CALL 76CA6835 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenThreadTokenEx + B 77CA5E33 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtQueryAttributesFile + 6 77CA5F3E 4 Bytes [A8, 00, 0A, 00] {TEST AL, 0x0; OR AL, [EAX]} .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtQueryAttributesFile + B 77CA5F43 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtQueryFullAttributesFile + 6 77CA5FEE 4 Bytes CALL 76CA69F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtQueryFullAttributesFile + B 77CA5FF3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtSetInformationFile + 6 77CA663E 4 Bytes [28, 01, 0A, 00] {SUB [ECX], AL; OR AL, [EAX]} .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtSetInformationFile + B 77CA6643 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtSetInformationThread + 6 77CA669E 4 Bytes [28, 02, 0A, 00] {SUB [EDX], AL; OR AL, [EAX]} .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtSetInformationThread + B 77CA66A3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtUnmapViewOfSection + 6 77CA69BE 1 Byte [68] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtUnmapViewOfSection + 6 77CA69BE 4 Bytes [68, 03, 0A, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtUnmapViewOfSection + B 77CA69C3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtCreateFile + 6 77CA55CE 4 Bytes [28, 00, 48, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtCreateFile + B 77CA55D3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtMapViewOfSection + 6 77CA5C2E 1 Byte [28] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtMapViewOfSection + 6 77CA5C2E 4 Bytes [28, 03, 48, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtMapViewOfSection + B 77CA5C33 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenFile + 6 77CA5CDE 4 Bytes [68, 00, 48, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenFile + B 77CA5CE3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenProcess + 6 77CA5D8E 4 Bytes [A8, 01, 48, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenProcess + B 77CA5D93 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenProcessToken + 6 77CA5D9E 4 Bytes CALL 76CAA5A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenProcessToken + B 77CA5DA3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenProcessTokenEx + 6 77CA5DAE 4 Bytes [A8, 02, 48, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenProcessTokenEx + B 77CA5DB3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenThread + 6 77CA5E0E 4 Bytes [68, 01, 48, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenThread + B 77CA5E13 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenThreadToken + 6 77CA5E1E 4 Bytes [68, 02, 48, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenThreadToken + B 77CA5E23 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenThreadTokenEx + 6 77CA5E2E 4 Bytes CALL 76CAA635 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenThreadTokenEx + B 77CA5E33 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtQueryAttributesFile + 6 77CA5F3E 4 Bytes [A8, 00, 48, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtQueryAttributesFile + B 77CA5F43 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtQueryFullAttributesFile + 6 77CA5FEE 4 Bytes CALL 76CAA7F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtQueryFullAttributesFile + B 77CA5FF3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtSetInformationFile + 6 77CA663E 4 Bytes [28, 01, 48, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtSetInformationFile + B 77CA6643 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtSetInformationThread + 6 77CA669E 4 Bytes [28, 02, 48, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtSetInformationThread + B 77CA66A3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtUnmapViewOfSection + 6 77CA69BE 1 Byte [68] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtUnmapViewOfSection + 6 77CA69BE 4 Bytes [68, 03, 48, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtUnmapViewOfSection + B 77CA69C3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtCreateFile + 6 77CA55CE 4 Bytes [28, 00, 31, 00] {SUB [EAX], AL; XOR [EAX], EAX} .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtCreateFile + B 77CA55D3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtMapViewOfSection + 6 77CA5C2E 1 Byte [28] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtMapViewOfSection + 6 77CA5C2E 4 Bytes [28, 03, 31, 00] {SUB [EBX], AL; XOR [EAX], EAX} .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtMapViewOfSection + B 77CA5C33 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenFile + 6 77CA5CDE 4 Bytes [68, 00, 31, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenFile + B 77CA5CE3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenProcess + 6 77CA5D8E 4 Bytes [A8, 01, 31, 00] {TEST AL, 0x1; XOR [EAX], EAX} .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenProcess + B 77CA5D93 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenProcessToken + 6 77CA5D9E 4 Bytes CALL 76CA8EA4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenProcessToken + B 77CA5DA3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenProcessTokenEx + 6 77CA5DAE 4 Bytes [A8, 02, 31, 00] {TEST AL, 0x2; XOR [EAX], EAX} .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenProcessTokenEx + B 77CA5DB3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenThread + 6 77CA5E0E 4 Bytes [68, 01, 31, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenThread + B 77CA5E13 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenThreadToken + 6 77CA5E1E 4 Bytes [68, 02, 31, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenThreadToken + B 77CA5E23 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenThreadTokenEx + 6 77CA5E2E 4 Bytes CALL 76CA8F35 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenThreadTokenEx + B 77CA5E33 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtQueryAttributesFile + 6 77CA5F3E 4 Bytes [A8, 00, 31, 00] {TEST AL, 0x0; XOR [EAX], EAX} .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtQueryAttributesFile + B 77CA5F43 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtQueryFullAttributesFile + 6 77CA5FEE 4 Bytes CALL 76CA90F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtQueryFullAttributesFile + B 77CA5FF3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtSetInformationFile + 6 77CA663E 4 Bytes [28, 01, 31, 00] {SUB [ECX], AL; XOR [EAX], EAX} .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtSetInformationFile + B 77CA6643 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtSetInformationThread + 6 77CA669E 4 Bytes [28, 02, 31, 00] {SUB [EDX], AL; XOR [EAX], EAX} .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtSetInformationThread + B 77CA66A3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtUnmapViewOfSection + 6 77CA69BE 1 Byte [68] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtUnmapViewOfSection + 6 77CA69BE 4 Bytes [68, 03, 31, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtUnmapViewOfSection + B 77CA69C3 1 Byte [E2] ---- EOF - GMER 1.0.15 ----
  13. Maniac, here is the log aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-04-07 02:57:22 ----------------------------- 02:57:22.903 OS Version: Windows 6.1.7601 Service Pack 1 02:57:22.903 Number of processors: 2 586 0x170A 02:57:22.903 ComputerName: USER-PC UserName: User 02:57:24.385 Initialize success 02:58:17.854 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 02:58:17.858 Disk 0 Vendor: ST9500325AS 0001SDM1 Size: 476940MB BusType: 11 02:58:17.870 Disk 0 MBR read successfully 02:58:17.875 Disk 0 MBR scan 02:58:17.879 Disk 0 Windows 7 default MBR code 02:58:17.892 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 02:58:17.907 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848 02:58:17.915 Disk 0 scanning sectors +976771072 02:58:18.006 Disk 0 scanning C:\Windows\system32\drivers 02:58:25.033 Service scanning 02:58:40.378 Modules scanning 02:58:49.340 Disk 0 trace - called modules: 02:58:49.372 ntkrnlpa.exe CLASSPNP.SYS disk.sys dvd43llh.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys 02:58:49.372 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8562f7d0] 02:58:49.902 3 CLASSPNP.SYS[8898159e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x847ba030] 02:58:49.902 \Driver\atapi[0x85137f38] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> dvd43llh.sys[0x945c7b20] 02:58:49.918 Scan finished successfully 02:59:05.973 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat" 02:59:05.989 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"
  14. Maniac, Ok I've done that. See below: ComboFix 12-04-06.02 - User 06/04/2012 16:21:51.2.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1979.1260 [GMT 1:00] Running from: c:\users\User\Desktop\ComboFix.exe Command switches used :: c:\users\User\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . file zipped: c:\windows\system32\C_20297U.dll file zipped: c:\windows\Tasks\MQZBYM.job . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_69743802 . . ((((((((((((((((((((((((( Files Created from 2012-03-06 to 2012-04-06 ))))))))))))))))))))))))))))))) . . 2012-04-06 15:30 . 2012-04-06 15:30 -------- d-----w- c:\users\Mcx1-USER-PC\AppData\Local\temp 2012-04-06 15:30 . 2012-04-06 15:30 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-05 00:28 . 2012-04-05 00:28 -------- d-----w- c:\users\User\AppData\Roaming\QuickScan 2012-03-28 22:54 . 2012-03-28 22:57 -------- d-----w- c:\programdata\SecTaskMan 2012-03-28 22:54 . 2012-03-28 22:54 -------- d-----w- c:\program files\Security Task Manager 2012-03-27 22:45 . 2012-03-27 22:45 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes 2012-03-27 22:45 . 2012-03-27 22:45 -------- d-----w- c:\programdata\Malwarebytes 2012-03-27 22:45 . 2012-03-27 22:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-03-27 22:45 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-27 19:48 . 2012-04-04 23:30 -------- d-----w- c:\program files\Spybot - Search & Destroy 2012-03-27 19:48 . 2012-04-04 23:17 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-03-25 13:26 . 2012-03-25 13:26 102912 --sha-r- c:\windows\system32\C_20297U.dll 2012-03-25 01:05 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BBA6C972-5613-475A-9C65-7219A969AC74}\mpengine.dll 2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr 2012-03-17 23:01 . 2012-03-17 23:01 18816 ----a-w- c:\windows\system32\drivers\dvd43llh.sys 2012-03-17 23:01 . 2012-03-17 23:01 -------- d-----w- c:\program files\dvd43 2012-03-17 20:31 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll 2012-03-17 20:31 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll 2012-03-16 20:29 . 2012-03-25 00:36 -------- d-----w- c:\users\User\AppData\Roaming\dvdcss 2012-03-16 20:28 . 2012-03-25 00:39 -------- d-----w- c:\users\User\AppData\Roaming\HandBrake 2012-03-15 03:01 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-03-15 03:01 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-15 01:12 . 2009-03-09 15:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll 2012-03-15 01:12 . 2009-03-16 14:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2012-03-15 01:12 . 2009-03-16 14:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll 2012-03-15 01:12 . 2009-03-16 14:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll 2012-03-15 01:11 . 2012-03-15 01:11 -------- d-----w- c:\program files\Lightworks 2012-03-15 00:36 . 2012-03-15 00:36 -------- d-----w- c:\program files\OSSBuild 2012-03-15 00:27 . 2012-03-15 00:41 -------- d-----w- c:\program files\Handbrake 2012-03-14 23:48 . 2012-03-14 23:48 -------- d-----w- c:\program files\Common Files\Java 2012-03-14 23:47 . 2012-03-14 23:47 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-03-14 23:47 . 2012-03-14 23:47 -------- d-----w- c:\program files\Java 2012-03-13 23:50 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys 2012-03-13 23:50 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll 2012-03-13 23:49 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-03-13 23:49 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-03-13 23:49 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-03-13 23:49 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll 2012-03-13 23:49 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-03-13 23:49 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-09 22:15 . 2012-04-05 22:26 -------- d-----w- c:\users\User\AppData\Roaming\vlc 2012-03-09 22:12 . 2012-03-09 22:12 -------- d-----w- c:\program files\VideoLAN . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-14 02:15 . 2012-02-05 04:33 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-03-06 23:50 . 2012-02-03 14:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-27 22:49 . 2012-02-27 22:49 53248 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe 2012-02-20 07:39 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll 2012-02-17 01:36 . 2011-03-28 18:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-02-10 16:58 . 2012-02-10 17:00 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7CDCC94C-D765-4D15-8A85-B8550996959A}\gapaengine.dll 2012-02-08 22:59 . 2012-02-12 23:30 27640 ----a-w- c:\windows\system32\nitrolocalmon2.dll 2012-02-08 22:59 . 2012-02-12 23:30 18936 ----a-w- c:\windows\system32\nitrolocalui2.dll 2012-02-06 19:23 . 2012-02-06 19:23 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2012-02-06 19:23 . 2012-02-06 19:23 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2012-02-06 19:22 . 2012-02-06 19:22 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-02-04 12:37 . 2012-02-10 17:00 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-02-04 00:23 . 2012-02-04 00:23 86528 ----a-w- c:\windows\system32\iesysprep.dll 2012-02-04 00:23 . 2012-02-04 00:23 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-02-04 00:23 . 2012-02-04 00:23 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-02-04 00:23 . 2012-02-04 00:23 74752 ----a-w- c:\windows\system32\iesetup.dll 2012-02-04 00:23 . 2012-02-04 00:23 63488 ----a-w- c:\windows\system32\tdc.ocx 2012-02-04 00:23 . 2012-02-04 00:23 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-02-04 00:23 . 2012-02-04 00:23 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-02-04 00:23 . 2012-02-04 00:23 367104 ----a-w- c:\windows\system32\html.iec 2012-02-04 00:23 . 2012-02-04 00:23 23552 ----a-w- c:\windows\system32\licmgr10.dll 2012-02-04 00:23 . 2012-02-04 00:23 161792 ----a-w- c:\windows\system32\msls31.dll 2012-02-04 00:23 . 2012-02-04 00:23 152064 ----a-w- c:\windows\system32\wextract.exe 2012-02-04 00:23 . 2012-02-04 00:23 150528 ----a-w- c:\windows\system32\iexpress.exe 2012-02-04 00:23 . 2012-02-04 00:23 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-02-04 00:23 . 2012-02-04 00:23 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-02-04 00:23 . 2012-02-04 00:23 35840 ----a-w- c:\windows\system32\imgutil.dll 2012-02-04 00:23 . 2012-02-04 00:23 11776 ----a-w- c:\windows\system32\mshta.exe 2012-02-04 00:23 . 2012-02-04 00:23 101888 ----a-w- c:\windows\system32\admparse.dll 2012-02-03 14:19 . 2011-10-31 15:56 7522304 ----a-w- c:\windows\system32\drivers\NETwNs32.sys 2012-02-03 14:19 . 2010-05-18 22:31 2760704 ----a-w- c:\windows\system32\NETwNr32.dll 2012-02-03 14:19 . 2010-05-18 22:29 684032 ----a-w- c:\windows\system32\NETwNc32.dll 2012-01-31 12:44 . 2012-02-02 19:02 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-01-17 04:39 . 2012-02-03 14:25 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A22EA17E-FE7D-457E-8232-0352C1BAC298}\mpengine.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552] "WLSync"="c:\program files\Windows Live\Mesh\WLSync.exe" [2011-05-13 1449312] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-01-19 1236992] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] "RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-23 827904] . c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-4-6 26945440] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2012-2-20 603504] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-01-31 158856] R3 CFcatchme;CFcatchme;c:\users\User\AppData\Local\Temp\CFcatchme.sys [x] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392] R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-06 1343400] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2011-01-10 239472] S2 esClient;Windows Media Center Client Service;c:\program files\Windows Home Server\esClient.exe [2011-01-10 97136] S2 HPMSSConnectorSvc;HPMSSConnectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe [2009-10-05 20992] S2 MediaCollectorService;MediaCollectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe [2009-10-05 81920] S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [2012-02-08 198136] S2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [2011-01-10 376688] S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-13 50688] S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2012-02-03 7522304] . . Contents of the 'Scheduled Tasks' folder . 2012-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4278735001-178053511-1665522800-1000Core.job - c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-03 20:55] . 2012-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4278735001-178053511-1665522800-1000UA.job - c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-03 20:55] . 2012-04-06 c:\windows\Tasks\MQZBYM.job - c:\windows\system32\C_20297U.dll [2012-03-25 13:26] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.254 . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(4040) c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\System32\WLTRYSVC.EXE c:\windows\System32\bcmwltry.exe c:\windows\system32\rundll32.exe c:\windows\system32\taskhost.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\conhost.exe c:\windows\system32\DllHost.exe c:\windows\system32\sppsvc.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\\?\c:\windows\system32\wbem\WMIADAP.EXE . ************************************************************************** . Completion time: 2012-04-06 16:36:48 - machine was rebooted ComboFix-quarantined-files.txt 2012-04-06 15:36 ComboFix2.txt 2012-04-06 14:04 . Pre-Run: 415,926,677,504 bytes free Post-Run: 415,690,604,544 bytes free . - - End Of File - - 8DF30253AE9173FEF3D7F33E2CC71704 Upload was successful
  15. Hey Maniac, Here is my combofix file log: ComboFix 12-04-06.02 - User 06/04/2012 14:52:29.1.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1979.1210 [GMT 1:00] Running from: c:\users\User\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe . . ((((((((((((((((((((((((( Files Created from 2012-03-06 to 2012-04-06 ))))))))))))))))))))))))))))))) . . 2012-04-06 14:00 . 2012-04-06 14:00 -------- d-----w- c:\users\Mcx1-USER-PC\AppData\Local\temp 2012-04-06 14:00 . 2012-04-06 14:00 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-05 00:28 . 2012-04-05 00:28 -------- d-----w- c:\users\User\AppData\Roaming\QuickScan 2012-03-28 22:54 . 2012-03-28 22:57 -------- d-----w- c:\programdata\SecTaskMan 2012-03-28 22:54 . 2012-03-28 22:54 -------- d-----w- c:\program files\Security Task Manager 2012-03-27 22:45 . 2012-03-27 22:45 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes 2012-03-27 22:45 . 2012-03-27 22:45 -------- d-----w- c:\programdata\Malwarebytes 2012-03-27 22:45 . 2012-03-27 22:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-03-27 22:45 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-27 19:48 . 2012-04-04 23:30 -------- d-----w- c:\program files\Spybot - Search & Destroy 2012-03-27 19:48 . 2012-04-04 23:17 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-03-25 13:26 . 2012-03-25 13:26 102912 --sha-r- c:\windows\system32\C_20297U.dll 2012-03-25 01:05 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BBA6C972-5613-475A-9C65-7219A969AC74}\mpengine.dll 2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr 2012-03-17 23:01 . 2012-03-17 23:01 18816 ----a-w- c:\windows\system32\drivers\dvd43llh.sys 2012-03-17 23:01 . 2012-03-17 23:01 -------- d-----w- c:\program files\dvd43 2012-03-17 20:31 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll 2012-03-17 20:31 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll 2012-03-16 20:29 . 2012-03-25 00:36 -------- d-----w- c:\users\User\AppData\Roaming\dvdcss 2012-03-16 20:28 . 2012-03-25 00:39 -------- d-----w- c:\users\User\AppData\Roaming\HandBrake 2012-03-15 03:01 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-03-15 03:01 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-15 01:12 . 2009-03-09 15:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll 2012-03-15 01:12 . 2009-03-16 14:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2012-03-15 01:12 . 2009-03-16 14:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll 2012-03-15 01:12 . 2009-03-16 14:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll 2012-03-15 01:11 . 2012-03-15 01:11 -------- d-----w- c:\program files\Lightworks 2012-03-15 00:36 . 2012-03-15 00:36 -------- d-----w- c:\program files\OSSBuild 2012-03-15 00:27 . 2012-03-15 00:41 -------- d-----w- c:\program files\Handbrake 2012-03-14 23:48 . 2012-03-14 23:48 -------- d-----w- c:\program files\Common Files\Java 2012-03-14 23:47 . 2012-03-14 23:47 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-03-14 23:47 . 2012-03-14 23:47 -------- d-----w- c:\program files\Java 2012-03-13 23:50 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys 2012-03-13 23:50 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll 2012-03-13 23:49 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-03-13 23:49 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-03-13 23:49 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-03-13 23:49 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll 2012-03-13 23:49 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-03-13 23:49 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-09 22:15 . 2012-04-05 22:26 -------- d-----w- c:\users\User\AppData\Roaming\vlc 2012-03-09 22:12 . 2012-03-09 22:12 -------- d-----w- c:\program files\VideoLAN . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-14 02:15 . 2012-02-05 04:33 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-03-06 23:50 . 2012-02-03 14:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-27 22:49 . 2012-02-27 22:49 53248 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe 2012-02-20 07:39 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll 2012-02-17 01:36 . 2011-03-28 18:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-02-10 16:58 . 2012-02-10 17:00 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7CDCC94C-D765-4D15-8A85-B8550996959A}\gapaengine.dll 2012-02-08 22:59 . 2012-02-12 23:30 27640 ----a-w- c:\windows\system32\nitrolocalmon2.dll 2012-02-08 22:59 . 2012-02-12 23:30 18936 ----a-w- c:\windows\system32\nitrolocalui2.dll 2012-02-06 19:23 . 2012-02-06 19:23 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2012-02-06 19:23 . 2012-02-06 19:23 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2012-02-06 19:22 . 2012-02-06 19:22 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-02-04 12:37 . 2012-02-10 17:00 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-02-04 00:23 . 2012-02-04 00:23 86528 ----a-w- c:\windows\system32\iesysprep.dll 2012-02-04 00:23 . 2012-02-04 00:23 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-02-04 00:23 . 2012-02-04 00:23 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-02-04 00:23 . 2012-02-04 00:23 74752 ----a-w- c:\windows\system32\iesetup.dll 2012-02-04 00:23 . 2012-02-04 00:23 63488 ----a-w- c:\windows\system32\tdc.ocx 2012-02-04 00:23 . 2012-02-04 00:23 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-02-04 00:23 . 2012-02-04 00:23 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-02-04 00:23 . 2012-02-04 00:23 367104 ----a-w- c:\windows\system32\html.iec 2012-02-04 00:23 . 2012-02-04 00:23 23552 ----a-w- c:\windows\system32\licmgr10.dll 2012-02-04 00:23 . 2012-02-04 00:23 161792 ----a-w- c:\windows\system32\msls31.dll 2012-02-04 00:23 . 2012-02-04 00:23 152064 ----a-w- c:\windows\system32\wextract.exe 2012-02-04 00:23 . 2012-02-04 00:23 150528 ----a-w- c:\windows\system32\iexpress.exe 2012-02-04 00:23 . 2012-02-04 00:23 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-02-04 00:23 . 2012-02-04 00:23 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-02-04 00:23 . 2012-02-04 00:23 35840 ----a-w- c:\windows\system32\imgutil.dll 2012-02-04 00:23 . 2012-02-04 00:23 11776 ----a-w- c:\windows\system32\mshta.exe 2012-02-04 00:23 . 2012-02-04 00:23 101888 ----a-w- c:\windows\system32\admparse.dll 2012-02-03 14:19 . 2011-10-31 15:56 7522304 ----a-w- c:\windows\system32\drivers\NETwNs32.sys 2012-02-03 14:19 . 2010-05-18 22:31 2760704 ----a-w- c:\windows\system32\NETwNr32.dll 2012-02-03 14:19 . 2010-05-18 22:29 684032 ----a-w- c:\windows\system32\NETwNc32.dll 2012-01-31 12:44 . 2012-02-02 19:02 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-01-17 04:39 . 2012-02-03 14:25 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A22EA17E-FE7D-457E-8232-0352C1BAC298}\mpengine.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552] "WLSync"="c:\program files\Windows Live\Mesh\WLSync.exe" [2011-05-13 1449312] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-01-19 1236992] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] "RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-23 827904] . c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-4-6 26945440] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2012-2-20 603504] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-01-31 158856] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392] R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-06 1343400] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2011-01-10 239472] S2 esClient;Windows Media Center Client Service;c:\program files\Windows Home Server\esClient.exe [2011-01-10 97136] S2 HPMSSConnectorSvc;HPMSSConnectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe [2009-10-05 20992] S2 MediaCollectorService;MediaCollectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe [2009-10-05 81920] S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [2012-02-08 198136] S2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [2011-01-10 376688] S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-13 50688] S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2012-02-03 7522304] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 69743802 *NewlyCreated* - FIXTDSS *Deregistered* - 69743802 *Deregistered* - FixTDSS . Contents of the 'Scheduled Tasks' folder . 2012-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4278735001-178053511-1665522800-1000Core.job - c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-03 20:55] . 2012-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4278735001-178053511-1665522800-1000UA.job - c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-03 20:55] . 2012-04-06 c:\windows\Tasks\MQZBYM.job - c:\windows\system32\C_20297U.dll [2012-03-25 13:26] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.254 . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file) WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file) AddRemove-2364577090.go.sky.com - c:\program files\Microsoft Silverlight\4.0.60831.0\Silverlight.Configuration.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-04-06 15:04:21 ComboFix-quarantined-files.txt 2012-04-06 14:04 . Pre-Run: 415,705,190,400 bytes free Post-Run: 415,864,659,968 bytes free . - - End Of File - - A89DC5B946FE08110A794195A68C6F99