[Closed] Java Trojan keeps Cropping Up

Status
Not open for further replies.
A

aaronb1232

Posts: 18   +0
Hey all,

For the last ~2 weeks now, every 5 days MSE comes up with something in its scan or pops up a message about a Java Trojan/Trojan Downloader found on the system. When I initially saw this, I did full scans with both MSE and MBAM almost daily, and didn't find anything. However, something would manage to crop up that was Java related.

Something to note: These infected files were always found in my Java AppData folder (C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\ random folders/files from here on...). I'm thinking they're linked together, but whenever I delete one, it seems to download itself back on. I haven't had any issues yet; my web browsers haven't been redirecting themselves, and I haven't gotten any spamming windows or anything like that; there's virtually no sign that anything's wrong other than the messages that my scanners are detecting them. However, as they're Trojans, they're obvious security concerns for me.

Here are the infected files and their locations that MSE detected over the past 2 weeks:

TrojanDownloader:Java/OpenConnection.KR
Found in: containerfile:C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\458317b9-7212efc1
file:C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\458317b9-7212efc1->RequiredJavaComponent.class

Exploit:Java/CVE-2010-0840.BF
Found in: containerfile:C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\126cbbd9-54edaafd
containerfile:C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\2107de3c-487ee999
file:C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\126cbbd9-54edaafd->folder/Ump_45.class
file:C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\2107de3c-487ee999->folder/Ump_45.class

Exploit:Java/CVE-2010-0840.BH
Found in: containerfile:C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\49e03e00-34e2a4ca
containerfile:C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\4a14144e-52409202
containerfile:C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\2a769347-4eacf6c1
file:C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\49e03e00-34e2a4ca->glass/boing.class
file:C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\4a14144e-52409202->glass/boing.class
file:C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\2a769347-4eacf6c1->glass/boing.class

Rogue:Win32/FakeSpypro
Found in: containerfile:C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\455b1452-51f143bf
containerfile:C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\37cf23b0-46089767
file:C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\455b1452-51f143bf->[Obfuscator.JM]->(UPX)
file:C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\37cf23b0-46089767->[Obfuscator.JM]->(UPX)


I did a full scan with MBAM today, and in the middle of it, MSE found another infected file. Here are the logs:

1. MBAM Quick Scan:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5966

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

3/5/2011 12:51:40 PM
mbam-log-2011-03-05 (12-51-40).txt

Scan type: Quick scan
Objects scanned: 169396
Time elapsed: 2 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

2. MBAM Full Scan run earlier today:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5964

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

3/5/2011 12:21:46 PM
mbam-log-2011-03-05 (12-21-46).txt

Scan type: Full scan (C:\|)
Objects scanned: 513568
Time elapsed: 1 hour(s), 28 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

3. GMER log:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-03-05 13:04:36
Windows 6.1.7600 Harddisk0\DR0 -> \Device\00000065 ST350032 rev.SD04
Running: n9jnvpgs.exe; Driver: C:\Users\Aaron\AppData\Local\Temp\aglcrpog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

4. DDS log:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Aaron at 13:09:51.86 on Sat 03/05/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3582.2444 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\PnkBstrA.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Steam\Steam.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\Aaron\Downloads\dds.scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
Trusted Zone: line6.net
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\aaron\appdata\roaming\mozilla\firefox\profiles\cwzufi5z.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.homestarrunner.com/
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]
R1 MpKsl7a76086f;MpKsl7a76086f;c:\programdata\microsoft\microsoft antimalware\definition updates\{9365418c-ec8b-42c6-9aa8-f8f4be2dc150}\MpKsl7a76086f.sys [2011-3-5 28752]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-12-18 176128]
R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2010-11-17 4869488]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2010-11-17 416112]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-12-18 6650368]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-12-18 231936]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-12-18 102416]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 GPWADrv;Service for L6 GuitarPort Driver (WDM);c:\windows\system32\drivers\GPWADrv.sys [2010-3-9 571264]
S3 SaiKF622;SaiKF622;c:\windows\system32\drivers\SaiKF622.sys [2009-6-2 113664]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-11-17 16240]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-18 1343400]
.
=============== Created Last 30 ================
.
2011-03-05 18:07:24 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{9365418c-ec8b-42c6-9aa8-f8f4be2dc150}\MpKsl7a76086f.sys
2011-03-05 18:07:18 5943120 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{9365418c-ec8b-42c6-9aa8-f8f4be2dc150}\mpengine.dll
2011-03-04 14:58:44 -------- d-----w- c:\program files\Microsoft XNA
2011-03-04 14:51:23 -------- d-----w- c:\users\aaron\appdata\local\BIT.TRIP RUNNER
2011-03-01 06:08:28 -------- d-----w- C:\The Neverhood + patch (English)
2011-03-01 05:31:23 -------- d-----w- C:\Neverhood Win7 Color Fix
2011-03-01 05:30:18 -------- d-----w- c:\program files\DreamWorks Interactive
2011-02-28 01:42:26 -------- d-----w- c:\users\aaron\appdata\roaming\Malwarebytes
2011-02-28 01:42:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-28 01:42:20 -------- d-----w- c:\progra~2\Malwarebytes
2011-02-28 01:42:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-28 01:42:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-26 08:03:07 -------- d-----w- c:\program files\Savage XR
2011-02-23 06:41:38 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-02-22 22:32:58 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-22 22:32:57 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-21 22:05:15 -------- d-----w- c:\progra~2\Nexon
2011-02-21 20:01:20 -------- d-----w- c:\program files\BandiMPEG1
2011-02-21 19:57:43 -------- d-----w- c:\progra~2\NexonUS
2011-02-21 19:57:32 -------- d-----w- c:\program files\Nexon
2011-02-21 19:11:13 -------- d-----w- c:\program files\Vindictus
2011-02-21 19:10:55 -------- d-----w- c:\users\aaron\appdata\local\PMB Files
2011-02-21 19:10:54 -------- d-----w- c:\progra~2\PMB Files
2011-02-21 19:10:49 -------- d-----w- c:\program files\Pando Networks
2011-02-15 18:02:30 -------- d-----w- c:\program files\MyDefrag v4.3.1
2011-02-15 02:06:09 -------- d-----w- c:\windows\system32\URTTEMP
2011-02-15 02:01:44 669184 ----a-w- c:\windows\system32\pbsvc.exe
2011-02-12 00:46:22 -------- d-----w- c:\windows\pss
2011-02-11 20:04:28 -------- d-----w- c:\progra~2\Nero
2011-02-11 19:59:27 -------- d-----w- c:\program files\Astonsoft
2011-02-11 00:00:03 289552 ----a-w- c:\windows\system32\temp.001
2011-02-11 00:00:03 28672 ----a-w- c:\windows\system32\temp.000
2011-02-11 00:00:03 -------- d-----w- c:\windows\MVUNINST
2011-02-11 00:00:03 -------- d-----w- c:\program files\Memorex exPressit Label Design Studio
2011-02-10 23:22:51 4277016 ----a-w- c:\progra~2\microsoft\ehome\packages\mceclientux\updateablemarkup-6\markup.dll
2011-02-10 17:19:00 -------- d-----w- c:\users\aaron\appdata\local\MicroVision Applications
2011-02-10 17:18:50 487424 ----a-w- c:\windows\system32\msvcp70.dll
2011-02-10 17:18:50 344064 ----a-w- c:\windows\system32\msvcr70.dll
2011-02-10 17:18:49 -------- d-----w- c:\program files\common files\SureThing Shared
2011-02-04 12:58:15 -------- d-----w- C:\UbuntuUSB
2011-02-04 12:38:07 4277016 ----a-w- c:\progra~2\microsoft\ehome\packages\mceclientux\updateablemarkup-7\markup.dll
2011-02-04 10:33:23 -------- d-----w- c:\program files\WinSCP
.
==================== Find3M ====================
.
2011-03-04 14:51:10 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-03-04 14:51:10 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-03-01 16:45:46 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-15 02:02:17 22328 ----a-w- c:\users\aaron\appdata\roaming\PnkBstrK.sys
2011-02-15 02:02:03 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-02-15 02:01:46 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-01-15 20:16:02 270904 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-01-15 20:11:14 215128 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys
2010-12-21 05:38:24 73728 ----a-w- c:\windows\system32\wscsvc.dll
2010-12-21 05:38:24 51200 ----a-w- c:\windows\system32\wscapi.dll
2010-12-21 05:38:22 981504 ----a-w- c:\windows\system32\wininet.dll
2010-12-21 05:38:22 350720 ----a-w- c:\windows\system32\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- c:\windows\system32\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- c:\windows\system32\upnp.dll
2010-12-21 05:38:16 14336 ----a-w- c:\windows\system32\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- c:\windows\system32\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- c:\windows\system32\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- c:\windows\system32\davclnt.dll
2010-12-21 02:22:53 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2010-12-18 05:29:40 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 05:29:31 541184 ----a-w- c:\windows\system32\kerberos.dll
2010-12-18 04:20:55 386048 ----a-w- c:\windows\system32\html.iec
2010-12-18 03:47:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-14 17:27:46 111960 ----a-w- c:\windows\dxsdkuninst.exe
2009-11-20 02:08:02 3749224 ----a-w- c:\program files\common files\adlmint_libFNP.dll
2009-11-20 02:08:02 2941288 ----a-w- c:\program files\common files\adlmint.dll
.
============= FINISH: 13:10:03.09 ===============


5. DDS Attach log:

!.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/17/2010 2:13:27 PM
System Uptime: 3/5/2011 1:05:47 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M2N-SLI DELUXE
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 6400+ | Socket AM2 | 3214/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 255.457 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: NVIDIA nForce Networking Controller
Device ID: PCI\VEN_10DE&DEV_0373&SUBSYS_82391043&REV_A3\3&2411E6FE&1&48
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller #2
PNP Device ID: PCI\VEN_10DE&DEV_0373&SUBSYS_82391043&REV_A3\3&2411E6FE&1&48
Service: NVENETFD
.
==== System Restore Points ===================
.
RP211: 3/3/2011 3:16:35 PM - Windows Update
RP212: 3/4/2011 8:17:20 AM - Windows Update
RP213: 3/4/2011 9:58:30 AM - Installed Microsoft XNA Framework Redistributable 4.0
RP214: 3/5/2011 10:44:31 AM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
32 Bit HP CIO Components Installer
Acrobat.com
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Creative Suite 4 Master Collection
Adobe CS4 American English Speech Analysis Models
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Premiere Pro CS4 Third Party Content
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Akamai NetSession Interface
Amazon MP3 Downloader 1.0.10
AMD Drag and Drop Transcoding
And Yet It Moves
Apple Application Support
Apple Software Update
ASIO4ALL
Ask Toolbar
Assassin's Creed II
ATI Catalyst Install Manager
ATI Catalyst Registration
Audacity 1.2.6
Autodesk Backburner 2011.0.0
Autodesk DirectConnect 2010 R1
Autodesk MatchMover 2011 32-bit
Autodesk Maya 2011 32-bit
Autodesk Maya 2011 English Documentation 32-bit
B.U.T.T.O.N.
Back to the Future: Ep 2 - Get Tannen!
Bamboo
Bandisoft MPEG-1 Decoder
Battlefield: Bad Company 2
BIT.TRIP RUNNER
Blender (remove only)
BufferChm
Burnout Paradise: The Ultimate Box
Call of Duty: Black Ops
Call of Duty: Black Ops - Multiplayer
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
ccc-core-static
ccc-utility
CCC Help English
Champions Online
Composite 2011
Connect
Counter-Strike: Source
Crysis 2 Demo
Crysis Warhead
Crysis Wars
Crystal Reports Basic for Visual Studio 2008
Destinations
Deus Ex: Game of the Year Edition
Deus Ex: Invisible War
DeviceDiscovery
DjVu Solo 3.1
Dystopia
FileZilla Client 3.3.5.1
FL Studio 9
Foxit Reader
Garry's Mod
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
Gish
GoldenEye: Source - HalfLife 2 Mod
GOMTV Streamer
GPBaseService2
Half-Life 2: Deathmatch
Hardcore
Heroes of Newerth
Hitman: Codename 47
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971091)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973674)
HP Imaging Device Functions 14.0
HP Photosmart Plus B209a-m All-in-One Driver 14.0 Rel. 6
HP Solution Center 14.0
HPProductAssistant
IL Download Manager
Java Auto Updater
Java(TM) 6 Update 24
Jolly Rover
kuler
LAME v3.98.3 for Audacity
Lara Croft and the Guardian of Light
Left 4 Dead 2
Line 6 Uninstaller
Lost Horizon
Machinarium
Magicka - Demo
Malwarebytes' Anti-Malware
Memorex exPressit Label Design Studio
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Device Emulator version 3.0 - ENU
Microsoft DirectX SDK (June 2010)
Microsoft Document Explorer 2008
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft PowerPoint Viewer
Microsoft Security Client
Microsoft Security Essentials
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2008 Professional Edition - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 Tools
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
Microsoft XNA Framework Redistributable 4.0
Mirror's Edge
Monday Night Combat
Mount and Blade: Warband
Mozilla Firefox (3.6.15)
MSDN Library for Visual Studio 2008 - ENU
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mumble and Murmur
MyDefrag v4.3.1
Network
Nexon Game Manager
Notepad++
NVIDIA PhysX
On the Rain-Slick Precipice of Darkness, Episode One
On the Rain-Slick Precipice of Darkness, Episode Two
OpenAL
OpenOffice.org 3.2
Pando Media Booster
PDF Settings CS4
Photoshop Camera Raw
Pirates, Vikings, & Knights II
Pixel Bender Toolkit
PoiZone
Poker Night at the Inventory
Portal
PowerISO
Prince of Persia: The Two Thrones
Project S
PS_AIO_06_B209a-m_SW_Min
PunkBuster Services
Python 2.5.4
QuickTime
Recettear: An Item Shop's Tale
Revenge of the Titans HIB (remove only)
Savage: The Battle For Newerth (Version: 1.0RC3)
Sawer
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Serious Sam HD: The Second Encounter
SolutionCenter
Star Wars Galactic Battlegrounds: Saga
Star Wars Jedi Knight: Dark Forces II
StarCraft II
Status
Steam
Suite Shared Configuration CS4
Super Meat Boy
Swords and Soldiers HD
Synergy
System Protocol One Demo
Team Fortress 2
The Ball
The Misadventures of P.B. Winterbottom
The Neverhood
Toolbox
TortoiseSVN 1.6.12.20536 (32 bit)
Toxic Biohazard
TrayApp
Unigine Heaven Benchmark v2.1
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972221)
VC Runtimes MSI
Ventrilo Client
Vindictus
Vista Shortcut Manager
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
Viva Piñata
Viva Pinata
VLC media player 1.1.5
Warhammer® 40,000®: Dawn of War® II – Retribution™ Beta
Warhammer® 40,000™: Dawn of War® II
WebTablet IE Plugin
WebTablet Netscape Plugin
Winamp
Winamp Detector Plug-in
Windows Live ID Sign-in Assistant
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
WinRAR archiver
WinSCP 4.2.9
WMV9/VC-1 Video Playback
YouTube Downloader 2.6.5
Zombie Panic Source
.
==== Event Viewer Messages From Past Week ========
.
3/5/2011 12:40:54 PM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
3/5/2011 1:01:41 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
3/5/2011 1:01:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/5/2011 1:01:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/5/2011 1:01:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
3/5/2011 1:01:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/5/2011 1:01:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/5/2011 1:01:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/5/2011 1:01:24 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss SCDEmu spldr tdx Wanarpv6 WfpLwf
3/5/2011 1:01:24 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/5/2011 1:01:24 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/5/2011 1:01:24 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/5/2011 1:01:24 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/5/2011 1:01:24 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/5/2011 1:01:24 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
3/5/2011 1:01:24 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/5/2011 1:01:24 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/5/2011 1:01:24 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/5/2011 1:01:24 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/3/2011 2:01:52 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
3/3/2011 10:28:32 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
3/1/2011 12:06:13 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
2/28/2011 10:32:50 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer DANI-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3516BA6F-BE82-4218-9B69-D4D1160D25. The master browser is stopping or an election is being forced.
2/27/2011 10:11:19 PM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
2/27/2011 10:11:19 PM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.
2/27/2011 10:11:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
.
==== End Of File ===========================


Thanks much for any help. It's greatly appreciated.
 
I see you've been a TechSpot member for a while- but it looks like this may be your first visit for malware. I can start you off handling the Java exploits:
To clear the Java Plug-in cache:

  • [1]. Click Start > Control Panel.
    [2]. Double-click the Java icon in the control panel. The Java Control Panel appears.
    5000020301.jpg

    [3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
    [4] Click Delete Files.The Delete Temporary Files dialog box appears.
    5000020303.jpg

    There are three options on this window to clear the cache.Check all.
  • . Delete Files
  • .View Applications
  • .View Applets
    [5]. Click OK on Delete Temporary Files window.
    Note: This deletes all the Downloaded Applications and Applets from the cache.
    [6]. Click Apply> OK on Temporary Files Settings window.
Note: If you want to delete a specific application and applet from the cache, click on View Application and View Applet options respectively.
==================================
That is only specific for the Java exploits however, so we need to check the rest of the system. Please go ahead and run the following while I review these logs:

Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the Active X control to install
  4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  5. Click Start
  6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  7. Click Scan
  8. Wait for the scan to finish
  9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
  10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
  11. Re-enable your Antivirus software.
    NOTE: If you forget to copy to the clipboard, you can find the log here:
    C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
========================================
Download Combofix to your desktop from one of these locations:
Link 1
Link 2http://www.forospyware.com/sUBs/ComboFix.exe
  • Double click combofix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Query- Recovery Console image
    RcAuto1.gif

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    Click to expand...
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes it will open a text window. Please paste that log in your next reply.
Re-enable your Antivirus software.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

I see there have been quite a few errors in the Event Viewer in the past week. Can you tell me please if you have made any changes in the Startup Type of any of the Services?

Important
Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

Please note: I am helping other members also, all of whom have started several days ago and I tend to be slightly less active on the weekend. Do not be impatient if I do not get right back to you.
 
The Event Viewer messages from today are likely from when I tried to run GMER. When I ran the exe, nothing seemed to happen at all. I tried restarting so I could go into Safe Mode, but when I hit restart from the Start Menu, the menu and the start button just disappeared, and when I went to run Firefox, it didn't respond. I thought the OS was fubar'd at that point, so I hit the reset button on the case, and then booted into Safe Mode. Then I could run GMER fine.

The only startup services I've changed are:
1. About a month ago when a similar (possibly-related?) infected file was found, I went into the start up services to see if anything looked fishy. Sure enough, at the bottom there was one entry checked that had no title of any sort, and looked very sketchy. So I unchecked this; it no longer appears in the startup list if I check again, and no issues have arose from this unchecking.
2. I unchecked the Adobe Update service as I was tired of getting constant window spam from Adobe about updating their products.

Right now I'm running the ESET Online Scanner. It hasn't found anything yet, but afterwards I'll run ComboFix and post a log of both.

Thanks much for your help!
 
Hey there,

I got one file from the ESET scan, a file for one of my eBooks for Game Development. I've gotten this before from other scanners in the past, but I always thought it was just a false-positive. Just to be safe, I got rid of it.

Here's the ESET Online Scanner Log:
C:\Users\Aaron\Documents\Game.Design.eBooks.Pack\Programming\Programming AI by Example Source Code.rar probably a variant of Win32/Adware.BHO.KZXQAKS application


As for ComboFix, I can't get the thing to finish correctly. When I run it, it runs through correctly and scans up through Stage 50 or whatever. Then it says it's preparing a log file. Shortly after this, I get a message that reads like this:

The following usage of the path operator in batch-parameter
substitution is invalid: *NXG.vir


For valid formats type CALL /? or FOR /?
The syntax of the command is incorrect.

Note: That *NXG.vir may not be completely accurate--I may have missed a few characters within, but it is consistent, so I can reproduce that error again if you want.

It doesn't matter if i rename the file, or boot up in Safe Mode. I get this error everytime and have to restart because none of the programs will boot up afterwards.

Any ideas?
 
For the Eset entry:

Please download OTMovit by Old Timer and save to your desktop.
  • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    Code: 
    :Files 
C:\Users\Aaron\Documents\Game.Design.eBooks.Pack\Programming\Programming AI by Example Source Code.rar
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
======================================
.NXG File Extension
Web page created with Netopia eSite Builder NXG, an online Web development environment that provides a WYSIWYG ("What You See Is What You Get") interface for creating and updating Web pages; typically built from an eSite Builder NXG template.
NOTE: If a Web address ends in ".nxg," the Web page is most likely hosted on a server running eSite Builder.

The vir designation means it's an infected file. I don't have enough to go on to do anything wiith that file specifically, but do the following and see if it helps:

Uninstall ComboFix and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
===================================
Please download and run the tool below named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
  • Rkill.com
  • Rkill.scr
  • Rkill.pif
  • Rkill.exe
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run then try to immediately run the following>>>>.

Please download exeHelper by Raktor and save it to your desktop.
  • Double-click on exeHelper.com or exeHelper.scr to run the fix tool.
  • A black window should pop up, press any key to close once the fix is completed.
  • A log file called exehelperlog.txt will be created and should open at the end of the scan)
  • A copy of that log will also be saved in the directory where you ran exeHelper.com
  • Copy and paste the contents of exehelperlog.txt in your next reply.

Note: If the window shows a message that says "Error deleting file", please re-run the tool again before posting a log and then post the two logs together (they both will be in the one file).

Post the log and then attempt to download Combofix and scan again.
===================================
My question:
I see there have been quite a few errors in the Event Viewer in the past week. Can you tell me please if you have made any changes in the Startup Type of any of the Services?
Click to expand...
Your reply: (Edited)
The only startup services I've changed are:
..... I went into the start up services ...... one entry checked that had no title of any sort, and looked very sketchy. So I unchecked this; .......
Click to expand...

We are referring to 2 different things. My query was about Services Startup Type:
Start> Run> type in services.msc> enter> Each Services is set with a Startup Type of Automatic, Manual or Disabled.

You are referring to the Startup menu where processes that are checked start on boot.
 
Alright, got ComboFix working this time. One thing I was very alarmed about was it said it had deleted the following folder: c:\windows\system32\Microsoft

This obviously made me a bit alerted, but I'm unsure if it's doing the right thing here--I'll let you be the judge. The first time I tried running Combofix today after the other steps, it said it started scanning and just stopped there. Nothing would quit the process so I had to hit the manual reset key on the case. Once I rebooted, it scanned and made the log file fine.

As for the ESET-found file, I had deleted that already after seeing it, so I'm unsure how effective the MoveIt process went, but I ran it anyway.

No, I don't recall ever changing any values in the Startup menu you showed me now. I've only turned off some start up processes in the menu that I was talking about before.

Anyway, here are the log files:

1. MoveIt

All processes killed
========== FILES ==========
File/Folder C:\Users\Aaron\Documents\Game.Design.eBooks.Pack\Programming\Programming AI by Example Source Code.rar not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Aaron
->Temp folder emptied: 656332 bytes
->Temporary Internet Files folder emptied: 3200500 bytes
->Java cache emptied: 1565929 bytes
->FireFox cache emptied: 49490704 bytes
->Flash cache emptied: 2825 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 130778 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 52.00 mb


OTM by OldTimer - Version 3.1.17.2 log created on 03072011_172258


2. ExeHelper (I'd run in twice, hence two entries)
exeHelper by Raktor
Build 20100414
Run at 17:36:37 on 03/07/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

exeHelper by Raktor
Build 20100414
Run at 17:37:10 on 03/07/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

3. rkill.log

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 03/07/2011 at 17:35:43.
Operating System: Windows 7 Professional


Processes terminated by Rkill or while it was running:



Rkill completed on 03/07/2011 at 17:35:47.


4. ComboFix log

ComboFix 11-03-07.02 - Aaron 03/07/2011 17:54:01.7.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3582.2639 [GMT -5:00]
Running from: c:\users\Aaron\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\LogFiles\AIT\AitEventLog.etl.001
c:\windows\system32\LogFiles\AIT\AitEventLog.etl.002
c:\windows\system32\LogFiles\AIT\AitEventLog.etl.003
c:\windows\system32\LogFiles\AIT\AitEventLog.etl.004
c:\windows\system32\LogFiles\AIT\AitEventLog.etl.005
c:\windows\system32\LogFiles\HTTPERR\httperr1.log
c:\windows\system32\LogFiles\PunkBuster\pbsvc.log
c:\windows\system32\LogFiles\PunkBuster\PnkBstrA.log
c:\windows\system32\LogFiles\PunkBuster\PnkBstrB.log
c:\windows\system32\LogFiles\Scm\01d0a735-043f-4689-8a32-b95147552789
c:\windows\system32\LogFiles\Scm\05ee699f-ab25-42d8-8781-558c5d1d2fad
c:\windows\system32\LogFiles\Scm\071d41b6-8806-4eb0-b661-6cb67be6e86e
c:\windows\system32\LogFiles\Scm\0d9b5d92-3a22-486d-a887-3aa21597cf27
c:\windows\system32\LogFiles\Scm\0e12083c-0335-49db-9542-ba1ec6d83ecc
c:\windows\system32\LogFiles\Scm\1099eb83-e99f-448b-ac8a-3c32f6b2a14c
c:\windows\system32\LogFiles\Scm\12ec4686-328f-4a90-a635-150e77de3931
c:\windows\system32\LogFiles\Scm\18e6d428-d26c-4169-bedf-3b5bddc952f6
c:\windows\system32\LogFiles\Scm\1ec9510d-a439-4950-9399-b6399edf9ea7
c:\windows\system32\LogFiles\Scm\2375f586-1009-41fb-b54e-30d8af2b781d
c:\windows\system32\LogFiles\Scm\245c8924-8474-427f-be0a-005087f12bc3
c:\windows\system32\LogFiles\Scm\24fa84a0-e087-48ec-bc51-2b9c4c815d78
c:\windows\system32\LogFiles\Scm\28369638-773d-401d-844b-6f2c5b8f5710
c:\windows\system32\LogFiles\Scm\2bb82a58-8fa7-45bb-8152-e5fe3badc25d
c:\windows\system32\LogFiles\Scm\2bd05ba6-988d-4bd3-a9cd-9a39f80af524
c:\windows\system32\LogFiles\Scm\2c59ecaf-3a27-4640-9f4b-519b05bdd70f
c:\windows\system32\LogFiles\Scm\3223a9d0-d76e-4f01-8b0b-5caee9dd50fb
c:\windows\system32\LogFiles\Scm\346f9d65-db37-46dd-8be0-3d988c9af1e3
c:\windows\system32\LogFiles\Scm\367f930a-a3db-4112-b1f1-50e92a171c88
c:\windows\system32\LogFiles\Scm\3eb5dd61-d014-4cb0-953a-9857f47dd4bc
c:\windows\system32\LogFiles\Scm\4040e761-8758-4007-b2fe-142b24bf4b16
c:\windows\system32\LogFiles\Scm\4503e4b3-439b-4736-9c6f-32d55a5f287d
c:\windows\system32\LogFiles\Scm\48c30bdd-08ca-41a8-a5e7-ab8057bc6d05
c:\windows\system32\LogFiles\Scm\50fb5a03-0e1e-48de-b8a1-bee9d7d2cd0f
c:\windows\system32\LogFiles\Scm\5a55fe46-80d5-4687-93e0-6e447a535c39
c:\windows\system32\LogFiles\Scm\5b184694-64c3-4633-94c5-945b3fa561d6
c:\windows\system32\LogFiles\Scm\5c2c622f-70e9-4194-a7da-033e827365ad
c:\windows\system32\LogFiles\Scm\5e421979-0899-4a47-948b-5873bf8888ab
c:\windows\system32\LogFiles\Scm\60158c7a-6808-42cd-95ee-afd9a57925db
c:\windows\system32\LogFiles\Scm\6375cc1c-d975-48d2-9cd5-63db19b10d4a
c:\windows\system32\LogFiles\Scm\65c0755e-358d-4456-b8e8-d6a393e70450
c:\windows\system32\LogFiles\Scm\6aef0c98-2cb4-4b67-8c70-4c977c7355cc
c:\windows\system32\LogFiles\Scm\6b7ac694-8d6d-481b-9dd8-2a3a741ada6d
c:\windows\system32\LogFiles\Scm\718b5099-ce5e-472f-b8ae-317055eab3e8
c:\windows\system32\LogFiles\Scm\731e9c62-95b5-4c8c-ab64-4cc591c9ff5b
c:\windows\system32\LogFiles\Scm\73259f86-29d6-42ff-b1e7-634f6e40d4f8
c:\windows\system32\LogFiles\Scm\7cd854c4-89ca-4022-b3c9-7d9b5049eddb
c:\windows\system32\LogFiles\Scm\7d3c7871-a917-4ef0-82e8-5f0a96423051
c:\windows\system32\LogFiles\Scm\845e78d2-61d9-4dd1-a837-e810e300f32f
c:\windows\system32\LogFiles\Scm\888fbfea-cf0e-4512-b2e1-cd5165e1c669
c:\windows\system32\LogFiles\Scm\8905ecd8-016f-4dc2-90e6-a5f1fa6a841a
c:\windows\system32\LogFiles\Scm\8a4cc83d-39c2-472a-a7a9-2d0efc9eac58
c:\windows\system32\LogFiles\Scm\9334c323-f100-4656-9ba0-e4aa69c0f9c2
c:\windows\system32\LogFiles\Scm\937ba315-d336-486d-901e-1c46c40fa160
c:\windows\system32\LogFiles\Scm\98bdbc07-455c-41f5-96b8-6d34a57bd107
c:\windows\system32\LogFiles\Scm\9adf1ad7-2201-44f8-8dae-247d1f79f1b0
c:\windows\system32\LogFiles\Scm\9b75c702-ea13-406a-badb-6c588ee4375b
c:\windows\system32\LogFiles\Scm\9efacbe6-a797-4905-a0c6-014cd3000dbb
c:\windows\system32\LogFiles\Scm\9f27b292-cff6-44ef-9bda-e8028bd0f207
c:\windows\system32\LogFiles\Scm\9f54b95f-5096-4803-ae61-e9b3ac5b616d
c:\windows\system32\LogFiles\Scm\a1cfa52f-06f2-418d-addb-cd6456d66f43
c:\windows\system32\LogFiles\Scm\a2cfb6f3-b3ae-4971-8e29-c415be22d2e5
c:\windows\system32\LogFiles\Scm\a316e645-1c56-45a6-bd6a-7dca79778090
c:\windows\system32\LogFiles\Scm\a6394592-54ce-4e93-8d64-1a068f462632
c:\windows\system32\LogFiles\Scm\a746df6c-984b-40c8-9453-5eb10dfdd801
c:\windows\system32\LogFiles\Scm\a9e137a8-6750-4c67-b697-f788f6135892
c:\windows\system32\LogFiles\Scm\aae80b72-612a-4cb0-981c-3870c3388c43
c:\windows\system32\LogFiles\Scm\ab771a9f-fb0f-4fa1-8b5f-48186615901e
c:\windows\system32\LogFiles\Scm\ae4dee48-80cd-4e3a-b5f1-5ed593a0e8dd
c:\windows\system32\LogFiles\Scm\b9bee219-c29e-4310-819c-147a5a0e045e
c:\windows\system32\LogFiles\Scm\bba67ad0-4ba0-4b44-827b-ff419b70c057
c:\windows\system32\LogFiles\Scm\c370ff4d-a2d2-4060-87c4-6077d07519d9
c:\windows\system32\LogFiles\Scm\c4338053-180e-40bb-8b1a-3fbe6aa33f71
c:\windows\system32\LogFiles\Scm\c666178e-0e21-45ff-b0d1-a0d707a25c33
c:\windows\system32\LogFiles\Scm\c8f483cc-4de8-4c0f-82de-d6090bd5bbbe
c:\windows\system32\LogFiles\Scm\c90440a0-6d8f-423f-8f42-83eef05ce708
c:\windows\system32\LogFiles\Scm\cd9fdb61-9b9f-41f6-bf75-6b5487c17bd8
c:\windows\system32\LogFiles\Scm\d21f6024-191f-4454-bbbc-09a650da2549
c:\windows\system32\LogFiles\Scm\d622195c-d680-4fea-9c56-59660c7c9e94
c:\windows\system32\LogFiles\Scm\d8bb5b7f-d0ca-4f67-a3d7-73e1d05f63da
c:\windows\system32\LogFiles\Scm\d9cf7e4f-25de-43eb-9321-8c28a6c387fd
c:\windows\system32\LogFiles\Scm\dd2dff08-4e05-4713-8da1-806a9f017e4e
c:\windows\system32\LogFiles\Scm\de8699d2-8a05-42f7-8a85-5162af47d26a
c:\windows\system32\LogFiles\Scm\de8bae53-2809-4f75-85ef-427d364b9b2c
c:\windows\system32\LogFiles\Scm\e5c2c523-72c2-4e62-8855-08056315b677
c:\windows\system32\LogFiles\Scm\e6299119-8eca-44e3-ba3a-272be8bcfa11
c:\windows\system32\LogFiles\Scm\e6f3a527-8b0b-43fa-94eb-584032761924
c:\windows\system32\LogFiles\Scm\e79b2998-8f63-451a-a56d-26edc0a5098a
c:\windows\system32\LogFiles\Scm\e8164c0d-216c-4b6b-9eb8-31bf958b8014
c:\windows\system32\LogFiles\Scm\f1369a11-e983-4458-b390-712efa1cba44
c:\windows\system32\LogFiles\Scm\f8aa5a77-9650-4e45-87f3-b468060a3915
c:\windows\system32\LogFiles\Scm\f93c7104-998a-4a38-b935-775a3138b3c3
c:\windows\system32\LogFiles\Scm\ffb8486a-9861-4b82-be38-c7f8fb1b6605
c:\windows\system32\LogFiles\Scm\SCM.EVM
c:\windows\system32\LogFiles\Scm\SCM.EVM.1
c:\windows\system32\LogFiles\Scm\SCM.EVM.2
c:\windows\system32\LogFiles\Scm\SCM.EVM.3
c:\windows\system32\LogFiles\Scm\SCM.EVM.4
c:\windows\system32\LogFiles\WMI\Terminal-Services-Core.etl
c:\windows\system32\LogFiles\WMI\Terminal-Services-IP-Virtualization.etl
c:\windows\system32\LogFiles\WMI\Terminal-Services-RPC-Client.etl
c:\windows\system32\LogFiles\WMI\Terminal-Services-Unified-APIs.etl
c:\windows\system32\LogFiles\WUDF\WUDFTrace.etl
c:\windows\system32\Microsoft
c:\windows\system32\Microsoft\Protect\S-1-5-18\d4e9ede5-af8c-4d03-afda-19299978b0db
c:\windows\system32\Microsoft\Protect\S-1-5-18\Preferred
c:\windows\system32\Microsoft\Protect\S-1-5-18\User\04ece708-132d-4bf0-a647-e3329269a012
c:\windows\system32\Microsoft\Protect\S-1-5-18\User\2929ccce-ca90-4d14-9056-6bfc33f2a0e5
c:\windows\system32\Microsoft\Protect\S-1-5-18\User\bb2e0d45-6c64-4ac2-b6d5-1f16d18f266c
c:\windows\system32\Microsoft\Protect\S-1-5-18\User\Preferred
c:\windows\system32\Microsoft\Protect\S-1-5-19\b5ce2028-bb0a-4968-844f-1a744d941bba
c:\windows\system32\Microsoft\Protect\S-1-5-19\Preferred
c:\windows\system32\Microsoft\Protect\S-1-5-20\78b9569c-f613-41ec-b695-5b1179f0912f
c:\windows\system32\Microsoft\Protect\S-1-5-20\cc1820a0-12a3-4e8b-8f89-7b4084b86392
c:\windows\system32\Microsoft\Protect\S-1-5-20\Preferred
.
.
((((((((((((((((((((((((( Files Created from 2011-02-07 to 2011-03-07 )))))))))))))))))))))))))))))))
.
.
2011-03-07 22:29 . 2011-03-07 22:29 -------- d--h--w- c:\windows\PIF
2011-03-07 22:22 . 2011-03-07 22:22 -------- d-----w- C:\_OTM
2011-03-07 19:18 . 2011-03-07 19:18 -------- d-----w- c:\users\Aaron\AppData\Local\Google
2011-03-07 01:25 . 2011-03-07 19:18 -------- d-----w- c:\program files\Google
2011-03-07 00:53 . 2011-03-07 00:53 -------- d-----w- c:\users\Aaron\AppData\Local\Thunderbird
2011-03-06 08:27 . 2011-03-06 08:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-06 00:02 . 2011-03-07 22:58 -------- d-----w- c:\users\Aaron\AppData\Local\temp
2011-03-05 19:52 . 2011-03-05 19:52 -------- d-----w- c:\program files\ESET
2011-03-04 14:58 . 2011-03-04 14:58 -------- d-----w- c:\program files\Microsoft XNA
2011-03-04 14:51 . 2011-03-04 14:52 -------- d-----w- c:\users\Aaron\AppData\Local\BIT.TRIP RUNNER
2011-03-01 16:46 . 2011-03-01 16:46 -------- d-----w- c:\program files\Common Files\Java
2011-03-01 06:08 . 2011-03-01 06:08 -------- d-----w- C:\The Neverhood + patch (English)
2011-03-01 05:31 . 2009-11-11 18:15 -------- d-----w- C:\Neverhood Win7 Color Fix
2011-03-01 05:30 . 2011-03-01 05:30 -------- d-----w- c:\program files\DreamWorks Interactive
2011-02-28 01:42 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-28 01:42 . 2011-02-28 01:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-28 01:42 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-26 08:03 . 2011-02-26 08:08 -------- d-----w- c:\program files\Savage XR
2011-02-23 06:41 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-02-22 22:32 . 2011-01-07 07:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-22 22:32 . 2011-01-07 07:31 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-21 20:01 . 2011-02-21 20:01 -------- d-----w- c:\program files\BandiMPEG1
2011-02-21 19:57 . 2011-02-21 19:58 -------- d-----w- c:\program files\Nexon
2011-02-21 19:11 . 2011-02-21 20:01 -------- d-----w- c:\program files\Vindictus
2011-02-21 19:10 . 2011-03-07 01:37 -------- d-----w- c:\program files\Pando Networks
2011-02-15 18:02 . 2011-03-03 19:48 -------- d-----w- c:\program files\MyDefrag v4.3.1
2011-02-15 02:06 . 2011-02-15 02:06 -------- d-----w- c:\windows\system32\URTTEMP
2011-02-15 02:01 . 2011-02-15 02:01 669184 ----a-w- c:\windows\system32\pbsvc.exe
2011-02-11 19:59 . 2011-02-13 23:55 -------- d-----w- c:\program files\Astonsoft
2011-02-11 00:00 . 2011-02-11 00:00 -------- d-----w- c:\program files\Memorex exPressit Label Design Studio
2011-02-11 00:00 . 2011-02-11 00:00 -------- d-----w- c:\windows\MVUNINST
2011-02-11 00:00 . 1996-08-24 16:11 289552 ----a-w- c:\windows\system32\temp.001
2011-02-11 00:00 . 1993-10-14 22:51 28672 ----a-w- c:\windows\system32\temp.000
2011-02-10 17:19 . 2011-02-11 00:00 -------- d-----w- c:\users\Aaron\AppData\Local\MicroVision Applications
2011-02-10 17:18 . 2009-12-15 22:25 487424 ----a-w- c:\windows\system32\msvcp70.dll
2011-02-10 17:18 . 2002-01-05 07:37 344064 ----a-w- c:\windows\system32\msvcr70.dll
2011-02-10 17:18 . 2011-02-11 01:11 -------- d-----w- c:\program files\Common Files\SureThing Shared
2011-02-09 14:21 . 2011-02-09 14:21 -------- d-----w- c:\program files\Notepad++
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-04 14:51 . 2010-11-19 20:49 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-03-04 14:51 . 2010-11-19 20:49 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-03-01 16:45 . 2010-11-18 23:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-15 02:02 . 2010-12-21 02:23 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-02-15 02:02 . 2010-12-21 02:22 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-02-15 02:01 . 2010-12-21 02:22 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-01-15 20:16 . 2010-12-22 03:05 270904 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-01-15 20:11 . 2010-12-21 02:22 215128 ----a-w- c:\windows\system32\PnkBstrB.ex0
2010-12-21 02:22 . 2010-12-21 02:22 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2010-12-18 07:33 . 2010-10-27 07:14 52736 ----a-w- c:\windows\system32\coinst.dll
2010-12-18 07:33 . 2010-12-18 07:33 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-12-18 07:33 . 2010-12-18 07:33 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2010-12-18 07:33 . 2010-10-27 07:13 30720 ----a-w- c:\windows\system32\atiuxpag.dll
2010-12-18 07:33 . 2010-09-29 01:46 4066816 ----a-w- c:\windows\system32\atidxx32.dll
2010-12-18 07:33 . 2010-09-29 01:13 28672 ----a-w- c:\windows\system32\atiu9pag.dll
2010-12-18 07:33 . 2010-12-18 07:33 249856 ----a-w- c:\windows\system32\atiadlxx.dll
2010-12-18 07:33 . 2010-09-29 01:55 550400 ----a-w- c:\windows\system32\aticfx32.dll
2010-12-18 07:33 . 2010-12-18 07:33 44032 ----a-w- c:\windows\system32\aticalcl.dll
2010-12-18 07:33 . 2010-12-18 07:33 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2010-12-18 07:33 . 2010-12-18 07:33 46080 ----a-w- c:\windows\system32\aticalrt.dll
2010-12-18 07:33 . 2010-12-18 07:33 4122624 ----a-w- c:\windows\system32\atiumdag.dll
2010-12-18 07:33 . 2010-12-18 07:33 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2010-12-18 07:33 . 2010-12-18 07:33 6650368 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-12-18 07:33 . 2010-12-18 07:33 393216 ----a-w- c:\windows\system32\atieclxx.exe
2010-12-18 07:33 . 2010-12-18 07:33 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-12-18 07:33 . 2010-12-18 07:33 52736 ----a-w- c:\windows\system32\atimpc32.dll
2010-12-18 07:33 . 2010-12-18 07:33 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2010-12-18 07:33 . 2010-12-18 07:33 16702976 ----a-w- c:\windows\system32\atioglxx.dll
2010-12-18 07:33 . 2010-12-18 07:33 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-12-18 07:33 . 2010-12-18 07:33 27136 ----a-w- c:\windows\system32\atigktxx.dll
2010-12-18 07:33 . 2010-12-18 07:33 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-12-18 07:33 . 2010-12-18 07:33 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-12-18 07:33 . 2010-12-18 07:33 231936 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-12-18 07:33 . 2010-12-18 07:33 15872 ----a-w- c:\windows\system32\atimuixx.dll
2010-12-18 07:33 . 2010-12-18 07:33 3460096 ----a-w- c:\windows\system32\atiumdva.dll
2010-12-18 07:33 . 2010-12-18 07:33 5441024 ----a-w- c:\windows\system32\aticaldd.dll
2010-12-18 07:33 . 2010-12-18 07:33 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2010-12-18 07:33 . 2010-12-18 07:33 102416 ----a-w- c:\windows\system32\drivers\AtihdW73.sys
2010-12-14 17:27 . 2010-12-14 17:28 111960 ----a-w- c:\windows\dxsdkuninst.exe
2009-11-20 02:08 . 2009-11-20 02:08 3749224 ----a-w- c:\program files\Common Files\adlmint_libFNP.dll
2009-11-20 02:08 . 2009-11-20 02:08 2941288 ----a-w- c:\program files\Common Files\adlmint.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 03:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2011-02-06 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-26 98304]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 12:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
R1 MpKsl37240fcb;MpKsl37240fcb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{13DC7D22-5490-40CC-873A-F39D2DF5EB9C}\MpKsl37240fcb.sys [x]
R1 MpKsl536c0657;MpKsl536c0657;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{13DC7D22-5490-40CC-873A-F39D2DF5EB9C}\MpKsl536c0657.sys [x]
R1 MpKsl93161387;MpKsl93161387;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{13DC7D22-5490-40CC-873A-F39D2DF5EB9C}\MpKsl93161387.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 GPWADrv;Service for L6 GuitarPort Driver (WDM);c:\windows\system32\Drivers\GPWADrv.sys [2010-03-09 571264]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 SaiKF622;SaiKF622;c:\windows\system32\DRIVERS\SaiKF622.sys [2009-06-02 113664]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-10-05 16240]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-18 1343400]
S1 MpKsl2634ea7e;MpKsl2634ea7e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E0255F80-C2BD-4180-A495-57CE4AACC8F9}\MpKsl2634ea7e.sys [2011-03-07 28752]
S1 MpKslfc2c26d2;MpKslfc2c26d2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E0255F80-C2BD-4180-A495-57CE4AACC8F9}\MpKslfc2c26d2.sys [2011-03-07 28752]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-12-18 176128]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-13 4869488]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-13 416112]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-12-18 6650368]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-12-18 231936]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-12-18 102416]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
.
------- Supplementary Scan -------
.
Trusted Zone: line6.net
FF - ProfilePath - c:\users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\cwzufi5z.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.homestarrunner.com/
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-GoldenEye: Source - c:\program files\Steam\SteamApps\sourcemods\GoldenEye: Source_Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_dbc0250.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_dbc0250.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3609119862-1929810349-4011554424-1000\Software\SecuROM\License information*]
"datasecu"=hex:60,62,b7,46,44,82,5c,4d,d7,ab,83,fd,98,e9,27,dd,6b,93,c3,4c,40,
9f,4c,00,d3,01,7a,87,8f,ac,7f,bb,83,59,bb,71,d4,43,5a,a1,41,0a,78,6f,44,1e,\
"rkeysecu"=hex:c8,ae,91,d7,23,14,34,ab,b1,8f,92,62,54,88,40,d1
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-03-07 18:01:32
ComboFix-quarantined-files.txt 2011-03-07 23:01
.
Pre-Run: 263,299,129,344 bytes free
Post-Run: 263,210,582,016 bytes free
.
- - End Of File - - 72EDA01AAA158270F09C741F43A71A49
 
Uh yeah, it looks like something completely FUBAR'd my comp there. I'm posting on another comp in the house.

Everything was working fine afterwards, but when I went to restart later in the night (just now), it ran a CHKDSK, went through that, and now when Win7 gets to the user login screen an error message pops up saying "LogonUI.exe devobj.dll not found" or something to that extent. I'm guessing this has something to do with ComboFix outright deleting my Microsoft folder in system32.

I log in fine after that, but what loads is a black screen with my cursor. I can control alt del out, producing an error again but the ctrl alt del screen afterwards, but I can see nothing on the desktop--no programs or UI are loading; the UI is basically dead at this point.

So um, are there any options for restoring a Windows 7 install without a total reformat? And if not, is there any way to get my data off before reformatting (I can't see any UI, which makes this difficult)? This kinda sucks and I'm hoping this isn't a case of "If it's not broke, don't fix it."
 
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
Code: 
File::
c:\windows\system32\temp.001
c:\windows\system32\temp.000
Folder::
c:\users\Default\AppData\Local\temp
c:\users\Aaron\AppData\Local\temp
Extra::
File::
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Firefox::
Firefox-:-Profile- c:\users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\cwzufi5z.default\
Registry::
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=- 
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=- 
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
RegNull::
[HKEY_USERS\S-1-5-21-3609119862-1929810349-4011554424-1000\Software\SecuROM\License information*]
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
Consider reinstalling te NetFramework> http://support.microsoft.com/kb/908077
Note reference to this URTTemp folder which is on yous system:
2011-02-15 02:06 -------- d-----w- c:\windows\system32\URTTEMP
=================================
Are you using the fast user switching? The conbination of the following may be causing a conflict: "LogonUI.exe devobj.dll not found"
logonui.exe is a Microsoft Logon User Interface.logonui.exe is a system process relating to the Microsoft Windows XP user switching screen.
devobj.dll is a Microsoft Windows Operating System Device Information Set DLL. The file path is C:\Windows\winsxs\wow64_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.1.7600.16385_none_dd4b472f7afdc1a7\
=================================
Go head and do the backus if needed. When you replace the files, you should run Combofix and Eset again. You have the Ask bar ll over the system.

You will find excellent reformat/reinstall instructions here:
http://www.tech-101.com/tutorials/356-tutorial-windows-install-repair-xp-vista.html
 
Hey there,

I couldn't get anything working with the FUBAR'd system; the desktop was just a black screen with my mouse cursor, and explorer.exe wouldn't boot up through the Task Manager. I ended up doing a System Restore to before the ComboFix/MoveIt/ExeHelper/Rkill processes. Now everything's up and running again (phew!), but there's obviously the problem of those past actions having no effect now.

Should I go ahead and repeat the instructions from before, then update with those logs again? Thanks again for all your help through this.
 
Alright, so I went ahead and did those processes again for the fact that it's similar circumstances for when I did it last time. This time, I set up System Restore points before each process just in case something went haywire. Luckily for me, Combofix didn't go postal on my OS (and deleted a lot less, at that). I, however, did not yet do the ComboFix with your attached script due to the fact that this new log may change some of the commands you put into the script--I'm unsure for this, so I'll let you be the judge.

Here are the new logs:
1. OTMoveIt

All processes killed
========== FILES ==========
File/Folder C:\Users\Aaron\Documents\Game.Design.eBooks.Pack\Programming\Programming AI by Example Source Code.rar not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Aaron
->Temp folder emptied: 625019 bytes
->Temporary Internet Files folder emptied: 1664501 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 45524183 bytes
->Flash cache emptied: 4146 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66248 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 46.00 mb


OTM by OldTimer - Version 3.1.17.2 log created on 03082011_164152


2. RKill
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 03/08/2011 at 16:52:48.
Operating System: Windows 7 Professional


Processes terminated by Rkill or while it was running:



Rkill completed on 03/08/2011 at 16:52:51.


3. ExeHelper

exeHelper by Raktor
Build 20100414
Run at 16:54:37 on 03/08/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

4. ComboFix log (without your previous script)

ComboFix 11-03-08.02 - Aaron 03/08/2011 17:02:56.7.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3582.2671 [GMT -5:00]
Running from: c:\users\Aaron\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Quicktime\QTTask.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-02-08 to 2011-03-08 )))))))))))))))))))))))))))))))
.
.
2011-03-08 22:08 . 2011-03-08 22:08 -------- d-----w- c:\users\Aaron\AppData\Local\temp
2011-03-08 22:08 . 2011-03-08 22:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-08 17:18 . 2011-03-08 17:18 -------- d-----w- c:\users\Aaron\AppData\Local\Google
2011-03-08 17:14 . 2011-03-08 17:14 -------- d-----w- c:\program files\VS Revo Group
2011-03-08 17:09 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7328EE50-5706-4D35-A584-42C495EB5CF6}\mpengine.dll
2011-03-07 23:43 . 2011-03-07 23:43 -------- d-----w- c:\program files\Stunlock Studios
2011-03-07 22:29 . 2011-03-07 22:29 -------- d--h--w- c:\windows\PIF
2011-03-07 22:22 . 2011-03-07 22:22 -------- d-----w- C:\_OTM
2011-03-07 01:25 . 2011-03-08 17:18 -------- d-----w- c:\program files\Google
2011-03-07 00:53 . 2011-03-07 00:53 -------- d-----w- c:\users\Aaron\AppData\Roaming\Thunderbird
2011-03-07 00:53 . 2011-03-07 00:53 -------- d-----w- c:\users\Aaron\AppData\Local\Thunderbird
2011-03-06 08:19 . 2011-03-08 20:05 -------- d-----w- C:\ironman
2011-03-05 19:52 . 2011-03-05 19:52 -------- d-----w- c:\program files\ESET
2011-03-04 14:58 . 2011-03-04 14:58 -------- d-----w- c:\program files\Microsoft XNA
2011-03-04 14:51 . 2011-03-04 14:52 -------- d-----w- c:\users\Aaron\AppData\Local\BIT.TRIP RUNNER
2011-03-01 16:46 . 2011-03-01 16:46 -------- d-----w- c:\program files\Common Files\Java
2011-03-01 06:08 . 2011-03-01 06:08 -------- d-----w- C:\The Neverhood + patch (English)
2011-03-01 05:31 . 2009-11-11 18:15 -------- d-----w- C:\Neverhood Win7 Color Fix
2011-03-01 05:30 . 2011-03-01 05:30 -------- d-----w- c:\program files\DreamWorks Interactive
2011-02-28 01:42 . 2011-02-28 01:42 -------- d-----w- c:\users\Aaron\AppData\Roaming\Malwarebytes
2011-02-28 01:42 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-28 01:42 . 2011-02-28 01:42 -------- d-----w- c:\programdata\Malwarebytes
2011-02-28 01:42 . 2011-02-28 01:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-28 01:42 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-26 08:03 . 2011-02-26 08:08 -------- d-----w- c:\program files\Savage XR
2011-02-23 06:41 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-02-22 22:32 . 2011-01-07 07:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-22 22:32 . 2011-01-07 07:31 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-21 22:05 . 2011-02-21 22:05 -------- d-----w- c:\programdata\Nexon
2011-02-21 20:01 . 2011-02-21 20:01 -------- d-----w- c:\program files\BandiMPEG1
2011-02-21 19:57 . 2011-02-21 19:58 -------- d-----w- c:\program files\Nexon
2011-02-21 19:11 . 2011-02-21 20:01 -------- d-----w- c:\program files\Vindictus
2011-02-21 19:10 . 2011-03-07 01:37 -------- d-----w- c:\program files\Pando Networks
2011-02-15 18:02 . 2011-03-03 19:48 -------- d-----w- c:\program files\MyDefrag v4.3.1
2011-02-15 02:06 . 2011-02-15 02:06 -------- d-----w- c:\windows\system32\URTTEMP
2011-02-15 02:01 . 2011-02-15 02:01 669184 ----a-w- c:\windows\system32\pbsvc.exe
2011-02-11 20:06 . 2011-02-11 20:33 -------- d-----w- c:\users\Aaron\AppData\Roaming\Nero
2011-02-11 20:04 . 2011-02-11 20:05 -------- d-----w- c:\programdata\Nero
2011-02-11 20:00 . 2011-02-11 20:06 -------- d-----w- c:\users\Aaron\AppData\Roaming\DeepBurner
2011-02-11 19:59 . 2011-02-13 23:55 -------- d-----w- c:\program files\Astonsoft
2011-02-11 00:00 . 2011-02-11 00:00 -------- d-----w- c:\program files\Memorex exPressit Label Design Studio
2011-02-11 00:00 . 2011-02-11 00:00 -------- d-----w- c:\windows\MVUNINST
2011-02-11 00:00 . 1996-08-24 16:11 289552 ----a-w- c:\windows\system32\temp.001
2011-02-11 00:00 . 1993-10-14 22:51 28672 ----a-w- c:\windows\system32\temp.000
2011-02-10 23:22 . 2011-02-10 23:22 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-6\markup.dll
2011-02-10 17:19 . 2011-02-11 00:00 -------- d-----w- c:\users\Aaron\AppData\Local\MicroVision Applications
2011-02-10 17:18 . 2009-12-15 22:25 487424 ----a-w- c:\windows\system32\msvcp70.dll
2011-02-10 17:18 . 2002-01-05 07:37 344064 ----a-w- c:\windows\system32\msvcr70.dll
2011-02-10 17:18 . 2011-02-11 01:11 -------- d-----w- c:\program files\Common Files\SureThing Shared
2011-02-09 14:21 . 2011-02-09 14:54 -------- d-----w- c:\users\Aaron\AppData\Roaming\Notepad++
2011-02-09 14:21 . 2011-02-09 14:21 -------- d-----w- c:\program files\Notepad++
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-04 14:51 . 2010-11-19 20:49 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-03-04 14:51 . 2010-11-19 20:49 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-03-01 16:45 . 2010-11-18 23:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-18 23:47 . 2010-11-19 16:29 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-02-18 12:31 . 2010-11-19 15:28 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-02-15 02:02 . 2010-12-21 02:23 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-02-15 02:02 . 2010-12-21 02:23 22328 ----a-w- c:\users\Aaron\AppData\Roaming\PnkBstrK.sys
2011-02-15 02:02 . 2010-12-21 02:22 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-02-15 02:01 . 2010-12-21 02:22 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-02-04 12:38 . 2011-02-04 12:38 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-7\markup.dll
2011-01-29 22:24 . 2011-01-29 22:24 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-01-27 18:04 . 2011-01-27 18:04 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{79424082-15F5-40E2-A6C1-122F03393FF7}\gapaengine.dll
2011-01-26 00:30 . 2009-08-18 16:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-01-26 00:30 . 2009-08-18 16:24 17816 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-01-15 20:16 . 2010-12-22 03:05 270904 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-01-15 20:11 . 2010-12-21 02:22 215128 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-01-13 09:41 . 2011-01-26 23:19 5890896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-01-13 09:41 . 2010-11-18 17:24 5890896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-12-21 02:22 . 2010-12-21 02:22 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2010-12-18 07:33 . 2010-10-27 07:14 52736 ----a-w- c:\windows\system32\coinst.dll
2010-12-18 07:33 . 2010-12-18 07:33 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-12-18 07:33 . 2010-12-18 07:33 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2010-12-18 07:33 . 2010-10-27 07:13 30720 ----a-w- c:\windows\system32\atiuxpag.dll
2010-12-18 07:33 . 2010-09-29 01:46 4066816 ----a-w- c:\windows\system32\atidxx32.dll
2010-12-18 07:33 . 2010-09-29 01:13 28672 ----a-w- c:\windows\system32\atiu9pag.dll
2010-12-18 07:33 . 2010-12-18 07:33 249856 ----a-w- c:\windows\system32\atiadlxx.dll
2010-12-18 07:33 . 2010-09-29 01:55 550400 ----a-w- c:\windows\system32\aticfx32.dll
2010-12-18 07:33 . 2010-12-18 07:33 44032 ----a-w- c:\windows\system32\aticalcl.dll
2010-12-18 07:33 . 2010-12-18 07:33 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2010-12-18 07:33 . 2010-12-18 07:33 46080 ----a-w- c:\windows\system32\aticalrt.dll
2010-12-18 07:33 . 2010-12-18 07:33 4122624 ----a-w- c:\windows\system32\atiumdag.dll
2010-12-18 07:33 . 2010-12-18 07:33 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2010-12-18 07:33 . 2010-12-18 07:33 6650368 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-12-18 07:33 . 2010-12-18 07:33 393216 ----a-w- c:\windows\system32\atieclxx.exe
2010-12-18 07:33 . 2010-12-18 07:33 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-12-18 07:33 . 2010-12-18 07:33 52736 ----a-w- c:\windows\system32\atimpc32.dll
2010-12-18 07:33 . 2010-12-18 07:33 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2010-12-18 07:33 . 2010-12-18 07:33 16702976 ----a-w- c:\windows\system32\atioglxx.dll
2010-12-18 07:33 . 2010-12-18 07:33 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-12-18 07:33 . 2010-12-18 07:33 27136 ----a-w- c:\windows\system32\atigktxx.dll
2010-12-18 07:33 . 2010-12-18 07:33 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-12-18 07:33 . 2010-12-18 07:33 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-12-18 07:33 . 2010-12-18 07:33 231936 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-12-18 07:33 . 2010-12-18 07:33 15872 ----a-w- c:\windows\system32\atimuixx.dll
2010-12-18 07:33 . 2010-12-18 07:33 3460096 ----a-w- c:\windows\system32\atiumdva.dll
2010-12-18 07:33 . 2010-12-18 07:33 5441024 ----a-w- c:\windows\system32\aticaldd.dll
2010-12-18 07:33 . 2010-12-18 07:33 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2010-12-18 07:33 . 2010-12-18 07:33 102416 ----a-w- c:\windows\system32\drivers\AtihdW73.sys
2010-12-14 17:27 . 2010-12-14 17:28 111960 ----a-w- c:\windows\dxsdkuninst.exe
2010-12-09 17:04 . 2010-12-09 17:04 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2009-11-20 02:08 . 2009-11-20 02:08 3749224 ----a-w- c:\program files\Common Files\adlmint_libFNP.dll
2009-11-20 02:08 . 2009-11-20 02:08 2941288 ----a-w- c:\program files\Common Files\adlmint.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 03:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2011-02-06 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-26 98304]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 12:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
R1 MpKsl37240fcb;MpKsl37240fcb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{13DC7D22-5490-40CC-873A-F39D2DF5EB9C}\MpKsl37240fcb.sys [x]
R1 MpKsl536c0657;MpKsl536c0657;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{13DC7D22-5490-40CC-873A-F39D2DF5EB9C}\MpKsl536c0657.sys [x]
R1 MpKsl93161387;MpKsl93161387;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{13DC7D22-5490-40CC-873A-F39D2DF5EB9C}\MpKsl93161387.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 GPWADrv;Service for L6 GuitarPort Driver (WDM);c:\windows\system32\Drivers\GPWADrv.sys [2010-03-09 571264]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 SaiKF622;SaiKF622;c:\windows\system32\DRIVERS\SaiKF622.sys [2009-06-02 113664]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-10-05 16240]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-18 1343400]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-12-18 176128]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-13 4869488]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-13 416112]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-12-18 6650368]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-12-18 231936]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-12-18 102416]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
.
------- Supplementary Scan -------
.
Trusted Zone: line6.net
FF - ProfilePath - c:\users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\cwzufi5z.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.homestarrunner.com/
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-QuickTime Task - c:\program files\QuickTime\QTTask.exe
AddRemove-GoldenEye: Source - c:\program files\Steam\SteamApps\sourcemods\GoldenEye: Source_Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_dbc0250.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_dbc0250.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3609119862-1929810349-4011554424-1000\Software\SecuROM\License information*]
"datasecu"=hex:60,62,b7,46,44,82,5c,4d,d7,ab,83,fd,98,e9,27,dd,6b,93,c3,4c,40,
9f,4c,00,d3,01,7a,87,8f,ac,7f,bb,83,59,bb,71,d4,43,5a,a1,41,0a,78,6f,44,1e,\
"rkeysecu"=hex:c8,ae,91,d7,23,14,34,ab,b1,8f,92,62,54,88,40,d1
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-03-08 17:09:26
ComboFix-quarantined-files.txt 2011-03-08 22:09
ComboFix2.txt 2011-03-07 23:01
.
Pre-Run: 260,218,028,032 bytes free
Post-Run: 260,411,994,112 bytes free
.
- - End Of File - - A178F0B71DCC76EE535C96EC214D2D46


Should I go ahead and run ComboFix with your previous script, or will you write up a new one in lieu of this new log; or should I proceed otherwise?
 
Alrighty, here's what I did:

1. I ran ComboFix with the script, and everything seemed to work out okay.

2. I ran it again afterwards, and it seemed okay.

3. I ran another ESET Online Scan, and it didn't find any infected files. I can't post it because I couldn't find the log for it this time around (possibly because it didn't find anything?), so I couldn't copy it to the clipboard.

When I tried booting Steam and installing something through the Adobe Updater, it ended up giving me strange .dll errors, I attributed this to ComboFix deleting crucial files again, and did another System Restore to before the 2nd ComboFix without the script and ESET Scan (from my Steps 2 and 3). The first ComboFix is still in effect, and everything seems to be working fine. I've got the logs for both iterations through ComboFix, so maybe you can see if something's up or how I should proceed from here.

1. First ComboFix run (with your written script)
ComboFix 11-03-11.02 - Aaron 03/11/2011 20:36:01.8.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3582.2616 [GMT -5:00]
Running from: C:\Users\Aaron\Desktop\ComboFix.exe
Command switches used :: C:\Users\Aaron\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}"
"c:\windows\system32\temp.000"
"c:\windows\system32\temp.001"


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


c:\users\Aaron\AppData\Local\temp
c:\users\Aaron\AppData\Local\temp\catchme.dll
c:\users\Aaron\AppData\Local\temp\FXSAPIDebugLogFile.txt
c:\users\Default\AppData\Local\temp
c:\windows\system32\temp.000
c:\windows\system32\temp.001


((((((((((((((((((((((((( Files Created from 2011-02-12 to 2011-03-12 )))))))))))))))))))))))))))))))


2011-03-11 06:08:44 . 2011-03-11 06:08:45 -------- d-----w- C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2011-03-10 21:47:03 . 2011-02-11 06:54:53 5943120 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{24D01ACC-8519-49C4-AE85-95D097F293D9}\mpengine.dll
2011-03-09 18:34:09 . 2011-02-19 05:33:11 802304 ----a-w- C:\Windows\system32\FntCache.dll
2011-03-09 18:34:09 . 2011-02-19 05:32:48 1074176 ----a-w- C:\Windows\system32\DWrite.dll
2011-03-09 18:34:09 . 2011-02-19 05:32:35 739840 ----a-w- C:\Windows\system32\d2d1.dll
2011-03-09 18:34:08 . 2010-12-23 05:28:28 642048 ----a-w- C:\Windows\system32\CPFilters.dll
2011-03-09 18:34:07 . 2010-12-23 05:28:29 850432 ----a-w- C:\Windows\system32\sbe.dll
2011-03-09 18:34:07 . 2010-12-23 05:28:28 534528 ----a-w- C:\Windows\system32\EncDec.dll
2011-03-09 18:34:07 . 2010-12-23 05:24:02 199680 ----a-w- C:\Windows\system32\mpg2splt.ax
2011-03-09 18:34:07 . 2010-12-18 05:30:20 2690560 ----a-w- C:\Windows\system32\mstscax.dll
2011-03-09 18:34:06 . 2010-12-18 05:26:55 1034240 ----a-w- C:\Windows\system32\mstsc.exe
2011-03-08 17:18:47 . 2011-03-08 17:18:47 -------- d-----w- C:\Users\Aaron\AppData\Local\Google
2011-03-08 17:14:54 . 2011-03-08 17:14:54 -------- d-----w- C:\Program Files\VS Revo Group
2011-03-07 23:43:06 . 2011-03-07 23:43:06 -------- d-----w- C:\Program Files\Stunlock Studios
2011-03-07 22:29:22 . 2011-03-07 22:29:22 -------- d--h--w- C:\Windows\PIF
2011-03-07 22:22:58 . 2011-03-07 22:22:58 -------- d-----w- C:\_OTM
2011-03-07 01:25:56 . 2011-03-08 17:18:46 -------- d-----w- C:\Program Files\Google
2011-03-07 00:53:48 . 2011-03-07 00:53:49 -------- d-----w- C:\Users\Aaron\AppData\Roaming\Thunderbird
2011-03-07 00:53:48 . 2011-03-07 00:53:49 -------- d-----w- C:\Users\Aaron\AppData\Local\Thunderbird
2011-03-06 08:19:58 . 2011-03-08 20:05:33 -------- d-----w- C:\ironman
2011-03-05 19:52:25 . 2011-03-05 19:52:25 -------- d-----w- C:\Program Files\ESET
2011-03-04 14:58:44 . 2011-03-04 14:58:44 -------- d-----w- C:\Program Files\Microsoft XNA
2011-03-04 14:51:23 . 2011-03-04 14:52:40 -------- d-----w- C:\Users\Aaron\AppData\Local\BIT.TRIP RUNNER
2011-03-01 16:46:08 . 2011-03-01 16:46:08 -------- d-----w- C:\Program Files\Common Files\Java
2011-03-01 06:08:28 . 2011-03-01 06:08:58 -------- d-----w- C:\The Neverhood + patch (English)
2011-03-01 05:31:23 . 2009-11-11 18:15:13 -------- d-----w- C:\Neverhood Win7 Color Fix
2011-03-01 05:30:18 . 2011-03-01 05:30:18 -------- d-----w- C:\Program Files\DreamWorks Interactive
2011-02-28 01:42:26 . 2011-02-28 01:42:26 -------- d-----w- C:\Users\Aaron\AppData\Roaming\Malwarebytes
2011-02-28 01:42:21 . 2010-12-20 23:09:00 38224 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys
2011-02-28 01:42:20 . 2011-02-28 01:42:20 -------- d-----w- C:\ProgramData\Malwarebytes
2011-02-28 01:42:17 . 2011-02-28 01:42:23 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2011-02-28 01:42:17 . 2010-12-20 23:08:40 20952 ----a-w- C:\Windows\system32\drivers\mbam.sys
2011-02-26 08:03:07 . 2011-02-26 08:08:15 -------- d-----w- C:\Program Files\Savage XR
2011-02-23 06:41:38 . 2010-09-14 06:07:14 276992 ----a-w- C:\Windows\system32\wcncsvc.dll
2011-02-22 22:32:58 . 2011-01-07 07:31:10 442880 ----a-w- C:\Windows\system32\XpsPrint.dll
2011-02-22 22:32:57 . 2011-01-07 07:31:10 288256 ----a-w- C:\Windows\system32\XpsGdiConverter.dll
2011-02-21 22:05:15 . 2011-02-21 22:05:15 -------- d-----w- C:\ProgramData\Nexon
2011-02-21 20:01:20 . 2011-02-21 20:01:21 -------- d-----w- C:\Program Files\BandiMPEG1
2011-02-21 19:57:32 . 2011-02-21 19:58:50 -------- d-----w- C:\Program Files\Nexon
2011-02-21 19:11:13 . 2011-02-21 20:01:24 -------- d-----w- C:\Program Files\Vindictus
2011-02-21 19:10:49 . 2011-03-07 01:37:18 -------- d-----w- C:\Program Files\Pando Networks
2011-02-15 18:02:30 . 2011-03-03 19:48:34 -------- d-----w- C:\Program Files\MyDefrag v4.3.1
2011-02-15 02:06:09 . 2011-02-15 02:06:09 -------- d-----w- C:\Windows\system32\URTTEMP
2011-02-15 02:01:44 . 2011-02-15 02:01:46 669184 ----a-w- C:\Windows\system32\pbsvc.exe
2011-02-11 20:06:13 . 2011-02-11 20:33:13 -------- d-----w- C:\Users\Aaron\AppData\Roaming\Nero
2011-02-11 20:04:28 . 2011-02-11 20:05:46 -------- d-----w- C:\ProgramData\Nero
2011-02-11 20:00:20 . 2011-02-11 20:06:25 -------- d-----w- C:\Users\Aaron\AppData\Roaming\DeepBurner
2011-02-11 19:59:27 . 2011-02-13 23:55:18 -------- d-----w- C:\Program Files\Astonsoft
2011-02-11 00:00:03 . 2011-02-11 00:00:09 -------- d-----w- C:\Program Files\Memorex exPressit Label Design Studio
2011-02-11 00:00:03 . 2011-02-11 00:00:05 -------- d-----w- C:\Windows\MVUNINST
2011-02-10 23:22:51 . 2011-02-10 23:22:51 4277016 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-6\markup.dll
2011-02-10 17:19:00 . 2011-02-11 00:00:27 -------- d-----w- C:\Users\Aaron\AppData\Local\MicroVision Applications
2011-02-10 17:18:50 . 2009-12-15 22:25:00 487424 ----a-w- C:\Windows\system32\msvcp70.dll
2011-02-10 17:18:50 . 2002-01-05 07:37:26 344064 ----a-w- C:\Windows\system32\msvcr70.dll
2011-02-10 17:18:49 . 2011-02-11 01:11:14 -------- d-----w- C:\Program Files\Common Files\SureThing Shared


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-03-04 14:51:10 . 2010-11-19 20:49:42 444952 ----a-w- C:\Windows\system32\wrap_oal.dll
2011-03-04 14:51:10 . 2010-11-19 20:49:42 109080 ----a-w- C:\Windows\system32\OpenAL32.dll
2011-03-01 16:45:46 . 2010-11-18 23:47:51 472808 ----a-w- C:\Windows\system32\deployJava1.dll
2011-02-18 23:47:42 . 2010-11-19 16:29:16 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-02-18 12:31:17 . 2010-11-19 15:28:42 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-02-15 02:02:17 . 2010-12-21 02:23:20 22328 ----a-w- C:\Windows\system32\drivers\PnkBstrK.sys
2011-02-15 02:02:17 . 2010-12-21 02:23:20 22328 ----a-w- C:\Users\Aaron\AppData\Roaming\PnkBstrK.sys
2011-02-15 02:02:03 . 2010-12-21 02:22:54 103736 ----a-w- C:\Windows\system32\PnkBstrB.exe
2011-02-15 02:01:46 . 2010-12-21 02:22:53 66872 ----a-w- C:\Windows\system32\PnkBstrA.exe
2011-02-11 06:54:53 . 2010-11-18 17:24:40 5943120 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-02-04 12:38:07 . 2011-02-04 12:38:07 4277016 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-7\markup.dll
2011-01-29 22:24:25 . 2011-01-29 22:24:25 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-01-27 18:04:32 . 2011-01-27 18:04:48 439632 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{79424082-15F5-40E2-A6C1-122F03393FF7}\gapaengine.dll
2011-01-26 00:30:38 . 2009-08-18 16:30:38 564632 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\wlidui.dll
2011-01-26 00:30:36 . 2009-08-18 16:24:10 17816 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-01-15 20:16:02 . 2010-12-22 03:05:20 270904 ----a-w- C:\Windows\system32\PnkBstrB.xtr
2011-01-15 20:11:14 . 2010-12-21 02:22:54 215128 ----a-w- C:\Windows\system32\PnkBstrB.ex0
2011-01-13 09:41:52 . 2011-01-26 23:19:42 5890896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2010-12-21 02:22:53 . 2010-12-21 02:22:53 2434856 ----a-w- C:\Windows\system32\pbsvc_bc2.exe
2010-12-18 07:33:52 . 2010-10-27 07:14:58 52736 ----a-w- C:\Windows\system32\coinst.dll
2010-12-18 07:33:50 . 2010-12-18 07:33:50 43520 ----a-w- C:\Windows\system32\ati2edxx.dll
2010-12-18 07:33:50 . 2010-12-18 07:33:50 159744 ----a-w- C:\Windows\system32\atitmmxx.dll
2010-12-18 07:33:50 . 2010-10-27 07:13:36 30720 ----a-w- C:\Windows\system32\atiuxpag.dll
2010-12-18 07:33:50 . 2010-09-29 01:46:06 4066816 ----a-w- C:\Windows\system32\atidxx32.dll
2010-12-18 07:33:50 . 2010-09-29 01:13:44 28672 ----a-w- C:\Windows\system32\atiu9pag.dll
2010-12-18 07:33:49 . 2010-12-18 07:33:49 249856 ----a-w- C:\Windows\system32\atiadlxx.dll
2010-12-18 07:33:49 . 2010-09-29 01:55:02 550400 ----a-w- C:\Windows\system32\aticfx32.dll
2010-12-18 07:33:47 . 2010-12-18 07:33:46 44032 ----a-w- C:\Windows\system32\aticalcl.dll
2010-12-18 07:33:45 . 2010-12-18 07:33:45 278528 ----a-w- C:\Windows\system32\Oemdspif.dll
2010-12-18 07:33:45 . 2010-12-18 07:33:44 46080 ----a-w- C:\Windows\system32\aticalrt.dll
2010-12-18 07:33:44 . 2010-12-18 07:33:36 4122624 ----a-w- C:\Windows\system32\atiumdag.dll
2010-12-18 07:33:42 . 2010-12-18 07:33:41 176128 ----a-w- C:\Windows\system32\atiesrxx.exe
2010-12-18 07:33:41 . 2010-12-18 07:33:28 6650368 ----a-w- C:\Windows\system32\drivers\atikmdag.sys
2010-12-18 07:33:39 . 2010-12-18 07:33:38 393216 ----a-w- C:\Windows\system32\atieclxx.exe
2010-12-18 07:33:39 . 2010-12-18 07:33:38 143360 ----a-w- C:\Windows\system32\atiapfxx.exe
2010-12-18 07:33:38 . 2010-12-18 07:33:38 52736 ----a-w- C:\Windows\system32\atimpc32.dll
2010-12-18 07:33:38 . 2010-12-18 07:33:38 52736 ----a-w- C:\Windows\system32\amdpcom32.dll
2010-12-18 07:33:38 . 2010-12-18 07:33:29 16702976 ----a-w- C:\Windows\system32\atioglxx.dll
2010-12-18 07:33:36 . 2010-12-18 07:33:36 53248 ----a-w- C:\Windows\system32\drivers\ati2erec.dll
2010-12-18 07:33:36 . 2010-12-18 07:33:36 27136 ----a-w- C:\Windows\system32\atigktxx.dll
2010-12-18 07:33:30 . 2010-12-18 07:33:29 462848 ----a-w- C:\Windows\system32\ATIDEMGX.dll
2010-12-18 07:33:29 . 2010-12-18 07:33:28 12800 ----a-w- C:\Windows\system32\atiglpxx.dll
2010-12-18 07:33:28 . 2010-12-18 07:33:28 231936 ----a-w- C:\Windows\system32\drivers\atikmpag.sys
2010-12-18 07:33:28 . 2010-12-18 07:33:28 15872 ----a-w- C:\Windows\system32\atimuixx.dll
2010-12-18 07:33:27 . 2010-12-18 07:33:26 3460096 ----a-w- C:\Windows\system32\atiumdva.dll
2010-12-18 07:33:27 . 2010-12-18 07:33:22 5441024 ----a-w- C:\Windows\system32\aticaldd.dll
2010-12-18 07:33:24 . 2010-12-18 07:33:23 356352 ----a-w- C:\Windows\system32\atipdlxx.dll
2010-12-18 07:33:22 . 2010-12-18 07:33:22 102416 ----a-w- C:\Windows\system32\drivers\AtihdW73.sys
2010-12-14 17:27:46 . 2010-12-14 17:28:58 111960 ----a-w- C:\Windows\dxsdkuninst.exe
2009-11-20 02:08:02 . 2009-11-20 02:08:02 3749224 ----a-w- C:\Program Files\Common Files\adlmint_libFNP.dll
2009-11-20 02:08:02 . 2009-11-20 02:08:02 2941288 ----a-w- C:\Program Files\Common Files\adlmint.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 03:44:28 1400712 ----a-w- C:\Program Files\Ask.com\GenericAskToolbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="C:\Program Files\Steam\steam.exe" [2011-02-06 00:08:09 1242448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICustomerCare"="C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 21:05:02 311296]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2010-04-12 08:40:16 180224]
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-26 02:32:52 98304]
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe" [2010-11-30 18:20:36 997408]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 19:49:28 249064]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 21:22:02 3739648]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 12:58:34 611712 ----a-w- C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

R1 MpKsl37240fcb;MpKsl37240fcb;c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{13DC7D22-5490-40CC-873A-F39D2DF5EB9C}\MpKsl37240fcb.sys [x]
R1 MpKsl536c0657;MpKsl536c0657;c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{13DC7D22-5490-40CC-873A-F39D2DF5EB9C}\MpKsl536c0657.sys [x]
R1 MpKsl93161387;MpKsl93161387;c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{13DC7D22-5490-40CC-873A-F39D2DF5EB9C}\MpKsl93161387.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 18:16:28 130384]
R3 GPWADrv;Service for L6 GuitarPort Driver (WDM);C:\Windows\system32\Drivers\GPWADrv.sys [2010-03-09 22:40:44 571264]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 02:25:38 54144]
R3 NisSrv;Microsoft Network Inspection;c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 17:26:42 206360]
R3 SaiKF622;SaiKF622;C:\Windows\system32\DRIVERS\SaiKF622.sys [2009-06-02 20:26:16 113664]
R3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys [2010-10-05 18:26:10 16240]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [2010-11-18 07:27:55 1343400]
S1 MpKslcbeadd24;MpKslcbeadd24;c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{24D01ACC-8519-49C4-AE85-95D097F293D9}\MpKslcbeadd24.sys [2011-03-12 00:40:53 28752]
S2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe [2009-07-14 01:14:41 20992]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [2010-12-18 07:33:42 176128]
S2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2010-10-13 16:40:54 4869488]
S2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2010-10-13 16:41:00 416112]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2010-12-18 07:33:41 6650368]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys [2010-12-18 07:33:28 231936]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW73.sys [2010-12-18 07:33:22 102416]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 02:25:38 43392]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - MPKSLCBEADD24

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai


------- Supplementary Scan -------

Trusted Zone: line6.net
FF - ProfilePath - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\cwzufi5z.default\
FF - prefs.js: browser.search.selectedEngine - YouTube Video Search
FF - prefs.js: browser.startup.homepage - hxxp://www.homestarrunner.com/
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}


[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_dbc0250.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_dbc0250.dll"

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

Completion time: 2011-03-11 20:42:04
ComboFix-quarantined-files.txt 2011-03-12 01:42:03
ComboFix2.txt 2011-03-08 22:09:26
ComboFix3.txt 2011-03-07 23:01:32

Pre-Run: 253,199,138,816 bytes free
Post-Run: 253,150,289,920 bytes free

- - End Of File - - E6CB4B00431408D846F3FD98BE5F3C2B

2. 2nd ComboFix iteration (without script, after first run; currently not in effect because of System Restore)
ComboFix 11-03-11.02 - Aaron 03/11/2011 21:03:18.9.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3582.2716 [GMT -5:00]
Running from: c:\users\Aaron\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-02-12 to 2011-03-12 )))))))))))))))))))))))))))))))
.
.
2011-03-12 02:08 . 2011-03-12 02:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-12 01:42 . 2011-03-12 02:08 -------- d-----w- c:\users\Aaron\AppData\Local\temp
2011-03-11 06:08 . 2011-03-11 06:08 -------- d-----w- c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2011-03-10 21:47 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{24D01ACC-8519-49C4-AE85-95D097F293D9}\mpengine.dll
2011-03-09 18:34 . 2011-02-19 05:33 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-03-09 18:34 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-03-09 18:34 . 2011-02-19 05:32 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-03-09 18:34 . 2010-12-23 05:28 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-09 18:34 . 2010-12-23 05:28 850432 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 18:34 . 2010-12-23 05:28 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 18:34 . 2010-12-23 05:24 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 18:34 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 18:34 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\system32\mstsc.exe
2011-03-08 17:18 . 2011-03-08 17:18 -------- d-----w- c:\users\Aaron\AppData\Local\Google
2011-03-08 17:14 . 2011-03-08 17:14 -------- d-----w- c:\program files\VS Revo Group
2011-03-07 23:43 . 2011-03-07 23:43 -------- d-----w- c:\program files\Stunlock Studios
2011-03-07 22:29 . 2011-03-07 22:29 -------- d--h--w- c:\windows\PIF
2011-03-07 22:22 . 2011-03-07 22:22 -------- d-----w- C:\_OTM
2011-03-07 01:25 . 2011-03-08 17:18 -------- d-----w- c:\program files\Google
2011-03-07 00:53 . 2011-03-07 00:53 -------- d-----w- c:\users\Aaron\AppData\Roaming\Thunderbird
2011-03-07 00:53 . 2011-03-07 00:53 -------- d-----w- c:\users\Aaron\AppData\Local\Thunderbird
2011-03-06 08:19 . 2011-03-08 20:05 -------- d-----w- C:\ironman
2011-03-05 19:52 . 2011-03-05 19:52 -------- d-----w- c:\program files\ESET
2011-03-04 14:58 . 2011-03-04 14:58 -------- d-----w- c:\program files\Microsoft XNA
2011-03-04 14:51 . 2011-03-04 14:52 -------- d-----w- c:\users\Aaron\AppData\Local\BIT.TRIP RUNNER
2011-03-01 16:46 . 2011-03-01 16:46 -------- d-----w- c:\program files\Common Files\Java
2011-03-01 06:08 . 2011-03-01 06:08 -------- d-----w- C:\The Neverhood + patch (English)
2011-03-01 05:31 . 2009-11-11 18:15 -------- d-----w- C:\Neverhood Win7 Color Fix
2011-03-01 05:30 . 2011-03-01 05:30 -------- d-----w- c:\program files\DreamWorks Interactive
2011-02-28 01:42 . 2011-02-28 01:42 -------- d-----w- c:\users\Aaron\AppData\Roaming\Malwarebytes
2011-02-28 01:42 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-28 01:42 . 2011-02-28 01:42 -------- d-----w- c:\programdata\Malwarebytes
2011-02-28 01:42 . 2011-02-28 01:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-28 01:42 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-26 08:03 . 2011-02-26 08:08 -------- d-----w- c:\program files\Savage XR
2011-02-23 06:41 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-02-22 22:32 . 2011-01-07 07:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-22 22:32 . 2011-01-07 07:31 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-21 22:05 . 2011-02-21 22:05 -------- d-----w- c:\programdata\Nexon
2011-02-21 20:01 . 2011-02-21 20:01 -------- d-----w- c:\program files\BandiMPEG1
2011-02-21 19:57 . 2011-02-21 19:58 -------- d-----w- c:\program files\Nexon
2011-02-21 19:11 . 2011-02-21 20:01 -------- d-----w- c:\program files\Vindictus
2011-02-21 19:10 . 2011-03-07 01:37 -------- d-----w- c:\program files\Pando Networks
2011-02-15 18:02 . 2011-03-03 19:48 -------- d-----w- c:\program files\MyDefrag v4.3.1
2011-02-15 02:06 . 2011-02-15 02:06 -------- d-----w- c:\windows\system32\URTTEMP
2011-02-15 02:01 . 2011-02-15 02:01 669184 ----a-w- c:\windows\system32\pbsvc.exe
2011-02-11 20:06 . 2011-02-11 20:33 -------- d-----w- c:\users\Aaron\AppData\Roaming\Nero
2011-02-11 20:04 . 2011-02-11 20:05 -------- d-----w- c:\programdata\Nero
2011-02-11 20:00 . 2011-02-11 20:06 -------- d-----w- c:\users\Aaron\AppData\Roaming\DeepBurner
2011-02-11 19:59 . 2011-02-13 23:55 -------- d-----w- c:\program files\Astonsoft
2011-02-11 00:00 . 2011-02-11 00:00 -------- d-----w- c:\program files\Memorex exPressit Label Design Studio
2011-02-11 00:00 . 2011-02-11 00:00 -------- d-----w- c:\windows\MVUNINST
2011-02-10 23:22 . 2011-02-10 23:22 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-6\markup.dll
2011-02-10 17:19 . 2011-02-11 00:00 -------- d-----w- c:\users\Aaron\AppData\Local\MicroVision Applications
2011-02-10 17:18 . 2009-12-15 22:25 487424 ----a-w- c:\windows\system32\msvcp70.dll
2011-02-10 17:18 . 2002-01-05 07:37 344064 ----a-w- c:\windows\system32\msvcr70.dll
2011-02-10 17:18 . 2011-02-11 01:11 -------- d-----w- c:\program files\Common Files\SureThing Shared
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-04 14:51 . 2010-11-19 20:49 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-03-04 14:51 . 2010-11-19 20:49 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-03-01 16:45 . 2010-11-18 23:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-18 23:47 . 2010-11-19 16:29 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-02-18 12:31 . 2010-11-19 15:28 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-02-15 02:02 . 2010-12-21 02:23 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-02-15 02:02 . 2010-12-21 02:23 22328 ----a-w- c:\users\Aaron\AppData\Roaming\PnkBstrK.sys
2011-02-15 02:02 . 2010-12-21 02:22 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-02-15 02:01 . 2010-12-21 02:22 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-02-11 06:54 . 2010-11-18 17:24 5943120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-02-04 12:38 . 2011-02-04 12:38 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-7\markup.dll
2011-01-29 22:24 . 2011-01-29 22:24 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-01-27 18:04 . 2011-01-27 18:04 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{79424082-15F5-40E2-A6C1-122F03393FF7}\gapaengine.dll
2011-01-26 00:30 . 2009-08-18 16:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-01-26 00:30 . 2009-08-18 16:24 17816 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-01-15 20:16 . 2010-12-22 03:05 270904 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-01-15 20:11 . 2010-12-21 02:22 215128 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-01-13 09:41 . 2011-01-26 23:19 5890896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2010-12-21 02:22 . 2010-12-21 02:22 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2010-12-18 07:33 . 2010-10-27 07:14 52736 ----a-w- c:\windows\system32\coinst.dll
2010-12-18 07:33 . 2010-12-18 07:33 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-12-18 07:33 . 2010-12-18 07:33 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2010-12-18 07:33 . 2010-10-27 07:13 30720 ----a-w- c:\windows\system32\atiuxpag.dll
2010-12-18 07:33 . 2010-09-29 01:46 4066816 ----a-w- c:\windows\system32\atidxx32.dll
2010-12-18 07:33 . 2010-09-29 01:13 28672 ----a-w- c:\windows\system32\atiu9pag.dll
2010-12-18 07:33 . 2010-12-18 07:33 249856 ----a-w- c:\windows\system32\atiadlxx.dll
2010-12-18 07:33 . 2010-09-29 01:55 550400 ----a-w- c:\windows\system32\aticfx32.dll
2010-12-18 07:33 . 2010-12-18 07:33 44032 ----a-w- c:\windows\system32\aticalcl.dll
2010-12-18 07:33 . 2010-12-18 07:33 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2010-12-18 07:33 . 2010-12-18 07:33 46080 ----a-w- c:\windows\system32\aticalrt.dll
2010-12-18 07:33 . 2010-12-18 07:33 4122624 ----a-w- c:\windows\system32\atiumdag.dll
2010-12-18 07:33 . 2010-12-18 07:33 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2010-12-18 07:33 . 2010-12-18 07:33 6650368 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-12-18 07:33 . 2010-12-18 07:33 393216 ----a-w- c:\windows\system32\atieclxx.exe
2010-12-18 07:33 . 2010-12-18 07:33 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-12-18 07:33 . 2010-12-18 07:33 52736 ----a-w- c:\windows\system32\atimpc32.dll
2010-12-18 07:33 . 2010-12-18 07:33 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2010-12-18 07:33 . 2010-12-18 07:33 16702976 ----a-w- c:\windows\system32\atioglxx.dll
2010-12-18 07:33 . 2010-12-18 07:33 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-12-18 07:33 . 2010-12-18 07:33 27136 ----a-w- c:\windows\system32\atigktxx.dll
2010-12-18 07:33 . 2010-12-18 07:33 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-12-18 07:33 . 2010-12-18 07:33 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-12-18 07:33 . 2010-12-18 07:33 231936 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-12-18 07:33 . 2010-12-18 07:33 15872 ----a-w- c:\windows\system32\atimuixx.dll
2010-12-18 07:33 . 2010-12-18 07:33 3460096 ----a-w- c:\windows\system32\atiumdva.dll
2010-12-18 07:33 . 2010-12-18 07:33 5441024 ----a-w- c:\windows\system32\aticaldd.dll
2010-12-18 07:33 . 2010-12-18 07:33 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2010-12-18 07:33 . 2010-12-18 07:33 102416 ----a-w- c:\windows\system32\drivers\AtihdW73.sys
2010-12-14 17:27 . 2010-12-14 17:28 111960 ----a-w- c:\windows\dxsdkuninst.exe
2009-11-20 02:08 . 2009-11-20 02:08 3749224 ----a-w- c:\program files\Common Files\adlmint_libFNP.dll
2009-11-20 02:08 . 2009-11-20 02:08 2941288 ----a-w- c:\program files\Common Files\adlmint.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 03:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2011-02-06 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-26 98304]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 12:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
R1 MpKsl37240fcb;MpKsl37240fcb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{13DC7D22-5490-40CC-873A-F39D2DF5EB9C}\MpKsl37240fcb.sys [x]
R1 MpKsl536c0657;MpKsl536c0657;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{13DC7D22-5490-40CC-873A-F39D2DF5EB9C}\MpKsl536c0657.sys [x]
R1 MpKsl93161387;MpKsl93161387;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{13DC7D22-5490-40CC-873A-F39D2DF5EB9C}\MpKsl93161387.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 GPWADrv;Service for L6 GuitarPort Driver (WDM);c:\windows\system32\Drivers\GPWADrv.sys [2010-03-09 571264]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 SaiKF622;SaiKF622;c:\windows\system32\DRIVERS\SaiKF622.sys [2009-06-02 113664]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-10-05 16240]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-18 1343400]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-12-18 176128]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-13 4869488]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-13 416112]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-12-18 6650368]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-12-18 231936]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-12-18 102416]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
.
------- Supplementary Scan -------
.
Trusted Zone: line6.net
FF - ProfilePath - c:\users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\cwzufi5z.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.homestarrunner.com/
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_dbc0250.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_dbc0250.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5884)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2011-03-11 21:09:44
ComboFix-quarantined-files.txt 2011-03-12 02:09
ComboFix2.txt 2011-03-12 01:42
ComboFix3.txt 2011-03-08 22:09
ComboFix4.txt 2011-03-07 23:01
.
Pre-Run: 253,176,127,488 bytes free
Post-Run: 253,123,694,592 bytes free
.
- - End Of File - - 499A2FD0B57BC79DC0C7955269A4DDFD
 
did another System Restore
Click to expand...

You undid everything we've done previously! Who instructed you to do a System restore?

After the script is run, Combofix generates a new log. That's the logs you should have left not run Combofix again!
When I tried booting Steam and installing something through the Adobe Updater, it ended up giving me strange .dll errors, I attributed this to ComboFix deleting crucial files again, and did another System Restore to before the 2nd ComboFix without the script and ESET Scan (from my Steps 2 and 3
Click to expand...
What made you decide to install something in the middle of a cleaning and then when it wouldn't work, make an assumption then act on it!

I don't have time to read multiple 'before and after' sets of logs because you got impatient.

What are you referring to about Combofix deleting crucial logs-again?

No wonder Trojans keep coming back! You are restoring the Trojans!

Support is ended for this thread.
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
796
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back