Solved Google redirect virus (or similar) in my Win7 64-bit

Status
Not open for further replies.
E

erichludwig

Posts: 27   +0
It seems I have a Google Redirect Virus (or similar) in my Win7 64bits Asus laptop. It's not happening often, and hard to reproduce consistently. MBAM, Spybot and Microsoft Security Essentials don't report anything. Laptop seems a bit slower, fan louder than usual, but no serious hangs or CTD. Hope you can help.

Note: I'm using a regular desktop computer right now with internet connection to post on this forum (no trouble with this computer since it's behind a serious firewall at my job, with mcafee enterprise antivirus and such things). My laptop is offline, right next to me. I'm swapping files between both computers with an USB drive.

Here's my logs in the next posts (step 1 to 5, I did this yesterday evening):

I hope you can help. Thank you for your wonderful service.
 
My MBAM log

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.04.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
admin :: G51J [administrator]

04/04/2012 7:31:42 PM
mbam-log-2012-04-04 (19-31-42).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 330054
Time elapsed: 44 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
MBR check part 1

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: PEGATRON CORPORATION
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ASUSTek Computer Inc.
System Product Name: G60J
Logical Drives Mask: 0x0000017c

Kernel Drivers (total 209):
0x02E67000 \SystemRoot\system32\ntoskrnl.exe
0x02E1E000 \SystemRoot\system32\hal.dll
0x00BA3000 \SystemRoot\system32\kdcom.dll
0x00C46000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C95000 \SystemRoot\system32\PSHED.dll
0x00CA9000 \SystemRoot\system32\CLFS.SYS
0x00D07000 \SystemRoot\system32\CI.dll
0x00E30000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00ED4000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EE3000 \SystemRoot\system32\drivers\ACPI.sys
0x00F3A000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00F43000 \SystemRoot\system32\drivers\msisadrv.sys
0x00F4D000 \SystemRoot\system32\drivers\pci.sys
0x00F80000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00F8D000 \SystemRoot\System32\drivers\partmgr.sys
0x00FA2000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00FAB000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00FB7000 \SystemRoot\system32\drivers\volmgr.sys
0x0102A000 \SystemRoot\System32\drivers\volmgrx.sys
0x01086000 \SystemRoot\system32\drivers\pciide.sys
0x0108D000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x0109D000 \SystemRoot\System32\drivers\mountmgr.sys
0x010B7000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x011D3000 \SystemRoot\system32\drivers\atapi.sys
0x01000000 \SystemRoot\system32\drivers\ataport.SYS
0x011DC000 \SystemRoot\system32\drivers\msahci.sys
0x011E7000 \SystemRoot\system32\drivers\amdxata.sys
0x012E9000 \SystemRoot\system32\drivers\fltmgr.sys
0x01335000 \SystemRoot\system32\drivers\fileinfo.sys
0x01349000 \SystemRoot\System32\Drivers\AsDsm.sys
0x01430000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01356000 \SystemRoot\System32\Drivers\msrpc.sys
0x015D3000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01200000 \SystemRoot\System32\Drivers\cng.sys
0x015EE000 \SystemRoot\System32\drivers\pcw.sys
0x01400000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016C3000 \SystemRoot\system32\drivers\ndis.sys
0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x018BF000 \SystemRoot\System32\drivers\tcpip.sys
0x01AC3000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01B0D000 \SystemRoot\system32\drivers\volsnap.sys
0x01B59000 \SystemRoot\System32\Drivers\spldr.sys
0x01B61000 \SystemRoot\System32\drivers\rdyboost.sys
0x01B9B000 \SystemRoot\System32\Drivers\mup.sys
0x01BAD000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01BB6000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01800000 \SystemRoot\system32\DRIVERS\disk.sys
0x01816000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x04400000 \SystemRoot\system32\drivers\cdrom.sys
0x0442A000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x0445B000 \SystemRoot\System32\Drivers\Null.SYS
0x04464000 \SystemRoot\System32\Drivers\Beep.SYS
0x0446B000 \SystemRoot\System32\drivers\vga.sys
0x04479000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0449E000 \SystemRoot\System32\drivers\watchdog.sys
0x044AE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x045EE000 \SystemRoot\system32\drivers\rdpencdd.sys
0x045F7000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01854000 \SystemRoot\System32\Drivers\Msfs.SYS
0x0185F000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01870000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01892000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x042DD000 \SystemRoot\system32\drivers\afd.sys
0x04366000 \SystemRoot\System32\DRIVERS\netbt.sys
0x043AB000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x043B4000 \SystemRoot\system32\DRIVERS\pacer.sys
0x043DA000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x043F0000 \SystemRoot\system32\DRIVERS\netbios.sys
0x04200000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x0421B000 \SystemRoot\system32\drivers\termdd.sys
0x0422F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04280000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0428C000 \SystemRoot\system32\drivers\mssmbios.sys
0x04297000 \SystemRoot\System32\drivers\discache.sys
0x042A6000 \SystemRoot\System32\Drivers\dfsc.sys
0x042C4000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x0168B000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x05897000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x063A0000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x04A09000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04AFD000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04B43000 \SystemRoot\system32\drivers\usbehci.sys
0x04B54000 \SystemRoot\system32\drivers\USBPORT.SYS
0x04BAA000 \SystemRoot\system32\drivers\HDAudBus.sys
0x04CCC000 \SystemRoot\system32\DRIVERS\NETw1v64.sys
0x05393000 \SystemRoot\system32\drivers\sdbus.sys
0x053B3000 \SystemRoot\system32\DRIVERS\rimspe64.sys
0x04C00000 \SystemRoot\system32\DRIVERS\rixdpe64.sys
0x04C56000 \SystemRoot\system32\drivers\1394ohci.sys
0x04C94000 \SystemRoot\system32\DRIVERS\L1C62x64.sys
0x04CA7000 \SystemRoot\system32\drivers\i8042prt.sys
0x063A2000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x04CC5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x053CC000 \SystemRoot\system32\drivers\mouclass.sys
0x053DB000 \SystemRoot\system32\DRIVERS\kbfiltr.sys
0x053E3000 \SystemRoot\system32\drivers\kbdclass.sys
0x053F2000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x04BCE000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x053F7000 \SystemRoot\system32\DRIVERS\ATK64AMD.sys
0x04BE4000 \SystemRoot\system32\drivers\CompositeBus.sys
 
MBR check part 2

0x05800000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x05816000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04BF4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x0583A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x05869000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x017B6000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x0189F000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04CC7000 \SystemRoot\system32\drivers\swenum.sys
0x01272000 \SystemRoot\system32\drivers\ks.sys
0x04A00000 \SystemRoot\system32\drivers\WmBEnum.sys
0x05884000 \SystemRoot\system32\drivers\WmXlCore.sys
0x063EE000 \SystemRoot\system32\drivers\umbus.sys
0x068FB000 \SystemRoot\system32\drivers\usbhub.sys
0x06955000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x08807000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x0696A000 \SystemRoot\system32\drivers\portcls.sys
0x069A7000 \SystemRoot\system32\drivers\drmk.sys
0x089EC000 \SystemRoot\system32\drivers\ksthunk.sys
0x00010000 \SystemRoot\System32\win32k.sys
0x089F2000 \SystemRoot\System32\drivers\Dxapi.sys
0x069C9000 \SystemRoot\System32\Drivers\crashdmp.sys
0x044B7000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x069D7000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x069EA000 \SystemRoot\system32\DRIVERS\monitor.sys
0x06800000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x06818000 \SystemRoot\System32\Drivers\bthport.sys
0x004D0000 \SystemRoot\System32\TSDDD.dll
0x03E70000 \SystemRoot\system32\DRIVERS\xnacc.sys
0x03F1E000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x0480A000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0x049C2000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x049D3000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0x006A0000 \SystemRoot\System32\cdd.dll
0x049DC000 \SystemRoot\system32\drivers\luafv.sys
0x03F3B000 \SystemRoot\system32\drivers\WudfPf.sys
0x03F5C000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x03F88000 \SystemRoot\system32\drivers\BthEnum.sys
0x03F98000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x0721E000 \SystemRoot\system32\DRIVERS\btwavdt.sys
0x07299000 \SystemRoot\system32\drivers\btwaudio.sys
0x0731F000 \SystemRoot\system32\DRIVERS\btwl2cap.sys
0x0732B000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x0732F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x07348000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x07351000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x07366000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x073B9000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x073CC000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x073E4000 \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys
0x09EA5000 \SystemRoot\system32\drivers\HTTP.sys
0x09F6E000 \SystemRoot\system32\DRIVERS\bowser.sys
0x09F8C000 \SystemRoot\System32\drivers\mpsdrv.sys
0x09FA4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x09E00000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x09E4E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0A229000 \SystemRoot\system32\drivers\peauth.sys
0x0A2CF000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0A2DA000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0A30B000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0A31D000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0A6DF000 \SystemRoot\System32\DRIVERS\srv.sys
0x0A777000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
0x0A78F000 \SystemRoot\system32\drivers\WmVirHid.sys
0x0A792000 \SystemRoot\system32\drivers\kbdhid.sys
0x0A7A0000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x0A7AD000 \SystemRoot\System32\Drivers\fastfat.SYS
0x0A7E3000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x0A600000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x77AE0000 \Windows\System32\ntdll.dll
0x47D10000 \Windows\System32\smss.exe
0xFFE00000 \Windows\System32\apisetschema.dll
0xFF110000 \Windows\System32\autochk.exe
0x77CB0000 \Windows\System32\psapi.dll
0x77990000 \Windows\System32\urlmon.dll
0xFFDD0000 \Windows\System32\sechost.dll
0xFFD60000 \Windows\System32\gdi32.dll
0xFFD50000 \Windows\System32\lpk.dll
0xFFD30000 \Windows\System32\imagehlp.dll
0xFFC00000 \Windows\System32\rpcrt4.dll
0xFFB80000 \Windows\System32\shlwapi.dll
0xFF9A0000 \Windows\System32\setupapi.dll
0xFF900000 \Windows\System32\clbcatq.dll
0x77830000 \Windows\System32\wininet.dll
0xFF6F0000 \Windows\System32\ole32.dll
0x77730000 \Windows\System32\user32.dll
0xFF6E0000 \Windows\System32\nsi.dll
0xFE950000 \Windows\System32\shell32.dll
0xFE880000 \Windows\System32\usp10.dll
0xFE7A0000 \Windows\System32\oleaut32.dll
0x77610000 \Windows\System32\kernel32.dll
0xFE770000 \Windows\System32\imm32.dll
0xFE690000 \Windows\System32\advapi32.dll
0xFE630000 \Windows\System32\Wldap32.dll
0x77400000 \Windows\System32\iertutil.dll
0xFE590000 \Windows\System32\comdlg32.dll
0xFE540000 \Windows\System32\ws2_32.dll
0xFE430000 \Windows\System32\msctf.dll
0xFE3B0000 \Windows\System32\difxapi.dll
0xFE310000 \Windows\System32\msvcrt.dll
0x77CA0000 \Windows\System32\normaliz.dll
0xFE2D0000 \Windows\System32\wintrust.dll
0xFE160000 \Windows\System32\crypt32.dll
0xFE120000 \Windows\System32\cfgmgr32.dll
0xFE100000 \Windows\System32\devobj.dll
0xFE060000 \Windows\System32\comctl32.dll
0xFDFF0000 \Windows\System32\KernelBase.dll
0xFDFE0000 \Windows\System32\msasn1.dll
0x75400000 \Windows\SysWOW64\normaliz.dll

Processes (total 64):
0 System Idle Process
4 System
360 C:\Windows\System32\smss.exe
516 C:\Windows\System32\csrss.exe
596 C:\Windows\System32\wininit.exe
616 C:\Windows\System32\csrss.exe
656 C:\Windows\System32\services.exe
664 C:\Windows\System32\lsass.exe
672 C:\Windows\System32\lsm.exe
776 C:\Windows\System32\svchost.exe
844 C:\Windows\System32\nvvsvc.exe
888 C:\Windows\System32\svchost.exe
956 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
1000 C:\Windows\System32\svchost.exe
156 C:\Windows\System32\svchost.exe
376 C:\Windows\System32\svchost.exe
724 C:\Windows\System32\winlogon.exe
1144 C:\Windows\System32\svchost.exe
1232 C:\Windows\System32\svchost.exe
1408 C:\Windows\System32\FBAgent.exe
1456 C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
1584 C:\Program Files\ATKGFNEX\GFNEXSrv.exe
1676 C:\Windows\System32\spoolsv.exe
1736 C:\Windows\System32\nvvsvc.exe
1796 C:\Windows\System32\svchost.exe
1196 C:\Windows\System32\svchost.exe
1500 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2276 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
2348 C:\Windows\System32\SearchIndexer.exe
2480 C:\Windows\System32\svchost.exe
2552 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2644 C:\Windows\System32\taskhost.exe
2668 C:\Windows\System32\taskeng.exe
2744 C:\Windows\System32\dwm.exe
2772 C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2796 C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
2812 C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
2836 C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
2852 C:\Program Files\P4G\BatteryLife.exe
2860 C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2888 C:\Windows\explorer.exe
2920 C:\Windows\SysWOW64\ACEngSvr.exe
2624 C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
2980 C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
3040 C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
2616 C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
3164 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3176 C:\Program Files\Logitech\Gaming Software\LWEMon.exe
3184 C:\Program Files\Microsoft Security Client\msseces.exe
3248 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3960 C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
4000 C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
1824 C:\Windows\System32\WUDFHost.exe
1700 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
1840 C:\Windows\System32\svchost.exe
1904 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
1160 C:\Windows\System32\audiodg.exe
3032 C:\Windows\System32\VSSVC.exe
1996 C:\Windows\System32\svchost.exe
1928 C:\Windows\System32\SearchProtocolHost.exe
3784 C:\Windows\System32\SearchFilterHost.exe
3812 C:\Windows\System32\dllhost.exe
2020 D:\My Data\AntiRootkit\4 master boot record (MBR) check\MBRCheck.exe
3840 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`a962f000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000016`4aaf6e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000032`1bc00000 (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: ST9320423AS, Rev: 0002SDM1
PhysicalDrive1 Model Number: ST9320423AS, Rev: 0002SDM1

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
298 GB \\.\PhysicalDrive1 Unknown MBR code
SHA1: 16FACB29D75458833E397367B1DA17929157C2B3


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
 
DDS log part 1

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by admin at 19:29:16 on 2012-04-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.4085.2409 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\Robocopy.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
 
DDS log part 2

============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uDefault_Page_URL = hxxp://asus.msn.com
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files (x86)\Windows Live\Family Safety\fssbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 10.0.1.1
TCP: Interfaces\{33DDAECC-C18A-46E3-BE32-A72A77DDCFC3} : DhcpNameServer = 10.0.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files (x86)\Windows Live\Family Safety\fssbho.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO-X64: Search Helper - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz1xytif.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://flightsimulatornewsbrief.blogspot.com/
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2009-11-13 14904]
R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimspe64.sys --> C:\Windows\system32\DRIVERS\rimspe64.sys [?]
R2 rixdpcie;rixdpcie;C:\Windows\system32\DRIVERS\rixdpe64.sys --> C:\Windows\system32\DRIVERS\rixdpe64.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 NETw1v64;Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw1v64.sys --> C:\Windows\system32\DRIVERS\NETw1v64.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-1-31 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-28 253600]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-11-13 79360]
S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-11-13 79360]
.
=============== Created Last 30 ================
.
2012-04-04 22:29:35 -------- d-----w- C:\ProgramData\AVAST Software
2012-04-04 22:29:35 -------- d-----w- C:\Program Files\AVAST Software
2012-04-03 01:11:05 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0BB0B28A-76DE-444D-8BBF-D5BE26435A04}\mpengine.dll
2012-03-28 22:18:07 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-03-24 19:30:06 -------- d-----w- C:\Program Files (x86)\FS Panel Studio Demo
2012-03-18 03:13:36 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-18 03:13:36 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-14 00:57:49 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 00:57:46 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 00:57:45 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 00:57:13 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-14 00:57:12 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 00:57:12 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 00:57:12 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 00:57:10 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 00:57:07 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-14 00:57:06 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-13 22:07:45 -------- d-----w- C:\Program Files (x86)\HexEdit
2012-03-13 22:07:35 303616 ----a-w- C:\Windows\IsUninst.exe
.
==================== Find3M ====================
.
2012-04-02 23:08:00 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-28 22:18:07 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 19:30:08.01 ===============
 
End of my logs step 1-5

I guess these are the first logs you need to make a diagnostic?
I tried to install avast but it was very unresponsive (freeze) and I uninstalled it. Maybe a conflict with Microsoft Security Essential? I haven't disabled it (yet).
Do you need the Attach.txt log from DDS?
Thanks
 
The MBR Check is not in the steps> this is: Step 3: GMER Please go back to the thread and follow instructions for GMER.

Preliminary Virus and Malware Removal.
===========================================
Then run Bootkit Remover:

Download Bootkit Remover.zip and save to your desktop.
  1. Extract the boot cleaner.exe file from the RAR using a program capable of extracting compressed files. (Use 7-Zip if you don't have an extraction program, )
  2. Double-click on the boot cleaner.exe file to run the program.
    (Vista/7 users,right click on remover.exe and click Run As Administrator.)
  3. You will see a black screen with data
  4. Right click on the screen and click Select All.
  5. Press CTRL+C
  6. Open a Notepad and press CTRL+V
  7. Paste the output in your next reply.
-------------------------------------------
The do the following after running the Bootkit Removed
  • Open Notepad
  • Copy and paste the text in the codebox into Notepad:

Code: 
@ECHO OFF
START boot cleaner.exe fix  \\.\PhysicalDrive1  
EXIT
  • Go FILE > SAVE AS and in the drop down box select SAVE AS TYPE to ALL FILES
  • In the FILE NAME box type fix.bat.
  • Save fix.bat to your Desktop.
  • Double click on fixbat to run.
    You may see a black box appear; this is normal.
  • When done, run bootkit.exe again and post its output.
================================
There is another log from the DDS scan. It is named Attach.txt. This is only a name, not a direction. Please find it and include it in your next reply.
===================================
NOTE: "fan louder than usual" = heat. Clean inside of laptop= carefully.

"It's not happening often, and hard to reproduce consistently.">>>Please explain what happens in what you are calling a "redirect or similar."
===================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't follow directions given to someone else
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
Threads are closed after 5 days if there is no reply.
==========================================
We will continue after you run the Bootkit remover and answer my questions.
=======================================
If you are using a flash drive, I suggest that you protect and disinfect it:
  • Please download Panda USB Vaccine(you must provide valid e-mail and they will send you download link to this e-mail address) to your desktop.
  • Install and run it.
  • Plug in USB drive and click on Vaccinate USB and Vaccinate computer.


:
 
I guess these are the first logs you need to make a diagnostic?
I tried to install avast but it was very unresponsive (freeze) and I uninstalled it. Maybe a conflict with Microsoft Security Essential? I haven't disabled it (yet).
Do you need the Attach.txt log from DDS?
Thanks
Click to expand...

We posted at same time. You do not need Avast if you have MSE- only one antivirus. Please be careful to read all instructions carefully

Yes for the Attach.exe log.
 
My GMER log

Wll post GMER log soon (currently redoing it, sorry about that)
Found the Bootkit Remover.zip (in the download area)
Guess I'm nervous... will breath deeply and read carefully... Thanks for your patience...
 
GMER log

I guess the correct URL for the Bootkit Remover is
http://www.smartestcomputing.us.com/files/file/11-bootkit-remover/
(submitted by Broni Dec 11 2011 04:33 PM)

So here is my GMER log :

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-05 10:33:00
Windows 6.1.7601 Service Pack 1
Running: yqeku1oc.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243d48bbe
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243d48bbe (not active ControlSet)

---- Files - GMER 1.0.15 ----

File C:\ADSM_PData_0150 0 bytes
File C:\ADSM_PData_0150\DB 0 bytes
File C:\ADSM_PData_0150\DB\SI.db 624 bytes
File C:\ADSM_PData_0150\DB\UL.db 16 bytes
File C:\ADSM_PData_0150\DB\VL.db 16 bytes
File C:\ADSM_PData_0150\DB\WAL.db 2048 bytes
File C:\ADSM_PData_0150\DragWait.exe 315392 bytes executable
File C:\ADSM_PData_0150\_avt 512 bytes

---- EOF - GMER 1.0.15 ----
 
Log before & after Bootkit removal

So I did the Bootkit steps before and after the fix.bat :

Before

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
, 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`a962f000
Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...


After Bootkit removal (look the same to me, is that ok? maybe not...)

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
, 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`a962f000
Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...
 
attach.txt log part 1

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 23/11/2011 8:14:26 PM
System Uptime: 05/04/2012 9:06:34 AM (1 hours ago)
.
Motherboard: PEGATRON CORPORATION | | G60J
Processor: Intel(R) Core(TM) i7 CPU Q 720 @ 1.60GHz | Socket 989 | 1600/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 36.797 GiB free.
D: is FIXED (NTFS) - 209 GiB total, 58.725 GiB free.
E: is FIXED (NTFS) - 98 GiB total, 32.154 GiB free.
F: is FIXED (NTFS) - 200 GiB total, 87.648 GiB free.
G: is CDROM ()
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP93: 27/03/2012 8:31:58 PM - Windows Update
RP94: 28/03/2012 6:09:26 PM - Removed QuickTime
RP95: 30/03/2012 9:21:17 PM - Windows Update
RP96: 02/04/2012 6:23:32 PM - Installed Microsoft Flight
RP97: 02/04/2012 7:07:21 PM - Installed Java(TM) 6 Update 31
RP98: 04/04/2012 6:29:16 PM - avast! Free Antivirus Setup
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
737 Captain (737-200) Upgrade 0.5
737 Captain (737-200) Upgrade 0.7
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1 MUI
aerosoft's - Tahiti X
AI Carriers
ALPHA EFA Typhoon FSX
ASUS AI Recovery
ASUS AP Bank
ASUS Data Security Manager
ASUS FancyStart
ASUS LifeFrame3
ASUS Live Update
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Virtual Camera
ASUS WebStorage
ASUS_ScreenSaver_GSeries
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
ATK Generic Function Service
ATK Hotkey
ATKOSD2
Audacity 1.3.12 (Unicode)
BitTornado 0.3.17
Choice Guard
ControlDeck
Creative MediaSource 5
Disktrix UltimateDefrag
Express Gate
FFmpeg for Audacity on Windows
Flight Simulator X
Flight Simulator X Service Pack 1
FS Panel Studio for FSX Build 20207
FS Panel Studio FSPS Demo
Game Booster
HexEdit
Island Wars 2
Jasc Paint Shop Pro 8
Jasc Paint Shop Pro 8.10 Update Patch
Java Auto Updater
Java(TM) 6 Update 31
Junk Mail filter update
Just Flight - 757 Jetliner - Freemium Livery Pack 15
Just Flight - 757 Jetliner Freemium
Just Flight - A318 Jetliner
Just Flight - DC-6B - Legends of Flight DEMO
LAME v3.98.2 for Audacity
Malwarebytes Anti-Malware version 1.60.1.1000
Merimbula (YMER) v1.0
Microsoft Flight
Microsoft Flight Simulator X
Microsoft Flight Simulator X: Acceleration
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (Arabic) 2007
Microsoft Office Excel MUI (Chinese (Simplified)) 2007
Microsoft Office Excel MUI (Chinese (Traditional)) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (French) 2007
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
Microsoft Office Excel MUI (Portuguese (Portugal)) 2007
Microsoft Office Excel MUI (Spanish) 2007
Microsoft Office Excel MUI (Thai) 2007
Microsoft Office Excel MUI (Turkish) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office IME (Chinese (Simplified)) 2007
Microsoft Office IME (Chinese (Traditional)) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (Arabic) 2007
Microsoft Office OneNote MUI (Chinese (Simplified)) 2007
Microsoft Office OneNote MUI (Chinese (Traditional)) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office OneNote MUI (French) 2007
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007
Microsoft Office OneNote MUI (Portuguese (Portugal)) 2007
Microsoft Office OneNote MUI (Spanish) 2007
Microsoft Office OneNote MUI (Thai) 2007
Microsoft Office OneNote MUI (Turkish) 2007
Microsoft Office PowerPoint MUI (Arabic) 2007
Microsoft Office PowerPoint MUI (Chinese (Simplified)) 2007
Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (French) 2007
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2007
Microsoft Office PowerPoint MUI (Spanish) 2007
Microsoft Office PowerPoint MUI (Thai) 2007
Microsoft Office PowerPoint MUI (Turkish) 2007
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (Basque) 2007
Microsoft Office Proof (Catalan) 2007
Microsoft Office Proof (Chinese (Simplified)) 2007
Microsoft Office Proof (Chinese (Traditional)) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Galician) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Portuguese (Brazil)) 2007
Microsoft Office Proof (Portuguese (Portugal)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Thai) 2007
Microsoft Office Proof (Turkish) 2007
Microsoft Office Proofing (Arabic) 2007
Microsoft Office Proofing (Chinese (Simplified)) 2007
Microsoft Office Proofing (Chinese (Traditional)) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (French) 2007
Microsoft Office Proofing (Portuguese (Brazil)) 2007
Microsoft Office Proofing (Portuguese (Portugal)) 2007
Microsoft Office Proofing (Spanish) 2007
Microsoft Office Proofing (Thai) 2007
Microsoft Office Proofing (Turkish) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (Arabic) 2007
Microsoft Office Shared MUI (Chinese (Simplified)) 2007
Microsoft Office Shared MUI (Chinese (Traditional)) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (French) 2007
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
Microsoft Office Shared MUI (Portuguese (Portugal)) 2007
Microsoft Office Shared MUI (Spanish) 2007
Microsoft Office Shared MUI (Thai) 2007
Microsoft Office Shared MUI (Turkish) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (Arabic) 2007
Microsoft Office Word MUI (Chinese (Simplified)) 2007
Microsoft Office Word MUI (Chinese (Traditional)) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (French) 2007
Microsoft Office Word MUI (Portuguese (Brazil)) 2007
Microsoft Office Word MUI (Portuguese (Portugal)) 2007
Microsoft Office Word MUI (Spanish) 2007
Microsoft Office Word MUI (Thai) 2007
Microsoft Office Word MUI (Turkish) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 11.0 (x86 en-US)
Mp3tag v2.46a
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Mudry Cap-10
NL2000V4_installer
Notepad++
NVIDIA PhysX
Panda USB Vaccine 1.0.1.4
Project BO-105 PAH
RAF Marham FSX
Realtek High Definition Audio Driver
RICOH R5U230 Media Driver ver.2.05.02.02
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Short Empire for FSX
Skype™ 5.8
Sound Blaster Audigy HD
Spybot - Search & Destroy
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Vallen JPegger
VEH Clemenceau V2-09
VLC media player 1.1.4
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
WinFlash
Wireless Console 3
 
attach.txt log part 2

.
==== Event Viewer Messages From Past Week ========
.
31/03/2012 8:27:59 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
31/03/2012 6:56:35 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
31/03/2012 5:38:24 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
31/03/2012 2:11:28 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
30/03/2012 9:11:13 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
30/03/2012 8:20:25 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
30/03/2012 3:48:56 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
30/03/2012 11:56:11 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
30/03/2012 10:01:05 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
29/03/2012 8:54:33 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
29/03/2012 5:18:40 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
29/03/2012 10:02:26 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
05/04/2012 9:16:55 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.948.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
05/04/2012 9:07:14 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
04/04/2012 8:37:02 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.948.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
04/04/2012 8:27:13 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
 
attach.txt log part 3 / 3

04/04/2012 7:20:14 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.948.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
04/04/2012 7:10:03 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
04/04/2012 7:00:10 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.948.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
04/04/2012 6:50:27 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
04/04/2012 6:47:33 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
04/04/2012 6:47:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
04/04/2012 6:47:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
04/04/2012 6:47:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
04/04/2012 6:47:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
04/04/2012 6:47:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
04/04/2012 6:47:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
04/04/2012 6:46:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
04/04/2012 6:46:59 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
04/04/2012 6:46:59 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
04/04/2012 6:46:59 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
04/04/2012 6:46:59 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
04/04/2012 6:46:59 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
04/04/2012 6:46:59 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
04/04/2012 6:46:59 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
04/04/2012 6:46:59 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
04/04/2012 6:46:59 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
04/04/2012 6:46:59 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
04/04/2012 6:42:21 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
04/04/2012 6:38:42 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
04/04/2012 5:59:33 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.948.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
04/04/2012 5:49:30 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
03/04/2012 8:20:43 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
03/04/2012 5:44:56 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
02/04/2012 6:05:14 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.854.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
02/04/2012 5:55:42 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
01/04/2012 8:26:11 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
01/04/2012 8:17:49 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
01/04/2012 7:47:31 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
01/04/2012 1:40:27 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
.
==== End Of File ===========================
 
Sorry had to post my logs in multiple posts, looks like it's too big for your forum or my ISP is limiting my uploads....

"It's not happening often, and hard to reproduce consistently.">>>Please explain what happens in what you are calling a "redirect or similar."

In firefox, while searching in google, sometimes I select a page (a famous flight simulator forum) and I am redirected to something completly diffirent. Didn't write down the URL, it was highly suspicious. Happen once in a while (no more than 4 times a week).

I've just installed Panda Vaccine. Thanks for the tip. Looks very useful.

I guess I followed your instructions in your last post. Over to you. Thanks.
 
I guess I missed to copy properly the result of the first Bootkit Remover log before the fix.dat script, maybe that's why my two Bootkit logs are identical... Sorry...
 
Okay, I thought I'd save a step but it looks like it was unnecessary. MBR check showed:
298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
298 GB \\.\PhysicalDrive1 Unknown MBR code
SHA1: 16FACB29D75458833E397367B1DA17929157C2B3
Click to expand...

PhysicalDrive 0 is main hard drive and okay.
PhysicalDrive1 showed 'unknown' MBR code but did not show up in the Bootkit Remover. Is that a partition?
======================================
Many of the errors in the Event Viewer are from Microsoft Antimalware Real-Time Protection >>>>>The filter driver requires an up-to-date engine in order to function. You must install the latest definition>> You must install the latest definition updates in order to enable real-time protection.

I see this so often in logs! The only suggestion I have for that in particular is to uninstall/reinstall the program.
==========================================
I select a page (a famous flight simulator forum) and I am redirected to something completly diffirent. Didn't right down the URL, it was highly suspicious. Happen once in a while (no more than 4 times a week).
Click to expand...
You do a search in the Google Search box in Firefox and click on Search. A page from Google displays with hits for that search. You choose on of the hits, but instead of THAT coming up, some other unrelated site come up. This is correct??? But it only happens once in a while- correct??

This is not a 'typical' redirect- not this seldom.
1. Does it happen only in Firefox?
2. If you copy a URL and paste it in the Address Bar, does the right site come up.
3. If you type a URL in the Address bar, does the right site come up?
4. If you click on a shortcut for a URL, such as in History/Bookmarks/Favorites, does the correct site display.
5. Is it possible that the few times the site does not display and is redirected is happening for the same site(s)?
6. Does this happen on any particular types of sites, such as a secure site?
7. Are you experiencing any connection problems e.g. connecting to the internet?
======================================
There is also some indication that all of the Services and their Dependencies might not be running, so we need to check that:

Please download Farbar Service Scanner
  • Check ALL boxes to include all files.
  • Press the Scan button
  • Log named FSS.txt will be created in the same directory as the tool
  • Please paste the log into your next reply
========================================
Let's go ahead with the following and see if they pick anything up. So far I'm not seeing malware entries:
You said the lappy was offline now. If that's because you cannot connect and run in Normal Mode? If you just decided to go offline, but can access, it would be best to connect to run the following scans. You can't put a recovery console on the system in Safe Mode, nor can you run the Eset scan.

Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Before you run the Combofix scan, please disable any security software you have running.

Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe
    cf-icon.jpg
    & follow the prompts.
  • If prompted for Recovery Console, please allow.
  • Once installed, you should see a blue screen prompt that says:
    • The Recovery Console was successfully installed.[/b]
    • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
    • Note: No query will be made if the Recovery Console is already on the system.
  • .Close/disable all anti virus and anti malware programs
    (If you need help with this, please see HERE)
  • .Close any open browsers.
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.
Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
======================================
To run the Eset Online Virus Scan:
If you use Internet Explorer:
  1. Open the ESETOnlineScan
  2. Skip to #4 to "Continue with the directions"

    If you are using a browser other than Internet Explorer
  3. Open Eset Smart Installer
    [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
    [o] Double click on the desktop icon to run.
    [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
  4. Continue with the directions.
  5. Check 'Yes I accept terms of use.'
  6. Click Start button
  7. Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  8. Uncheck 'Remove found threats'
  9. Check 'Scan archives/
  10. Leave remaining settings as is.
  11. Press the Start button.
  12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  13. When the scan completes, press List of found threats
  14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  15. Push the Back button, then Finish
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
 
your Question: PhysicalDrive 0 is main hard drive and okay. PhysicalDrive1 showed 'unknown' MBR code but did not show up in the Bootkit Remover. Is that a partition?

Answer: No it's not a partition. I have 2 hard drives, PhysicalDrive1 is my second "data" drive with no OS. But I do have partitions, 4 of them: 2 for each drive: drive 0 = C:, D: - drive 1 = E:, F:

Q: You do a search in the Google Search box in Firefox and click on Search. A page from Google displays with hits for that search. You choose on of the hits, but instead of THAT coming up, some other unrelated site come up. This is correct??? But it only happens once in a while- correct??

A: Yes, all of this is correct. But I use also the main Google home page and Googlebar Lite v 4.8.2 by Jonah Bishop in Firefox (since the real Googlebar is not available anymore in Firefox 11). I don't use the regular Firefox Google Search box (not enough options for my taste).

Q: This is not a 'typical' redirect- not this seldom.

Q1. Does it happen only in Firefox?
A1: Can't tell. I use only Firefox, I don't like IE at all, but I do have it, two versions, 32 and 64 bits.
Q2. If you copy a URL and paste it in the Address Bar, does the right site come up.
A2: Yes it does.
Q3. If you type a URL in the Address bar, does the right site come up?
A3: Yes
Q4. If you click on a shortcut for a URL, such as in History/Bookmarks/Favorites, does the correct site display.
A4: Yes
Q5. Is it possible that the few times the site does not display and is redirected is happening for the same site(s)?
A5: No, different sites, but I'm not 100% positive, need to make more tests.
Q6. Does this happen on any particular types of sites, such as a secure site?
A6: Didn't notice anything like this (you mean ssl encrypted pages?)
Q7. Are you experiencing any connection problems e.g. connecting to the internet?
A7: No, my apple wifi router at home works fine, and here at the office it's ok too

Q: You said the lappy was offline now. If that's because you cannot connect and run in Normal Mode? If you just decided to go offline, but can access, it would be best to connect to run the following scans. You can't put a recovery console on the system in Safe Mode, nor can you run the Eset scan:

A: My laptop is back online, no problem to connect at home or here. I'm online only when surfing the net, since this is mostly a gaming laptop and I play offline. But now I'm at the office, and I'm using my boss' wifi router (don't tell). So I'll be able run the 3 scans you suggested.

Here are the logs for FSS, Combofix and eset (in separate posts below)

eset is not finished yet (so far 44min.) but a threat was found after 20min:
Java/TrojanDownloader.Agent.NCJ trojan

Will post the complete eset log later.
 
Farbar Service Scanner log

Farbar Service Scanner Version: 01-03-2012
Ran by admin (administrator) on 05-04-2012 at 12:32:14
Running from "C:\Users\admin\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
 
ComboFix log part 1

ComboFix 12-04-05.06 - admin 05/04/2012 12:38:17.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.4085.2617 [GMT -4:00]
Running from: c:\users\admin\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{A9CC77F7-77AC-48C5-A48D-7E6FCD115C8D}\_Setup.dll
c:\programdata\Tarma Installer\{A9CC77F7-77AC-48C5-A48D-7E6FCD115C8D}\20120301183614.log
c:\programdata\Tarma Installer\{A9CC77F7-77AC-48C5-A48D-7E6FCD115C8D}\Setup.dat
c:\programdata\Tarma Installer\{A9CC77F7-77AC-48C5-A48D-7E6FCD115C8D}\Setup.exe
c:\programdata\Tarma Installer\{A9CC77F7-77AC-48C5-A48D-7E6FCD115C8D}\Setup.ico
c:\programdata\Tarma Installer\{D085AEC0-D870-410F-9C04-D9CF1FA9EE5F}\_Setup.dll
c:\programdata\Tarma Installer\{D085AEC0-D870-410F-9C04-D9CF1FA9EE5F}\20111216113430.log
c:\programdata\Tarma Installer\{D085AEC0-D870-410F-9C04-D9CF1FA9EE5F}\20120222220634.log
c:\programdata\Tarma Installer\{D085AEC0-D870-410F-9C04-D9CF1FA9EE5F}\20120222220649.log
c:\programdata\Tarma Installer\{D085AEC0-D870-410F-9C04-D9CF1FA9EE5F}\Setup.dat
c:\programdata\Tarma Installer\{D085AEC0-D870-410F-9C04-D9CF1FA9EE5F}\Setup.exe
c:\programdata\Tarma Installer\{D085AEC0-D870-410F-9C04-D9CF1FA9EE5F}\Setup.ico
.
.
((((((((((((((((((((((((( Files Created from 2012-03-05 to 2012-04-05 )))))))))))))))))))))))))))))))
.
.
2012-04-05 16:41 . 2012-04-05 16:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-05 16:29 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B617E7A5-E4B6-47AF-A39A-557625163877}\mpengine.dll
2012-04-05 14:34 . 2012-04-05 14:34 -------- d-----w- c:\programdata\Panda Security
2012-04-05 14:33 . 2012-04-05 14:33 -------- d-----w- c:\program files (x86)\Panda USB Vaccine
2012-04-04 22:30 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-04-04 22:29 . 2012-04-04 22:49 -------- d-----w- c:\programdata\AVAST Software
2012-04-04 22:29 . 2012-04-04 22:29 -------- d-----w- c:\program files\AVAST Software
2012-04-02 23:30 . 2012-04-02 23:30 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-04-02 23:07 . 2012-04-02 23:07 -------- d-----w- c:\program files (x86)\Java
2012-03-28 22:18 . 2012-03-28 22:18 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-24 19:30 . 2012-03-24 19:30 -------- d-----w- c:\program files (x86)\FS Panel Studio Demo
2012-03-18 03:13 . 2012-03-18 03:13 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-18 03:13 . 2012-03-18 03:13 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-14 00:57 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 00:57 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 00:57 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 00:57 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 00:57 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 00:57 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 00:57 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 00:57 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 00:57 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 00:57 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 22:07 . 2012-03-13 22:09 -------- d-----w- c:\program files (x86)\HexEdit
2012-03-13 22:07 . 1997-11-19 18:49 303616 ----a-w- c:\windows\IsUninst.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-02 23:08 . 2011-12-01 23:29 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-28 22:18 . 2011-12-15 02:34 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-14 03:27 . 2011-12-05 01:54 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-28 23:44 . 2009-08-18 17:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-02-28 23:44 . 2009-08-18 16:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-10 21:22 . 2012-02-10 21:22 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9E2887D1-4A8E-4EEA-B5D3-4A527D4CC1C3}\gapaengine.dll
2012-01-31 12:44 . 2011-12-03 16:58 279656 ------w- c:\windows\system32\MpSigStub.exe
 
Combofix log part 2

.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
IME File REG_SZ IMSC12.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"ATKOSD2"=c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
"HControlUser"=c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 253600]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-11-13 79360]
R4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-11-13 79360]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 NETw1v64;Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw1v64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 22:18]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-09-05 07:20 227840 ----a-w- c:\program files (x86)\ASUS\Asus WebStorage\3.0.120.241\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-09-05 07:20 227840 ----a-w- c:\program files (x86)\ASUS\Asus WebStorage\3.0.120.241\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-10 16336416]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 64.254.253.110 69.70.221.59
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz1xytif.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://flightsimulatornewsbrief.blogspot.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-ASUS_ScreenSaver_GSeries - c:\windows\system32\ASUS_ScreenSaver_GSeries.scr
AddRemove-Project BO-105 PAH - d:\a essayer\bo-105pah\Uninstal.exe
AddRemove-RAF Marham FSX - d:\a essayer\ACG RAF Marham FSX\Marham FSX Uninstall.exe
AddRemove-Mudry Cap-10 - d:\a essayer\Cap 10\Uninstall_Cap10fsx.exe
AddRemove-VEH Clemenceau V2-09 - f:\flight simulator x\Uninstal VEH_Clemenceau_V2-09.exe
.
.
.
 
Combofix log part 3

--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-05 12:45:11
ComboFix-quarantined-files.txt 2012-04-05 16:45
.
Pre-Run: 40,556,630,016 bytes free
Post-Run: 40,035,082,240 bytes free
.
- - End Of File - - 4972674FF908DEEE077155869EF1BC9B
 
Status
Not open for further replies.

Similar threads

S
At loss: Kernel virus or something else
2
Replies
30
Views
8K
Soup Stand
S
Scorpus
Intel lifts the lid on Arc laptop GPUs, here's what you need to know
Replies
15
Views
3K
meric
M
Bob O'Donnell
Opinion: Will conference rooms help or hurt in the return to work?
Replies
8
Views
1K
Theinsanegamer
T

Latest posts

Back