Jump to content

kbalanis

Members
  • Posts

    8
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Please close this thread as it looks like I'm going to have to do a clean install of Windows 7 to repair my problem. Thanks.
  2. Attach.txtI was able to get the DDS.scr file to work. Here is the DDS.txt log: . DDS (Ver_11-03-05.01) - NTFS_AMD64 Run by kbalanis at 9:50:50.63 on Thu 05/05/2011 Internet Explorer: 8.0.7601.17514 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8190.5819 [GMT -7:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe C:\Windows\system32\mfevtps.exe C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe C:\Windows\system32\conhost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Dell\Dell ControlPoint\System Manager\PanelHelper32.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 7\PSP.EXE C:\Windows\splwow64.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\kbalanis\Desktop\dds.com C:\Windows\system32\conhost.exe . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = *.local BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Trend Micro NSC BHO: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - TmIEPlugInBHO Class BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File mRun: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey mRun: [shStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTOCA~1.LNK - C:\Program Files (x86)\Common Files\Autodesk Shared\acstart16.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLCO~1.LNK - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TDMNOT~1.LNK - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll BHO-X64: Trend Micro NSC BHO - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File mRun-x64: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install mRun-x64: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe mRun-x64: [DellControlPoint] "c:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" mRun-x64: [uSCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-10-15 466944] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-10-12 55280] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] R2 dcpsysmgrsvc;Dell ControlPoint System Manager;C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2010-2-8 515952] R2 McAfeeEngineService;McAfee Engine Service;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2009-4-29 19720] R2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2009-1-16 103744] R2 McShield;McAfee McShield;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe [2009-4-29 176872] R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [2009-4-29 62800] R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2010-10-15 78992] R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-10-27 6807656] R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-10-15 120096] S2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-1-4 1436424] S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2010-10-15 76696] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-4 59392] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-15 1255736] . =============== File Associations =============== . .scr=AutoCADScriptFile . =============== Created Last 30 ================ . 2011-05-05 16:37:32 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2011-05-05 15:34:35 -------- d-sh--w- C:\$RECYCLE.BIN 2011-05-05 15:22:54 -------- d-----w- C:\ComboFix 2011-05-04 23:44:02 -------- d-----w- C:\Windows\System32\SPReview 2011-05-04 23:42:19 -------- d-----w- C:\Windows\System32\EventProviders 2011-05-04 23:37:59 905216 ----a-w- C:\Windows\SysWow64\mmsys.cpl 2011-05-04 23:36:47 209920 ----a-w- C:\Windows\SysWow64\PkgMgr.exe 2011-05-04 23:36:47 189952 ----a-w- C:\Windows\SysWow64\wdscore.dll 2011-05-04 23:36:31 323072 ----a-w- C:\Windows\SysWow64\drvstore.dll 2011-05-04 23:36:31 257024 ----a-w- C:\Windows\SysWow64\dpx.dll 2011-05-04 23:36:24 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll 2011-05-04 23:36:24 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll 2011-05-04 23:34:41 529408 ----a-w- C:\Windows\System32\wbemcomn.dll 2011-05-04 23:34:41 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll 2011-05-04 23:34:41 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll 2011-05-04 23:34:29 933376 ----a-w- C:\Windows\System32\SmiEngine.dll 2011-05-04 23:34:21 199168 ----a-w- C:\Windows\System32\PkgMgr.exe 2011-05-04 23:33:48 422912 ----a-w- C:\Windows\System32\drvstore.dll 2011-05-04 23:33:47 399872 ----a-w- C:\Windows\System32\dpx.dll 2011-05-04 23:02:09 -------- d-----w- C:\8bd29fcf06f28268469d6a56 2011-05-03 00:11:07 -------- d-----w- C:\PROGRA~3\SUPERAntiSpyware.com 2011-05-03 00:04:56 -------- d-----w- C:\Users\kbalanis\AppData\Local\TuneUpMedic 2011-04-29 16:10:54 -------- d-----w- C:\Users\kbalanis\AppData\Roaming\AVG10 2011-04-29 16:05:36 -------- d--h--w- C:\PROGRA~3\Common Files 2011-04-29 16:04:57 -------- d-----w- C:\PROGRA~3\AVG10 2011-04-29 16:04:24 -------- d-----w- C:\Program Files (x86)\AVG 2011-04-29 15:57:50 -------- d-----w- C:\PROGRA~3\MFAData 2011-04-28 19:26:12 -------- d-----w- C:\Users\kbalanis\AppData\Local\Threat Expert 2011-04-28 18:36:49 89088 ----a-w- C:\Windows\MBR.exe 2011-04-28 18:36:47 98816 ----a-w- C:\Windows\sed.exe 2011-04-28 18:36:47 256512 ----a-w- C:\Windows\PEV.exe 2011-04-28 18:36:47 161792 ----a-w- C:\Windows\SWREG.exe 2011-04-28 18:06:03 -------- d-----w- C:\PROGRA~3\Kaspersky Lab Setup Files 2011-04-28 15:53:11 19528 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys 2011-04-28 15:53:09 -------- d-----w- C:\Program Files\Hitman Pro 3.5 2011-04-28 15:52:54 -------- d-----w- C:\PROGRA~3\Hitman Pro 2011-04-27 15:01:01 2871808 ----a-w- C:\Windows\explorer.exe 2011-04-27 15:01:01 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe 2011-04-26 18:34:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2011-04-25 22:23:33 -------- d-----w- C:\Users\kbalanis\AppData\Local\Wave Systems Corp 2011-04-25 18:08:39 -------- d-----w- C:\Users\kbalanis\AppData\Roaming\IObit 2011-04-25 17:59:16 8802128 ------w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll 2011-04-25 17:25:23 -------- d-----w- C:\Users\kbalanis\AppData\Roaming\ParetoLogic 2011-04-25 17:25:23 -------- d-----w- C:\Users\kbalanis\AppData\Roaming\DriverCure 2011-04-25 17:25:12 -------- d-----w- C:\PROGRA~3\ParetoLogic 2011-04-22 00:24:03 -------- d-----w- C:\Users\kbalanis\AppData\Roaming\Malwarebytes 2011-04-22 00:23:59 -------- d-----w- C:\PROGRA~3\Malwarebytes 2011-04-22 00:23:56 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-04-20 23:50:20 -------- d-----w- C:\Users\kbalanis\AppData\Local\{FC297FF4-13DE-493F-A0FB-D9B79D83B1CD} 2011-04-19 14:22:37 8802128 ------w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{ACE488A6-8877-4AD8-AFE8-100C60025AD1}\mpengine.dll 2011-04-15 23:55:32 -------- d-----w- C:\Users\kbalanis\AppData\Local\{B916030E-4E6C-4C9D-8A9E-12C87CF716D6} 2011-04-15 23:53:54 56832 ----a-w- C:\Windows\SysWow64\Iyvu9_32.dll 2011-04-15 23:53:54 391168 ----a-w- C:\Windows\SysWow64\i263_32.drv 2011-04-15 23:53:54 27648 ----a-w- C:\Windows\SysWow64\ir50_lcs.dll 2011-04-15 23:53:54 143872 ----a-w- C:\Windows\SysWow64\iacenc.dll 2011-04-15 23:53:40 305152 ----a-w- C:\Windows\IsUninst.exe 2011-04-15 23:02:48 175616 ----a-w- C:\Windows\SysWow64\unrar.dll 2011-04-15 22:57:18 737072 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll 2011-04-15 22:56:46 4283672 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2011-04-15 22:56:18 42776 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2011-04-15 22:56:10 539968 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2011-04-15 22:56:10 -------- d-----w- C:\Users\kbalanis\AppData\Local\{AF809551-663D-4FCB-B7F2-3963393B2015} 2011-04-15 18:42:19 -------- d-----w- C:\Users\kbalanis\AppData\Local\{C8CB5FA3-EB69-4EE6-A995-8708C862B5C8} 2011-04-15 18:41:56 -------- d-----w- C:\Users\kbalanis\AppData\Local\{EB6F81BC-E876-4A38-9B41-F12103101298} 2011-04-15 16:30:05 -------- d-----w- C:\Users\kbalanis\AppData\Local\{86C5F188-1C3C-4E2D-B30A-EE32C33D0F2E} 2011-04-15 16:04:00 -------- d-----w- C:\Users\kbalanis\AppData\Local\{3A9D6DA1-5646-4B8B-B389-9D6A0E8A5F9C} 2011-04-14 20:57:52 -------- d-----w- C:\Users\kbalanis\AppData\Local\{0622E935-683C-45F8-B81C-17261BE92DBC} 2011-04-14 20:55:26 -------- d-----w- C:\Users\kbalanis\AppData\Local\{F390F25A-942B-4075-B28E-E1278A487295} 2011-04-14 20:53:58 -------- d-----w- C:\Users\kbalanis\AppData\Local\{8F67EFFB-85FA-4636-8D08-0FF915FC6EA6} 2011-04-14 20:52:29 -------- d-----w- C:\Users\kbalanis\AppData\Local\{06BD9DBF-CDEE-49EA-8CCE-3529EFA00C6C} 2011-04-14 20:51:22 -------- d-----w- C:\Users\kbalanis\AppData\Local\{6D6682A6-35A9-40EF-9C8B-87F116457AF3} 2011-04-14 20:50:28 -------- d-----w- C:\Users\kbalanis\AppData\Local\{BAC6BC2D-E3F6-4067-9E88-B90CD31914CB} 2011-04-11 14:51:27 -------- d-----w- C:\CTS . ==================== Find3M ==================== . 2011-05-04 23:50:42 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2011-05-04 23:50:41 175616 ----a-w- C:\Windows\System32\msclmd.dll 2011-04-16 18:45:29 848 --sha-w- C:\Windows\SysWow64\KGyGaAvL.sys 2011-03-12 12:08:49 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll 2011-03-12 11:23:45 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll 2011-03-11 06:41:37 189824 ----a-w- C:\Windows\System32\drivers\storport.sys 2011-03-11 06:41:34 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys 2011-03-11 06:41:34 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2011-03-11 06:41:34 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys 2011-03-11 06:41:26 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys 2011-03-11 06:41:12 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys 2011-03-11 06:41:12 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys 2011-03-11 06:34:51 1359872 ----a-w- C:\Windows\System32\mfc42u.dll 2011-03-11 06:34:50 1395712 ----a-w- C:\Windows\System32\mfc42.dll 2011-03-11 06:33:29 2565632 ----a-w- C:\Windows\System32\esent.dll 2011-03-11 06:30:28 96768 ----a-w- C:\Windows\System32\fsutil.exe 2011-03-11 05:33:59 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll 2011-03-11 05:33:59 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll 2011-03-11 05:33:09 1699328 ----a-w- C:\Windows\SysWow64\esent.dll 2011-03-11 05:31:07 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe 2011-03-08 06:29:32 976896 ----a-w- C:\Windows\System32\inetcomm.dll 2011-03-08 05:28:29 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll 2011-03-07 06:31:44 1188864 ----a-w- C:\Windows\System32\wininet.dll 2011-03-07 05:33:13 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-03-07 04:24:34 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2011-03-07 03:52:25 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-03-04 06:19:28 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2011-03-04 06:19:27 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2011-03-03 06:24:16 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll 2011-03-03 06:21:57 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe 2011-03-03 05:36:16 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe 2011-03-03 03:52:08 3135488 ----a-w- C:\Windows\System32\win32k.sys 2011-02-24 06:15:44 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll 2011-02-24 05:38:54 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll 2011-02-23 04:56:31 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys 2011-02-23 04:56:27 467456 ----a-w- C:\Windows\System32\drivers\srv.sys 2011-02-23 04:56:03 411648 ----a-w- C:\Windows\System32\drivers\srv2.sys 2011-02-23 04:55:47 167936 ----a-w- C:\Windows\System32\drivers\srvnet.sys 2011-02-23 04:55:12 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys 2011-02-23 04:55:12 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys 2011-02-23 04:55:04 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys 2011-02-19 12:05:15 1139200 ----a-w- C:\Windows\System32\FntCache.dll 2011-02-19 12:04:37 1544192 ----a-w- C:\Windows\System32\DWrite.dll 2011-02-19 12:04:17 902656 ----a-w- C:\Windows\System32\d2d1.dll 2011-02-19 12:03:46 46080 ----a-w- C:\Windows\System32\atmlib.dll 2011-02-19 09:00:32 367616 ----a-w- C:\Windows\System32\atmfd.dll 2011-02-19 06:30:51 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll 2011-02-19 06:30:50 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll 2011-02-19 06:30:46 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2011-02-19 04:34:54 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll 2011-02-18 10:56:44 613376 ----a-w- C:\Windows\System32\vbscript.dll 2011-02-18 10:51:16 31232 ----a-w- C:\Windows\System32\prevhost.exe 2011-02-18 05:43:28 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll 2011-02-18 05:39:44 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe 2011-02-12 11:34:16 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe 2011-02-05 17:10:16 642944 ----a-w- C:\Windows\System32\winload.efi 2011-02-05 17:10:08 20352 ----a-w- C:\Windows\System32\kdusb.dll 2011-02-05 17:10:08 19328 ----a-w- C:\Windows\System32\kd1394.dll 2011-02-05 17:10:08 17792 ----a-w- C:\Windows\System32\kdcom.dll 2011-02-05 17:06:41 605552 ----a-w- C:\Windows\System32\winload.exe 2011-02-05 17:06:41 566208 ----a-w- C:\Windows\System32\winresume.efi 2011-02-05 17:06:41 518672 ----a-w- C:\Windows\System32\winresume.exe . ============= FINISH: 9:51:35.28 =============== I've also attached the attach.txt log to this post.
  3. Here's the ComboFix log: ComboFix 11-05-04.04 - kbalanis 05/05/2011 8:24.2.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8190.6548 [GMT -7:00] Running from: c:\users\kbalanis\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Resident AV is active . . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\kbalanis\XobniSetup.exe . . ((((((((((((((((((((((((( Files Created from 2011-04-05 to 2011-05-05 ))))))))))))))))))))))))))))))) . . 2011-05-05 15:31 . 2011-05-05 15:31 -------- d-----w- c:\users\Keith Balanis\AppData\Local\temp 2011-05-05 15:31 . 2011-05-05 15:31 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-05-04 23:44 . 2011-05-04 23:44 -------- d-----w- c:\windows\system32\SPReview 2011-05-04 23:42 . 2011-05-04 23:42 -------- d-----w- c:\windows\system32\EventProviders 2011-05-04 23:37 . 2010-11-20 13:34 363392 ----a-w- c:\windows\system32\drivers\volmgrx.sys 2011-05-04 23:36 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll 2011-05-04 23:36 . 2010-11-20 12:17 209920 ----a-w- c:\windows\SysWow64\PkgMgr.exe 2011-05-04 23:36 . 2010-11-20 12:18 323072 ----a-w- c:\windows\SysWow64\drvstore.dll 2011-05-04 23:36 . 2010-11-20 12:18 257024 ----a-w- c:\windows\SysWow64\dpx.dll 2011-05-04 23:36 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll 2011-05-04 23:36 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll 2011-05-04 23:34 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll 2011-05-04 23:34 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll 2011-05-04 23:34 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll 2011-05-04 23:34 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll 2011-05-04 23:34 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe 2011-05-04 23:33 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll 2011-05-04 23:33 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll 2011-05-04 23:02 . 2011-05-04 23:16 -------- d-----w- C:\8bd29fcf06f28268469d6a56 2011-05-03 00:11 . 2011-05-03 00:11 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2011-05-03 00:04 . 2011-05-03 00:04 -------- d-----w- c:\users\kbalanis\AppData\Local\TuneUpMedic 2011-04-29 16:11 . 2011-04-29 16:11 -------- d-----w- c:\program files (x86)\Xobni 2011-04-29 16:10 . 2011-04-29 16:10 -------- d-----w- c:\users\kbalanis\AppData\Roaming\AVG10 2011-04-29 16:05 . 2011-04-29 16:05 -------- d--h--w- c:\programdata\Common Files 2011-04-29 16:04 . 2011-05-02 17:03 -------- d-----w- c:\programdata\AVG10 2011-04-29 16:04 . 2011-04-29 16:04 -------- d-----w- c:\program files (x86)\AVG 2011-04-29 15:57 . 2011-05-02 17:02 -------- d-----w- c:\programdata\MFAData 2011-04-28 19:26 . 2011-04-28 19:26 -------- d-----w- c:\users\kbalanis\AppData\Local\Threat Expert 2011-04-28 18:06 . 2011-04-28 18:06 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files 2011-04-28 15:53 . 2011-04-28 16:47 19528 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-04-28 15:53 . 2011-04-28 15:53 -------- d-----w- c:\program files\Hitman Pro 3.5 2011-04-28 15:52 . 2011-04-28 15:52 -------- d-----w- c:\programdata\Hitman Pro 2011-04-27 22:18 . 2011-04-29 00:08 -------- d-----w- c:\program files (x86)\Eusing Free Registry Cleaner 2011-04-27 15:01 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe 2011-04-27 15:01 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\SysWow64\explorer.exe 2011-04-26 18:34 . 2011-05-02 23:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-04-25 22:23 . 2011-04-25 22:23 -------- d-----w- c:\users\kbalanis\AppData\Local\Wave Systems Corp 2011-04-25 22:22 . 2011-04-25 22:22 -------- d-----w- c:\program files (x86)\Common Files\Java 2011-04-25 18:08 . 2011-04-25 18:08 -------- d-----w- c:\users\kbalanis\AppData\Roaming\IObit 2011-04-25 17:25 . 2011-04-25 17:25 -------- d-----w- c:\users\kbalanis\AppData\Roaming\ParetoLogic 2011-04-25 17:25 . 2011-04-25 17:25 -------- d-----w- c:\users\kbalanis\AppData\Roaming\DriverCure 2011-04-25 17:25 . 2011-04-26 17:58 -------- d-----w- c:\programdata\ParetoLogic 2011-04-22 00:24 . 2011-04-22 00:24 -------- d-----w- c:\users\kbalanis\AppData\Roaming\Malwarebytes 2011-04-22 00:23 . 2011-04-22 00:23 -------- d-----w- c:\programdata\Malwarebytes 2011-04-22 00:23 . 2010-12-21 01:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-04-20 23:50 . 2011-04-20 23:50 -------- d-----w- c:\users\kbalanis\AppData\Local\{FC297FF4-13DE-493F-A0FB-D9B79D83B1CD} 2011-04-19 14:22 . 2011-04-11 08:21 8802128 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ACE488A6-8877-4AD8-AFE8-100C60025AD1}\mpengine.dll 2011-04-15 23:55 . 2011-04-15 23:55 -------- d-----w- c:\users\kbalanis\AppData\Local\{B916030E-4E6C-4C9D-8A9E-12C87CF716D6} 2011-04-15 23:53 . 1998-02-13 21:30 143872 ----a-w- c:\windows\SysWow64\iacenc.dll 2011-04-15 23:53 . 1997-11-06 19:53 27648 ----a-w- c:\windows\SysWow64\ir50_lcs.dll 2011-04-15 23:53 . 1997-08-27 16:53 391168 ----a-w- c:\windows\SysWow64\i263_32.drv 2011-04-15 23:53 . 1997-06-13 15:56 56832 ----a-w- c:\windows\SysWow64\Iyvu9_32.dll 2011-04-15 23:53 . 1998-07-30 19:51 305152 ----a-w- c:\windows\IsUninst.exe 2011-04-15 23:04 . 2011-04-15 23:04 -------- d-----w- c:\users\kbalanis\AppData\Roaming\Media Player Classic 2011-04-15 23:02 . 2011-03-02 10:43 175616 ----a-w- c:\windows\SysWow64\unrar.dll 2011-04-15 22:57 . 2011-04-15 22:57 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll 2011-04-15 22:56 . 2011-04-15 22:56 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2011-04-15 22:56 . 2011-04-15 22:56 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2011-04-15 22:56 . 2011-04-15 22:56 -------- d-----w- c:\users\kbalanis\AppData\Local\{AF809551-663D-4FCB-B7F2-3963393B2015} 2011-04-15 22:56 . 2011-04-15 22:56 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2011-04-15 18:42 . 2011-04-15 18:42 -------- d-----w- c:\users\kbalanis\AppData\Local\{C8CB5FA3-EB69-4EE6-A995-8708C862B5C8} 2011-04-15 18:41 . 2011-04-15 18:41 -------- d-----w- c:\users\kbalanis\AppData\Local\{EB6F81BC-E876-4A38-9B41-F12103101298} 2011-04-15 16:30 . 2011-04-15 16:30 -------- d-----w- c:\users\kbalanis\AppData\Local\{86C5F188-1C3C-4E2D-B30A-EE32C33D0F2E} 2011-04-15 16:04 . 2011-04-15 16:04 -------- d-----w- c:\users\kbalanis\AppData\Local\{3A9D6DA1-5646-4B8B-B389-9D6A0E8A5F9C} 2011-04-14 20:57 . 2011-04-14 20:58 -------- d-----w- c:\users\kbalanis\AppData\Local\{0622E935-683C-45F8-B81C-17261BE92DBC} 2011-04-14 20:55 . 2011-04-14 20:55 -------- d-----w- c:\users\kbalanis\AppData\Local\{F390F25A-942B-4075-B28E-E1278A487295} 2011-04-14 20:53 . 2011-04-14 20:54 -------- d-----w- c:\users\kbalanis\AppData\Local\{8F67EFFB-85FA-4636-8D08-0FF915FC6EA6} 2011-04-14 20:52 . 2011-04-14 20:52 -------- d-----w- c:\users\kbalanis\AppData\Local\{06BD9DBF-CDEE-49EA-8CCE-3529EFA00C6C} 2011-04-14 20:51 . 2011-04-14 20:51 -------- d-----w- c:\users\kbalanis\AppData\Local\{6D6682A6-35A9-40EF-9C8B-87F116457AF3} 2011-04-14 20:50 . 2011-04-14 20:50 -------- d-----w- c:\users\kbalanis\AppData\Local\{BAC6BC2D-E3F6-4067-9E88-B90CD31914CB} 2011-04-13 15:01 . 2011-03-03 06:24 183296 ----a-w- c:\windows\system32\dnsrslvr.dll 2011-04-11 14:51 . 2011-04-11 14:51 -------- d-----w- C:\CTS . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-04 23:50 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2011-05-04 23:50 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2011-03-16 14:52 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-03-04 06:19 . 2011-04-27 15:00 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2011-03-04 06:19 . 2011-04-27 15:00 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2011-02-19 12:05 . 2011-03-09 15:03 1139200 ----a-w- c:\windows\system32\FntCache.dll 2011-02-19 12:04 . 2011-03-09 15:03 1544192 ----a-w- c:\windows\system32\DWrite.dll 2011-02-19 12:04 . 2011-03-09 15:03 902656 ----a-w- c:\windows\system32\d2d1.dll 2011-02-19 06:30 . 2011-03-09 15:03 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll 2011-02-19 06:30 . 2011-03-09 15:03 739840 ----a-w- c:\windows\SysWow64\d2d1.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-04-23 1314816] "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520] "McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2009-01-16 136512] "ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-04-30 124240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888] "AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-11-04 611712] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ AutoCAD Startup Accelerator.lnk - c:\program files (x86)\Common Files\Autodesk Shared\acstart16.exe [2005-3-5 10872] Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2010-2-8 1416560] TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2010-3-29 185192] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService] @="Service" . R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-01-04 1436424] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 w4shwdrv;w4shwdrv;c:\users\kbalanis\AppData\Local\Temp\w4s266A.tmp [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2010-02-08 515952] S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2009-04-30 19720] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x] S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-10-27 6807656] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay] @="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}" [HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}] 2010-03-29 18:00 60784 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay] @="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}" [HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}] 2010-03-29 18:00 60784 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-12-03 1712232] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904] "DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-11-02 657920] "USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-06-22 34232] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\system32\blank.htm uInternet Settings,ProxyOverride = *.local . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\w4shwdrv] "ImagePath"="\??\c:\users\kbalanis\AppData\Local\Temp\w4s266A.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1369809732-1291637309-727275192-1616\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-1369809732-1291637309-727275192-1616\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-05-05 08:34:11 ComboFix-quarantined-files.txt 2011-05-05 15:34 . Pre-Run: 256,822,259,712 bytes free Post-Run: 256,571,719,680 bytes free . - - End Of File - - 0703D1EB62ED721CE00D5E5DEE8C7FFF Even though I have ScripScan disabled in McAfee I couldn't get the DDS file to work. I got it to work last time though, I don't get it.
  4. So I uninstalled AVG, then rebooted, it still doesn't work and I get the same error code. I did some online searching about the error and found that I can start the Defender process through the services.msc file. I tried that but the Defender process wasn't even there FOR me to start so I don't know what else to do.
  5. I won't be able to get rid of the McAfee since it's a work computer and it needs to be on it, but I will get rid of AVG. I only installed AVG after the issue with Defender not working since I didn't feel like I had enough security since it wasn't working. But I'll get rid of AVG anyway, then reboot. I'll let you know if Defender works after that but I'm pretty sure it won't.
  6. I'm hoping I can finally get this issue resolved. Usually I am able to get everything working again after getting a virus but this is something that I cannot get to work. A few days ago my computer was infected with the Win 7 Total Security 2011 virus. At least I think that's what it was called, there are so many different names of these types of viruses. I was able to find the files associated with this virus through a scan with MBAM, but now my Windows Defender isn't working at all. After I open it up, I get an error message that states: The specified service does not exist as an installed service. (Error Code: 0x80070424). I don't know if I still have a virus that's blocking this program from working or the Win 7 virus did something to the registry, or if some important files got corrupted. I did a scan with Avira but it came up with no viruses. Also, I could not find a way to disable my script blocker so I have no DDS or Attach .txt files, and the GMER scanner didn't detect anything wrong so there was nothing in the log file. So basically I just have my MBAM log file and the DeFogger log file. I ran the DeFogger. I don't think I got an error message but I did get a defogger_disable log. Here's what that shows: defogger_disable by jpshortstuff (23.02.10.1) Log created at 14:56 on 28/04/2011 (kbalanis) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Here's the log of the MBAM scan: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6449 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 4/28/2011 4:48:24 PM mbam-log-2011-04-28 (16-48-24).txt Scan type: Full scan (C:\|) Objects scanned: 408660 Time elapsed: 1 hour(s), 9 minute(s), 44 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) As you can see, MBAM hasn't detected any malicious software. So I don't really have much to go on. I was able to get the DDS file to work. Here's the DDS.txt log: . DDS (Ver_11-03-05.01) - NTFS_AMD64 Run by kbalanis at 14:48:08.46 on Fri 04/29/2011 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.8190.4998 [GMT -7:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe C:\Windows\system32\mfevtps.exe C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe C:\Windows\system32\conhost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Dell\Dell ControlPoint\System Manager\PanelHelper32.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 7\PSP.EXE C:\Program Files (x86)\AVG\AVG10\avgchsva.exe C:\Program Files (x86)\AVG\AVG10\avgrsa.exe C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe C:\Program Files (x86)\AVG\AVG10\avgnsa.exe C:\Program Files (x86)\AVG\AVG10\avgtray.exe C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Windows\splwow64.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\svchost.exe -k Akamai C:\Windows\system32\msiexec.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Users\kbalanis\Desktop\dds.com C:\Windows\system32\conhost.exe . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = *.local BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Trend Micro NSC BHO: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - TmIEPlugInBHO Class BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File mRun: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey mRun: [shStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTOCA~1.LNK - C:\Program Files (x86)\Common Files\Autodesk Shared\acstart16.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLCO~1.LNK - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TDMNOT~1.LNK - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe uPolicies-explorer: HideSCAHealth = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll BHO-X64: Trend Micro NSC BHO - No File BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File mRun-x64: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install mRun-x64: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe mRun-x64: [DellControlPoint] "c:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" mRun-x64: [uSCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe . ============= SERVICES / DRIVERS =============== . R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2011-1-19 37456] R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-10-15 466944] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-10-12 55280] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2011-1-7 304720] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-3-1 41552] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2011-2-10 376400] R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136] R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-2-15 7421280] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520] R2 dcpsysmgrsvc;Dell ControlPoint System Manager;C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2010-2-8 515952] R2 McAfeeEngineService;McAfee Engine Service;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2009-4-29 19720] R2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2009-1-16 103744] R2 McShield;McAfee McShield;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe [2009-4-29 176872] R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [2009-4-29 62800] R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2010-10-15 78992] R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-10-27 6807656] R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2011-3-30 118352] R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2011-2-10 29264] R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-10-15 120096] S0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2011-2-22 26704] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-1-4 1436424] S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2010-10-15 76696] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-15 1255736] . =============== File Associations =============== . .scr=AutoCADScriptFile . =============== Created Last 30 ================ . 2011-04-29 16:11:42 6533152 ----a-w- C:\Users\kbalanis\XobniSetup.exe 2011-04-29 16:11:42 -------- d-----w- C:\Program Files (x86)\Xobni 2011-04-29 16:10:54 -------- d-----w- C:\Users\kbalanis\AppData\Roaming\AVG10 2011-04-29 16:05:36 -------- d--h--w- C:\PROGRA~3\Common Files 2011-04-29 16:05:28 -------- d-----w- C:\Windows\SysWow64\drivers\AVG 2011-04-29 16:04:57 -------- d-----w- C:\Windows\System32\drivers\AVG 2011-04-29 16:04:57 -------- d-----w- C:\PROGRA~3\AVG10 2011-04-29 16:04:24 -------- d-----w- C:\Program Files (x86)\AVG 2011-04-29 15:57:50 -------- d-----w- C:\PROGRA~3\MFAData 2011-04-28 19:26:12 -------- d-----w- C:\Users\kbalanis\AppData\Local\Threat Expert 2011-04-28 18:44:23 -------- d-sh--w- C:\$RECYCLE.BIN 2011-04-28 18:36:49 89088 ----a-w- C:\Windows\MBR.exe 2011-04-28 18:36:47 98816 ----a-w- C:\Windows\sed.exe 2011-04-28 18:36:47 256512 ----a-w- C:\Windows\PEV.exe 2011-04-28 18:36:47 161792 ----a-w- C:\Windows\SWREG.exe 2011-04-28 18:06:03 -------- d-----w- C:\PROGRA~3\Kaspersky Lab Setup Files 2011-04-28 16:56:29 374664 ----a-w- C:\Windows\System32\drivers\netio.sys 2011-04-28 15:53:11 19528 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys 2011-04-28 15:53:09 -------- d-----w- C:\Program Files\Hitman Pro 3.5 2011-04-28 15:52:54 -------- d-----w- C:\PROGRA~3\Hitman Pro 2011-04-27 22:18:21 -------- d-----w- C:\Program Files (x86)\Eusing Free Registry Cleaner 2011-04-27 15:01:01 2870272 ----a-w- C:\Windows\explorer.exe 2011-04-27 15:01:01 2614784 ----a-w- C:\Windows\SysWow64\explorer.exe 2011-04-26 18:34:58 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2011-04-26 18:34:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2011-04-25 22:23:33 -------- d-----w- C:\Users\kbalanis\AppData\Local\Wave Systems Corp 2011-04-25 18:08:39 -------- d-----w- C:\Users\kbalanis\AppData\Roaming\IObit 2011-04-25 17:59:16 8802128 ------w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll 2011-04-25 17:25:23 -------- d-----w- C:\Users\kbalanis\AppData\Roaming\ParetoLogic 2011-04-25 17:25:23 -------- d-----w- C:\Users\kbalanis\AppData\Roaming\DriverCure 2011-04-25 17:25:12 -------- d-----w- C:\PROGRA~3\ParetoLogic 2011-04-22 00:24:03 -------- d-----w- C:\Users\kbalanis\AppData\Roaming\Malwarebytes 2011-04-22 00:23:59 -------- d-----w- C:\PROGRA~3\Malwarebytes 2011-04-22 00:23:56 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-04-20 23:50:20 -------- d-----w- C:\Users\kbalanis\AppData\Local\{FC297FF4-13DE-493F-A0FB-D9B79D83B1CD} 2011-04-19 14:22:37 8802128 ------w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{ACE488A6-8877-4AD8-AFE8-100C60025AD1}\mpengine.dll 2011-04-15 23:55:32 -------- d-----w- C:\Users\kbalanis\AppData\Local\{B916030E-4E6C-4C9D-8A9E-12C87CF716D6} 2011-04-15 23:53:54 56832 ----a-w- C:\Windows\SysWow64\Iyvu9_32.dll 2011-04-15 23:53:54 391168 ----a-w- C:\Windows\SysWow64\i263_32.drv 2011-04-15 23:53:54 27648 ----a-w- C:\Windows\SysWow64\ir50_lcs.dll 2011-04-15 23:53:54 143872 ----a-w- C:\Windows\SysWow64\iacenc.dll 2011-04-15 23:53:40 305152 ----a-w- C:\Windows\IsUninst.exe 2011-04-15 23:02:48 175616 ----a-w- C:\Windows\SysWow64\unrar.dll 2011-04-15 22:57:18 737072 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll 2011-04-15 22:56:46 4283672 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2011-04-15 22:56:18 42776 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2011-04-15 22:56:10 539968 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2011-04-15 22:56:10 -------- d-----w- C:\Users\kbalanis\AppData\Local\{AF809551-663D-4FCB-B7F2-3963393B2015} 2011-04-15 18:42:19 -------- d-----w- C:\Users\kbalanis\AppData\Local\{C8CB5FA3-EB69-4EE6-A995-8708C862B5C8} 2011-04-15 18:41:56 -------- d-----w- C:\Users\kbalanis\AppData\Local\{EB6F81BC-E876-4A38-9B41-F12103101298} 2011-04-15 16:30:05 -------- d-----w- C:\Users\kbalanis\AppData\Local\{86C5F188-1C3C-4E2D-B30A-EE32C33D0F2E} 2011-04-15 16:04:00 -------- d-----w- C:\Users\kbalanis\AppData\Local\{3A9D6DA1-5646-4B8B-B389-9D6A0E8A5F9C} 2011-04-14 20:57:52 -------- d-----w- C:\Users\kbalanis\AppData\Local\{0622E935-683C-45F8-B81C-17261BE92DBC} 2011-04-14 20:55:26 -------- d-----w- C:\Users\kbalanis\AppData\Local\{F390F25A-942B-4075-B28E-E1278A487295} 2011-04-14 20:53:58 -------- d-----w- C:\Users\kbalanis\AppData\Local\{8F67EFFB-85FA-4636-8D08-0FF915FC6EA6} 2011-04-14 20:52:29 -------- d-----w- C:\Users\kbalanis\AppData\Local\{06BD9DBF-CDEE-49EA-8CCE-3529EFA00C6C} 2011-04-14 20:51:22 -------- d-----w- C:\Users\kbalanis\AppData\Local\{6D6682A6-35A9-40EF-9C8B-87F116457AF3} 2011-04-14 20:50:28 -------- d-----w- C:\Users\kbalanis\AppData\Local\{BAC6BC2D-E3F6-4067-9E88-B90CD31914CB} 2011-04-11 14:51:27 -------- d-----w- C:\CTS 2011-03-31 00:17:00 118352 ----a-w- C:\Windows\System32\drivers\AVGIDSDriver.sys . ==================== Find3M ==================== . 2011-04-16 18:45:29 848 --sha-w- C:\Windows\SysWow64\KGyGaAvL.sys 2011-03-12 12:03:46 662528 ----a-w- C:\Windows\System32\XpsPrint.dll 2011-03-12 11:31:58 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll 2011-03-11 06:23:13 187264 ----a-w- C:\Windows\System32\drivers\storport.sys 2011-03-11 06:23:06 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys 2011-03-11 06:23:06 1657216 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2011-03-11 06:23:06 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys 2011-03-11 06:23:00 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys 2011-03-11 06:22:41 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys 2011-03-11 06:22:40 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys 2011-03-11 06:19:26 1395712 ----a-w- C:\Windows\System32\mfc42.dll 2011-03-11 06:19:26 1359872 ----a-w- C:\Windows\System32\mfc42u.dll 2011-03-11 06:18:20 2566144 ----a-w- C:\Windows\System32\esent.dll 2011-03-11 06:15:54 96768 ----a-w- C:\Windows\System32\fsutil.exe 2011-03-11 05:40:24 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll 2011-03-11 05:40:24 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll 2011-03-11 05:39:35 1686016 ----a-w- C:\Windows\SysWow64\esent.dll 2011-03-11 05:37:34 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe 2011-03-08 06:14:30 976896 ----a-w- C:\Windows\System32\inetcomm.dll 2011-03-08 05:38:13 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll 2011-03-04 06:17:25 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2011-03-04 06:17:24 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2011-03-03 06:17:10 182272 ----a-w- C:\Windows\System32\dnsrslvr.dll 2011-03-03 06:14:38 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe 2011-03-03 05:27:30 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe 2011-03-03 03:58:32 3133440 ----a-w- C:\Windows\System32\win32k.sys 2011-03-01 21:25:18 41552 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys 2011-02-24 06:30:00 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll 2011-02-24 06:29:15 1197056 ----a-w- C:\Windows\System32\wininet.dll 2011-02-24 06:24:57 57856 ----a-w- C:\Windows\System32\licmgr10.dll 2011-02-24 05:32:52 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll 2011-02-24 05:32:44 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-02-24 05:30:16 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll 2011-02-24 05:05:13 482816 ----a-w- C:\Windows\System32\html.iec 2011-02-24 04:24:04 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2011-02-24 04:23:48 386048 ----a-w- C:\Windows\SysWow64\html.iec 2011-02-24 03:50:26 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-02-23 05:16:28 461312 ----a-w- C:\Windows\System32\drivers\srv.sys 2011-02-23 05:16:01 401920 ----a-w- C:\Windows\System32\drivers\srv2.sys 2011-02-23 05:15:50 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys 2011-02-23 05:15:27 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys 2011-02-23 05:15:14 286720 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys 2011-02-23 05:15:13 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys 2011-02-23 05:15:06 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys 2011-02-22 15:12:46 26704 ----a-w- C:\Windows\System32\drivers\AVGIDSEH.sys 2011-02-19 06:37:44 1135104 ----a-w- C:\Windows\System32\FntCache.dll 2011-02-19 06:37:10 1540608 ----a-w- C:\Windows\System32\DWrite.dll 2011-02-19 06:36:49 902656 ----a-w- C:\Windows\System32\d2d1.dll 2011-02-19 06:36:13 46080 ----a-w- C:\Windows\System32\atmlib.dll 2011-02-19 05:32:48 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll 2011-02-19 05:32:35 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll 2011-02-19 05:32:08 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2011-02-19 04:13:39 367104 ----a-w- C:\Windows\System32\atmfd.dll 2011-02-19 03:37:02 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll 2011-02-18 06:37:05 612352 ----a-w- C:\Windows\System32\vbscript.dll 2011-02-18 06:33:50 31232 ----a-w- C:\Windows\System32\prevhost.exe 2011-02-18 05:36:26 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll 2011-02-18 05:33:29 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe 2011-02-12 06:14:41 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe 2011-02-10 14:53:58 376400 ----a-w- C:\Windows\System32\drivers\avgtdia.sys 2011-02-10 14:53:34 29264 ----a-w- C:\Windows\System32\drivers\AVGIDSFilter.sys 2011-02-05 12:41:43 556928 ----a-w- C:\Windows\System32\winresume.efi 2011-02-05 12:41:35 640896 ----a-w- C:\Windows\System32\winload.efi 2011-02-05 12:41:24 20352 ----a-w- C:\Windows\System32\kdusb.dll 2011-02-05 12:41:24 19328 ----a-w- C:\Windows\System32\kd1394.dll 2011-02-05 12:41:23 17792 ----a-w- C:\Windows\System32\kdcom.dll 2011-02-05 12:39:21 603976 ----a-w- C:\Windows\System32\winload.exe 2011-02-05 12:39:21 518160 ----a-w- C:\Windows\System32\winresume.exe 2011-02-03 04:40:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll . ============= FINISH: 14:48:47.06 =============== As stated above, the GMER program didn't detect anything wrong so there is no log file for that so I've attached the attach.zip file which only contains the attach.txt file from the DDS program.Attach.zip
  7. You got it thanks. I wasn't sure which forum would best suit my topic.
  8. I'm hoping I can finally get this issue resolved. Usually I am able to get everything working again after getting a virus but this is something that I cannot get to work. A few days ago my computer was infected with the Win 7 Total Security 2011 virus. At least I think that's what it was called, there are so many different names of these types of viruses. I was able to find the files associated with this virus through a scan with MBAM, but now my Windows Defender isn't working at all. After I open it up, I get an error message that states: The specified service does not exist as an installed service. (Error Code: 0x80070424). I don't know if I still have a virus that's blocking this program from working or the Win 7 virus did something to the registry, or if some important files got corrupted. I have created a ComboFix log if that's useful in determining what the problem could be. Please let me know if you need it and I will post it. Thanks for the help.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.