DDS (Ver_10-12-12.02) - NTFSx86
Run by Carl at 20:28:56.37 on 03/03/2011
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.353.1033.18.892.139 [GMT 0:00]
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Users\Carl\Desktop\dds.com
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page =
hxxp://www.google.com/ig/redirectdomain ... bmod=DSGI;mStart Page =
hxxp://www.google.com/ig/redirectdomain ... &bmod=DSGIuInternet Settings,ProxyOverride = *.local
BHO: AutorunsDisabled - No File
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Copy to Semagic - c:\program files\semagic\copy.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Save YouTube Video as MP3 - c:\program files\common files\dvdvideosoft\dll\IEContextMenuY.dll/scriptY2MP3.htm
IE: Semagic - c:\program files\semagic\link.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} -
hxxp://download.eset.com/special/eos/OnlineScanner.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -
hxxp://fpdownload2.macromedia.com/get/f ... wflash.cab================= FIREFOX ===================
FF - ProfilePath - c:\users\carl\appdata\roaming\mozilla\firefox\profiles\no7badff.default\
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
============= SERVICES / DRIVERS ===============
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R3 SiS6350;SiS6350;c:\windows\system32\drivers\SISGRKMD.sys [2008-9-2 458752]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSGB6.sys [2008-9-2 48128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 A27C56FD;A27C56FD;c:\windows\system32\A27C56FD.exe [2011-2-28 6656]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-8-23 38224]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 42368]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2008-9-2 283136]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 gupdate1c9f9105aaf10c5;Google Update Service (gupdate1c9f9105aaf10c5);c:\program files\google\update\GoogleUpdate.exe [2009-6-29 133104]
=============== Created Last 30 ================
2011-03-03 20:23:17 -------- d-sh--w- C:\$RECYCLE.BIN
2011-03-03 20:23:10 -------- d-----w- c:\users\carl\appdata\local\temp
2011-03-03 20:05:09 -------- d-----w- C:\ComboFix
2011-03-03 19:52:10 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{18824cd8-9cc9-4fb3-bb9d-ee9eddf89587}\mpengine.dll
2011-03-01 22:07:31 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2011-03-01 22:07:31 39352 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2011-03-01 22:04:49 -------- d-----w- c:\program files\common files\InfoWatch
2011-03-01 22:04:40 -------- d-----w- c:\program files\Kaspersky Lab
2011-03-01 22:04:40 -------- d-----w- c:\progra~2\Kaspersky Lab
2011-03-01 21:46:17 -------- d-----w- c:\progra~2\Kaspersky Lab Setup Files
2011-03-01 21:12:38 15682 ----a-w- C:\FixitRegBackup.reg
2011-02-28 17:22:46 6656 ----a-w- c:\windows\system32\A27C56FD.exe
2011-02-28 09:34:59 5943120 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{6aea88e0-ff70-44c2-bf7b-31618e6db91d}\mpengine.dll
2011-02-27 13:20:05 86016 ----a-w- c:\progra~2\microsoft\microsoft antimalware\localcopy\{23C67337-EDFC-4FB6-8C35-176303AE6E34}-TaskManager.exe
2011-02-26 20:58:26 86016 ----a-w- c:\progra~2\microsoft\microsoft antimalware\localcopy\{5D143D63-2893-415B-8EA5-B5103DB99102}-TaskManager.exe
2011-02-24 23:10:59 -------- d-----w- C:\_OTM
2011-02-24 08:12:28 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-02-24 08:11:17 40448 ----a-w- c:\windows\system32\winrs.exe
2011-02-24 08:11:17 20480 ----a-w- c:\windows\system32\winrshost.exe
2011-02-24 08:11:17 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2011-02-24 08:11:10 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
2011-02-24 08:11:10 10240 ----a-w- c:\windows\system32\winrssrv.dll
2011-02-20 22:13:14 -------- d-----w- C:\Downloads
2011-02-18 18:02:25 -------- d-----w- C:\MGADiagToolOutput
2011-02-13 19:52:08 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-02-13 19:51:01 634648 ----a-w- c:\program files\internet explorer\iexplore.exe
2011-02-13 19:49:55 1205080 ----a-w- c:\windows\system32\ntdll.dll
2011-02-13 19:49:54 3548048 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-02-13 19:49:52 3600272 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-02-13 19:49:44 2038784 ----a-w- c:\windows\system32\win32k.sys
==================== Find3M ====================
2011-02-02 17:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-08 07:50:00 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 05:57:10 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-28 14:57:35 409600 ----a-w- c:\windows\system32\odbc32.dll
2010-12-20 15:40:24 833024 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 15:37:57 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 14:12:59 389632 ----a-w- c:\windows\system32\html.iec
2010-12-20 13:51:45 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-14 15:49:30 1169408 ----a-w- c:\windows\system32\sdclt.exe
============= FINISH: 20:30:11.83 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-12.02)
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 09/01/2009 17:26:06
System Uptime: 03/03/2011 19:02:04 (1 hours ago)
Motherboard: DIXONSXP | | N/A
Processor: Genuine Intel(R) CPU T1500 @ 1.86GHz | uPGA 479M | 1866/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 101 GiB total, 13.137 GiB free.
S: is FIXED (NTFS) - 1 GiB total, 0.267 GiB free.
==== Disabled Device Manager Items =============
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0002
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #3
PNP Device ID: ROOT\*ISATAP\0002
Service: tunnel
==== System Restore Points ===================
RP1056: 25/02/2011 03:00:17 - Windows Update
RP1057: 26/02/2011 03:44:30 - Windows Update
RP1058: 26/02/2011 03:52:04 - Windows Update
RP1059: 27/02/2011 05:14:09 - Windows Update
RP1060: 27/02/2011 05:22:01 - Windows Update
RP1061: 27/02/2011 17:43:49 - Scheduled Checkpoint
RP1062: 28/02/2011 09:25:19 - Windows Update
RP1063: 28/02/2011 09:34:07 - Windows Update
RP1064: 28/02/2011 17:53:43 - Windows Update
RP1065: 28/02/2011 18:05:46 - Windows Update
RP1066: 28/02/2011 18:25:01 - Windows Update
RP1067: 28/02/2011 23:17:44 - Installed Microsoft Security Essentials
RP1068: 28/02/2011 23:24:08 - Windows Update
RP1069: 28/02/2011 23:30:09 - Windows Update
RP1070: 28/02/2011 23:32:52 - Installed Microsoft Security Essentials
RP1071: 01/03/2011 10:42:45 - Windows Update
RP1072: 01/03/2011 21:11:34 - Installed Microsoft Fix it 50535
RP1073: 01/03/2011 21:59:32 - Installed Kaspersky PURE.
RP1074: 02/03/2011 03:59:53 - Windows Update
RP1075: 03/03/2011 08:24:09 - Windows Update
RP1076: 03/03/2011 19:51:06 - Windows Update
==== Installed Programs ======================
AAC Decoder
Abdio Free ASF Player (Free)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
AoA Audio Extractor 1.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
AutoUpdate
Betfair Rapid
Bonjour
Compatibility Pack for the 2007 Office system
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
FLV Player 2.0 (build 25)
Foxit Reader
Free CD to MP3 Converter
Free YouTube to Mp3 Converter version 3.2
GoldWave v5.25
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
H.264 Decoder
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
IrfanView (remove only)
iTunes
K-Lite Codec Pack 3.2.5 Standard
Launch
LG Internet Kit
LG USB Modem Drivers
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Works
mIRC
MKV Splitter
Mozilla Firefox (3.6.14)
MP4 Player
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Native Instruments Service Center
OGA Notifier 2.0.0048.0
Ogg Codecs 0.81.15562
PhotoScape
Power2Go
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Semagic (remove only)
SiS VGA Utilities
Spare Messaging
SpeedFan (remove only)
Switch Sound File Converter
Synaptics Pointing Device Driver
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.762
VLC media player 1.0.5
Windows Media Player Firefox Plugin
Windows Movie Maker 2.6
WinRAR archiver
XChat 2 (remove only)
==== Event Viewer Messages From Past Week ========
28/02/2011 23:37:59, Error: PlugPlayManager [12] - The device 'TSSTcorp CDDVDW TS-L632H ATA Device' (IDE\CdRomTSSTcorp_CDDVDW_TS-L632H________________TMC0____\5&273a8cb0&0&0.0.0) disappeared from the system without first being prepared for removal.
28/02/2011 23:37:58, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
28/02/2011 23:37:48, Error: cdrom [15] - The device, \Device\CdRom0, is not ready for access yet.
28/02/2011 23:10:04, Error: EventLog [6008] - The previous system shutdown at 20:00:05 on 28/02/2011 was unexpected.
28/02/2011 18:47:15, Error: EventLog [6008] - The previous system shutdown at 18:34:13 on 28/02/2011 was unexpected.
28/02/2011 18:30:21, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
28/02/2011 18:11:20, Error: Service Control Manager [7023] - The Microsoft Antimalware Service service terminated with the following error: The system license has expired. Your logon request is denied.
28/02/2011 18:10:27, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
28/02/2011 18:06:45, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706be: Microsoft Security Essentials Client Update Package - KB2290031 (2.0.657.0).
28/02/2011 17:46:48, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following:
http://go.microsoft.com/fwlink/?linkid= ... 2147599924 User: Carl-PC\Carl Name: Worm:Win32/Pushbot.gen!C ID: 2147599924 Severity: Severe Category: Worm Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.99.240.0, AS: 1.99.240.0 Engine Version: 1.1.6603.0
28/02/2011 17:46:48, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following:
http://go.microsoft.com/fwlink/?linkid= ... 2147637455 User: Carl-PC\Carl Name: TrojanDropper:Win32/Bamital.C ID: 2147637455 Severity: Severe Category: Trojan Dropper Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.99.240.0, AS: 1.99.240.0 Engine Version: 1.1.6603.0
28/02/2011 17:46:48, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following:
http://go.microsoft.com/fwlink/?linkid= ... 2147632585 User: Carl-PC\Carl Name: TrojanDownloader:Win32/Cutwail.BA ID: 2147632585 Severity: Severe Category: Trojan Downloader Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.99.240.0, AS: 1.99.240.0 Engine Version: 1.1.6603.0
28/02/2011 17:46:48, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following:
http://go.microsoft.com/fwlink/?linkid= ... 2147632584 User: Carl-PC\Carl Name: Trojan:Win32/Rimecud.A ID: 2147632584 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.99.240.0, AS: 1.99.240.0 Engine Version: 1.1.6603.0
28/02/2011 17:46:48, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following:
http://go.microsoft.com/fwlink/?linkid= ... 2147638124 User: Carl-PC\Carl Name: Trojan:Win32/Dynamer!dtc ID: 2147638124 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.99.240.0, AS: 1.99.240.0 Engine Version: 1.1.6603.0
28/02/2011 17:46:48, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following:
http://go.microsoft.com/fwlink/?linkid= ... 2147632663 User: Carl-PC\Carl Name: Rogue:Win32/FakeYak ID: 2147632663 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.99.240.0, AS: 1.99.240.0 Engine Version: 1.1.6603.0
28/02/2011 17:46:48, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following:
http://go.microsoft.com/fwlink/?linkid= ... 2147598479 User: Carl-PC\Carl Name: PWS:Win32/Zbot ID: 2147598479 Severity: Severe Category: Password Stealer Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.99.240.0, AS: 1.99.240.0 Engine Version: 1.1.6603.0
28/02/2011 17:44:52, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following:
http://go.microsoft.com/fwlink/?linkid= ... 2147599924 User: Carl-PC\Carl Name: Worm:Win32/Pushbot.gen!C ID: 2147599924 Severity: Severe Category: Worm Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.99.240.0, AS: 1.99.240.0 Engine Version: 1.1.6603.0
28/02/2011 17:40:38, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following:
http://go.microsoft.com/fwlink/?linkid= ... tid=159633 User: Carl-PC\Carl Name: Adware:Win32/OpenCandy ID: 159633 Severity: Low Category: Adware Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.99.240.0, AS: 1.99.240.0 Engine Version: 1.1.6603.0
28/02/2011 16:47:58, Error: EventLog [6008] - The previous system shutdown at 10:55:03 on 28/02/2011 was unexpected.
28/02/2011 09:20:29, Error: EventLog [6008] - The previous system shutdown at 01:32:18 on 28/02/2011 was unexpected.
27/02/2011 20:00:59, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC MpFilter NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6
27/02/2011 20:00:59, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
27/02/2011 20:00:59, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
27/02/2011 20:00:59, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
27/02/2011 20:00:59, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
27/02/2011 20:00:59, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
27/02/2011 20:00:59, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
27/02/2011 20:00:59, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
27/02/2011 20:00:59, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
27/02/2011 20:00:59, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
27/02/2011 20:00:59, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
27/02/2011 20:00:59, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
27/02/2011 20:00:59, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
27/02/2011 20:00:59, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
27/02/2011 20:00:59, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
27/02/2011 20:00:59, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
27/02/2011 20:00:53, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
27/02/2011 20:00:52, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
27/02/2011 20:00:16, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
27/02/2011 20:00:16, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
27/02/2011 20:00:14, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
27/02/2011 20:00:05, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
27/02/2011 19:52:13, Error: EventLog [6008] - The previous system shutdown at 19:50:26 on 27/02/2011 was unexpected.
27/02/2011 13:20:38, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following:
http://go.microsoft.com/fwlink/?linkid= ... 2147599924 User: Carl-PC\Carl Name: Worm:Win32/Pushbot.gen!C ID: 2147599924 Severity: Severe Category: Worm Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.99.185.0, AS: 1.99.185.0 Engine Version: 1.1.6603.0
27/02/2011 12:07:59, Error: EventLog [6008] - The previous system shutdown at 11:11:35 on 27/02/2011 was unexpected.
27/02/2011 05:09:47, Error: EventLog [6008] - The previous system shutdown at 21:21:23 on 26/02/2011 was unexpected.
26/02/2011 20:59:19, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following:
http://go.microsoft.com/fwlink/?linkid= ... 2147599924 User: Carl-PC\Carl Name: Worm:Win32/Pushbot.gen!C ID: 2147599924 Severity: Severe Category: Worm Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.99.138.0, AS: 1.99.138.0 Engine Version: 1.1.6603.0
26/02/2011 17:44:20, Error: EventLog [6008] - The previous system shutdown at 12:12:39 on 26/02/2011 was unexpected.
26/02/2011 11:40:04, Error: EventLog [6008] - The previous system shutdown at 11:23:06 on 26/02/2011 was unexpected.
26/02/2011 10:36:41, Error: EventLog [6008] - The previous system shutdown at 04:25:15 on 26/02/2011 was unexpected.
25/02/2011 18:31:12, Error: EventLog [6008] - The previous system shutdown at 17:41:03 on 25/02/2011 was unexpected.
25/02/2011 15:51:15, Error: EventLog [6008] - The previous system shutdown at 10:43:09 on 25/02/2011 was unexpected.
25/02/2011 09:40:39, Error: EventLog [6008] - The previous system shutdown at 03:37:14 on 25/02/2011 was unexpected.
24/02/2011 23:13:09, Error: Ntfs [137] - The default transaction resource manager on volume Vista encountered a non-retryable error and could not start. The data contains the error code.
24/02/2011 23:11:00, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
24/02/2011 23:04:31, Error: EventLog [6008] - The previous system shutdown at 18:43:59 on 24/02/2011 was unexpected.
24/02/2011 16:25:53, Error: EventLog [6008] - The previous system shutdown at 08:37:28 on 24/02/2011 was unexpected.
24/02/2011 08:33:37, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800b0100: Update for Windows Vista (KB970430).
24/02/2011 08:05:15, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
24/02/2011 08:03:38, Error: EventLog [6008] - The previous system shutdown at 01:17:43 on 24/02/2011 was unexpected.
24/02/2011 08:03:26, Error: Microsoft-Windows-Kernel-Processor-Power [2] - Performance power management features on processor 1 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
24/02/2011 08:03:26, Error: Microsoft-Windows-Kernel-Processor-Power [2] - Performance power management features on processor 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
03/03/2011 20:09:31, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
03/03/2011 17:08:16, Error: EventLog [6008] - The previous system shutdown at 17:06:01 on 03/03/2011 was unexpected.
03/03/2011 15:57:54, Error: EventLog [6008] - The previous system shutdown at 08:51:02 on 03/03/2011 was unexpected.
03/03/2011 08:20:12, Error: EventLog [6008] - The previous system shutdown at 00:00:34 on 03/03/2011 was unexpected.
02/03/2011 23:02:48, Error: EventLog [6008] - The previous system shutdown at 23:01:24 on 02/03/2011 was unexpected.
02/03/2011 22:24:35, Error: EventLog [6008] - The previous system shutdown at 21:47:32 on 02/03/2011 was unexpected.
02/03/2011 18:08:47, Error: EventLog [6008] - The previous system shutdown at 10:52:39 on 02/03/2011 was unexpected.
02/03/2011 10:16:21, Error: EventLog [6008] - The previous system shutdown at 04:22:26 on 02/03/2011 was unexpected.
02/03/2011 10:15:30, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
02/03/2011 10:15:30, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume .
02/03/2011 03:55:46, Error: EventLog [6008] - The previous system shutdown at 22:27:41 on 01/03/2011 was unexpected.
01/03/2011 18:19:55, Error: EventLog [6008] - The previous system shutdown at 14:01:00 on 01/03/2011 was unexpected.
01/03/2011 13:17:12, Error: EventLog [6008] - The previous system shutdown at 10:51:50 on 01/03/2011 was unexpected.
01/03/2011 10:39:42, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
01/03/2011 10:38:43, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00030DAE0AB7. The following error occurred: The wait operation timed out.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
01/03/2011 10:38:20, Error: EventLog [6008] - The previous system shutdown at 01:40:33 on 01/03/2011 was unexpected.
==== End Of File ===========================
ComboFix 11-03-03.01 - Carl 03/03/2011 20:10:04.2.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.353.1033.18.892.430 [GMT 0:00]
Running from: c:\users\Carl\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Java
c:\program files\Java\jre6\lib\ext\dns_sd.jar
c:\program files\Java\jre6\lib\ext\QTJava.zip
c:\users\Carl\AppData\Roaming\winlog
.
((((((((((((((((((((((((( Files Created from 2011-02-03 to 2011-03-03 )))))))))))))))))))))))))))))))
.
2011-03-03 20:19 . 2011-03-03 20:19 -------- d-----w- c:\users\Carl\AppData\Local\temp
2011-03-03 20:19 . 2011-03-03 20:19 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-03-03 20:19 . 2011-03-03 20:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-03 19:52 . 2011-02-23 09:35 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{18824CD8-9CC9-4FB3-BB9D-EE9EDDF89587}\mpengine.dll
2011-03-01 22:07 . 2009-12-14 12:44 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2011-03-01 22:07 . 2009-12-14 12:44 39352 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2011-03-01 22:04 . 2011-03-01 22:04 -------- d-----w- c:\program files\Common Files\InfoWatch
2011-03-01 22:04 . 2011-03-02 04:02 -------- d-----w- c:\programdata\Kaspersky Lab
2011-03-01 22:04 . 2011-03-01 22:04 -------- d-----w- c:\program files\Kaspersky Lab
2011-03-01 21:46 . 2011-03-01 21:46 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2011-03-01 21:12 . 2011-03-01 21:12 15682 ----a-w- C:\FixitRegBackup.reg
2011-02-28 17:22 . 2011-02-28 17:22 6656 ----a-w- c:\windows\system32\A27C56FD.exe
2011-02-28 09:34 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6AEA88E0-FF70-44C2-BF7B-31618E6DB91D}\mpengine.dll
2011-02-27 13:20 . 2011-02-27 13:20 86016 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{23C67337-EDFC-4FB6-8C35-176303AE6E34}-TaskManager.exe
2011-02-26 20:58 . 2011-02-26 20:58 86016 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{5D143D63-2893-415B-8EA5-B5103DB99102}-TaskManager.exe
2011-02-24 23:10 . 2011-02-24 23:10 -------- d-----w- C:\_OTM
2011-02-24 08:12 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-02-24 08:11 . 2009-10-09 21:56 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2011-02-24 08:11 . 2009-10-09 21:56 20480 ----a-w- c:\windows\system32\winrshost.exe
2011-02-24 08:11 . 2009-10-09 21:56 40448 ----a-w- c:\windows\system32\winrs.exe
2011-02-24 08:11 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
2011-02-24 08:11 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\winrssrv.dll
2011-02-20 22:32 . 2011-03-01 20:06 -------- d-----w- c:\users\Carl\AppData\Roaming\dvdcss
2011-02-20 22:13 . 2011-02-20 22:14 -------- d-----w- C:\Downloads
2011-02-18 18:02 . 2011-02-19 11:45 -------- d-----w- C:\MGADiagToolOutput
2011-02-13 19:52 . 2011-01-06 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-02-13 19:51 . 2010-12-20 15:42 634648 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2011-02-13 19:49 . 2010-10-15 13:48 1205080 ----a-w- c:\windows\system32\ntdll.dll
2011-02-13 19:49 . 2010-10-15 14:08 3548048 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-02-13 19:49 . 2010-10-15 14:08 3600272 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-02-13 19:49 . 2010-12-31 13:25 2038784 ----a-w- c:\windows\system32\win32k.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-11 06:54 . 2010-11-25 12:17 5943120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-02-02 17:11 . 2009-10-02 20:09 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-28 14:57 . 2011-01-12 22:59 409600 ----a-w- c:\windows\system32\odbc32.dll
2010-12-20 18:09 . 2010-08-23 05:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 18:08 . 2010-08-23 05:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-14 15:49 . 2011-01-12 22:59 1169408 ----a-w- c:\windows\system32\sdclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-28 6144000]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Launch.lnk
backup=c:\windows\pss\Launch.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
2008-08-06 10:30 20480 ----a-w- c:\program files\Google\Google EULA\GoogleEULALauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 07:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2010-12-20 18:08 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRT]
2011-02-14 07:26 37443528 ----a-w- c:\windows\System32\mrt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 04:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-09-02 11:07 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-02-17 11:26 185872 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
R1 MpKsl043931fe;MpKsl043931fe;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5CB4BF60-28F3-41A1-A58C-63A2077BE244}\MpKsl043931fe.sys [x]
R1 MpKsl05486dce;MpKsl05486dce;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1E1D7671-4664-4645-AEBC-2BF1A979B19B}\MpKsl05486dce.sys [x]
R1 MpKsl087a8610;MpKsl087a8610;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E621BE0B-EF0C-4ADB-8596-75893F29FC33}\MpKsl087a8610.sys [x]
R1 MpKsl116acfbe;MpKsl116acfbe;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C8BFA235-30F0-4037-B6EB-9677CD30F6D1}\MpKsl116acfbe.sys [x]
R1 MpKsl1e9872b0;MpKsl1e9872b0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F6CCE084-4291-4375-85C7-736BF8407A3D}\MpKsl1e9872b0.sys [x]
R1 MpKsl1fe1034e;MpKsl1fe1034e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{42250DC0-17CF-460A-B83C-455966143A25}\MpKsl1fe1034e.sys [x]
R1 MpKsl232af958;MpKsl232af958;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A096048B-606A-48B4-A622-7388325B9F0A}\MpKsl232af958.sys [x]
R1 MpKsl2630b016;MpKsl2630b016;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E621BE0B-EF0C-4ADB-8596-75893F29FC33}\MpKsl2630b016.sys [x]
R1 MpKsl2cdcd736;MpKsl2cdcd736;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A096048B-606A-48B4-A622-7388325B9F0A}\MpKsl2cdcd736.sys [x]
R1 MpKsl2d2d137d;MpKsl2d2d137d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5CB4BF60-28F3-41A1-A58C-63A2077BE244}\MpKsl2d2d137d.sys [x]
R1 MpKsl2e4f2bad;MpKsl2e4f2bad;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E621BE0B-EF0C-4ADB-8596-75893F29FC33}\MpKsl2e4f2bad.sys [x]
R1 MpKsl31f93767;MpKsl31f93767;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6AEA88E0-FF70-44C2-BF7B-31618E6DB91D}\MpKsl31f93767.sys [x]
R1 MpKsl387f365a;MpKsl387f365a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5CB4BF60-28F3-41A1-A58C-63A2077BE244}\MpKsl387f365a.sys [x]
R1 MpKsl3d26ea74;MpKsl3d26ea74;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E621BE0B-EF0C-4ADB-8596-75893F29FC33}\MpKsl3d26ea74.sys [x]
R1 MpKsl47fb5354;MpKsl47fb5354;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1E1D7671-4664-4645-AEBC-2BF1A979B19B}\MpKsl47fb5354.sys [x]
R1 MpKsl4f398684;MpKsl4f398684;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1E1D7671-4664-4645-AEBC-2BF1A979B19B}\MpKsl4f398684.sys [x]
R1 MpKsl5f56ec47;MpKsl5f56ec47;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AB828177-EE3E-48F9-8EF7-5A737C7BBED6}\MpKsl5f56ec47.sys [x]
R1 MpKsl62c2b9f4;MpKsl62c2b9f4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5763317D-C956-4B29-A671-07280BF29BA9}\MpKsl62c2b9f4.sys [x]
R1 MpKsl74ef32c8;MpKsl74ef32c8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F6CCE084-4291-4375-85C7-736BF8407A3D}\MpKsl74ef32c8.sys [x]
R1 MpKsl797dbb70;MpKsl797dbb70;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E621BE0B-EF0C-4ADB-8596-75893F29FC33}\MpKsl797dbb70.sys [x]
R1 MpKsl85775efb;MpKsl85775efb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A096048B-606A-48B4-A622-7388325B9F0A}\MpKsl85775efb.sys [x]
R1 MpKsl910e235a;MpKsl910e235a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{76007F20-AA1C-4659-88C1-2B2543E8FB43}\MpKsl910e235a.sys [x]
R1 MpKsl91d5f318;MpKsl91d5f318;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A096048B-606A-48B4-A622-7388325B9F0A}\MpKsl91d5f318.sys [x]
R1 MpKsl92fd6e49;MpKsl92fd6e49;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A096048B-606A-48B4-A622-7388325B9F0A}\MpKsl92fd6e49.sys [x]
R1 MpKsl9469d47c;MpKsl9469d47c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E621BE0B-EF0C-4ADB-8596-75893F29FC33}\MpKsl9469d47c.sys [x]
R1 MpKsla317d795;MpKsla317d795;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F6CCE084-4291-4375-85C7-736BF8407A3D}\MpKsla317d795.sys [x]
R1 MpKslc40f8d23;MpKslc40f8d23;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AB828177-EE3E-48F9-8EF7-5A737C7BBED6}\MpKslc40f8d23.sys [x]
R1 MpKslc79eec1d;MpKslc79eec1d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1E1D7671-4664-4645-AEBC-2BF1A979B19B}\MpKslc79eec1d.sys [x]
R1 MpKslc9b60dc3;MpKslc9b60dc3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A096048B-606A-48B4-A622-7388325B9F0A}\MpKslc9b60dc3.sys [x]
R1 MpKsld507f2a2;MpKsld507f2a2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{76007F20-AA1C-4659-88C1-2B2543E8FB43}\MpKsld507f2a2.sys [x]
R1 MpKsld6967b9f;MpKsld6967b9f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F6CCE084-4291-4375-85C7-736BF8407A3D}\MpKsld6967b9f.sys [x]
R1 MpKsle6275802;MpKsle6275802;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C8BFA235-30F0-4037-B6EB-9677CD30F6D1}\MpKsle6275802.sys [x]
R1 MpKsledf75447;MpKsledf75447;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C8BFA235-30F0-4037-B6EB-9677CD30F6D1}\MpKsledf75447.sys [x]
R1 MpKslf881d9c6;MpKslf881d9c6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0EF1AE9F-7347-40F4-A502-D69C8EE273BC}\MpKslf881d9c6.sys [x]
R1 MpKslfa308138;MpKslfa308138;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A096048B-606A-48B4-A622-7388325B9F0A}\MpKslfa308138.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 A27C56FD;A27C56FD;c:\windows\system32\A27C56FD.exe [2011-02-28 6656]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-12-20 38224]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 Normandy;Normandy SR2; [x]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-08-07 283136]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 CEBFilter;CEBFilter;c:\program files\C&E\OSD\OsdService\cebuffer.sys [x]
R4 CEIO;CEIO;c:\program files\C&E\OSD\OsdService\ceio.sys [x]
R4 cKBFilter;cKBFilter;c:\program files\C&E\OSD\OsdService\kbfiltr.sys [x]
R4 gupdate1c9f9105aaf10c5;Google Update Service (gupdate1c9f9105aaf10c5);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-29 133104]
S3 SiS6350;SiS6350;c:\windows\system32\DRIVERS\SISGRKMD.sys [2008-05-23 458752]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2007-11-15 48128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder
2010-08-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-02 23:46]
2010-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-29 23:21]
2010-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-29 23:21]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/ig/redirectdomain ... bmod=DSGI;mStart Page =
hxxp://www.google.com/ig/redirectdomain ... &bmod=DSGIuInternet Settings,ProxyOverride = *.local
IE: Copy to Semagic - c:\program files\Semagic\copy.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
IE: Semagic - c:\program files\Semagic\link.htm
FF - ProfilePath - c:\users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\no7badff.default\
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-03-03 20:19
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-03-03 20:23:08
ComboFix-quarantined-files.txt 2011-03-03 20:23
Pre-Run: 14,305,820,672 bytes free
Post-Run: 14,105,415,680 bytes free
- - End Of File - - 20A4B7B5FDDA1049EB5973762B252281
the computer seems to be running ok. firefox searches are not redirected. however im not sure if the viruses are gone?