# URGENT!! Windows services not working!!



## mushyme8 (May 31, 2011)

I'm not sure if this is in the right forum section, as I just registered. I'll move if necessary. But stuff like Security Center, Security Essentials, Windows Update, System Restore, Hard Drive Backup, Windows Installer etc. All of it isn't working! 

Installed in terms of antivirus etc.: MalwareBytes, Advanced SystemCare and Ad-Aware. Help!!!!


----------



## mushyme8 (May 31, 2011)

Forgot to Mention: Running Windows Vista 32 bit OS. Please reply ASAP!!!


----------



## johnb35 (May 31, 2011)

Is this a fresh install of windows?  Are you having any other signs of possible malware issue?

Can you download and run anything?


----------



## mushyme8 (Jun 1, 2011)

Nope, this is on a laptop I've had for a couple of years. Compaq Presario A900.


----------



## mushyme8 (Jun 1, 2011)

Also, I'm having a redirect problem, when I click a link, it goes to a random site: different every time. If I refresh before the redirect, then it loads. HELP!!!


----------



## johnb35 (Jun 1, 2011)

I thought so,  Please do the following.

Please download and run TDSSkiller

When the program opens, click on the start scan button.

TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.






To remove the infection simply click on the Continue button and TDSSKiller will attempt to clean the infection.

When it has finished cleaning the infection you will see a report stating whether or not it was successful as shown below.






If the log says will be cured after reboot, please reboot the system by pressing the reboot now button.

After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it.  Please open the log and copy and paste it back here.

Please download Malwarebytes' Anti-Malware from *here* or *here* and save it to your desktop.

Double-click *mbam-setup.exe* and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
*Update Malwarebytes' Anti-Malware*
and *Launch Malwarebytes' Anti-Malware*
 
then click *Finish*.
If an update is found, it will download and install the latest version.  *Please keep updating until it says you have the latest version.*
Once the program has loaded, select *Perform quick scan*, then click *Scan*.
When the scan is complete, click *OK*, then *Show Results* to view the results.
Be sure that everything is checked, and click *Remove Selected*.
A log will be saved automatically which you can access by clicking on the *Logs* tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr,  Rkill.exe, or Rkill.com  but *DO NOT *reboot the system and then try installing or running Malwarebytes.  If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it.  Once a log appears on the screen, you can try running malwarebytes or downloading other programs.



Download the HijackThis installer from *here*.  
Run the installer and choose *Install*, indicating that you accept the licence agreement.  The installer will place a shortcut on your desktop and launch HijackThis.

Click *Do a system scan and save a logfile*

_Most of what HijackThis lists will be harmless or even essential, don't fix anything yet._

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log


----------



## mushyme8 (Jun 1, 2011)

tdsskiller log:

2011/06/01 22:24:30.0873 1804	TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/06/01 22:24:32.0012 1804	================================================================================
2011/06/01 22:24:32.0012 1804	SystemInfo:
2011/06/01 22:24:32.0012 1804	
2011/06/01 22:24:32.0012 1804	OS Version: 6.0.6001 ServicePack: 1.0
2011/06/01 22:24:32.0012 1804	Product type: Workstation
2011/06/01 22:24:32.0013 1804	ComputerName: WILLIAMDU
2011/06/01 22:24:32.0013 1804	UserName: William
2011/06/01 22:24:32.0013 1804	Windows directory: C:\Windows
2011/06/01 22:24:32.0013 1804	System windows directory: C:\Windows
2011/06/01 22:24:32.0013 1804	Processor architecture: Intel x86
2011/06/01 22:24:32.0013 1804	Number of processors: 2
2011/06/01 22:24:32.0013 1804	Page size: 0x1000
2011/06/01 22:24:32.0013 1804	Boot type: Normal boot
2011/06/01 22:24:32.0013 1804	================================================================================
2011/06/01 22:24:33.0106 1804	Initialize success
2011/06/01 22:24:36.0508 3980	================================================================================
2011/06/01 22:24:36.0508 3980	Scan started
2011/06/01 22:24:36.0508 3980	Mode: Manual; 
2011/06/01 22:24:36.0508 3980	================================================================================
2011/06/01 22:24:37.0764 3980	ACPI            (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/06/01 22:24:37.0834 3980	adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/06/01 22:24:37.0902 3980	adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/06/01 22:24:37.0990 3980	adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/06/01 22:24:38.0048 3980	adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/06/01 22:24:38.0122 3980	AFD             (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/06/01 22:24:38.0184 3980	agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/06/01 22:24:38.0238 3980	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/06/01 22:24:38.0316 3980	aliide          (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/06/01 22:24:38.0352 3980	amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/06/01 22:24:38.0400 3980	amdide          (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/06/01 22:24:38.0439 3980	AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/06/01 22:24:38.0497 3980	AmdK8           (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/06/01 22:24:38.0661 3980	ApfiltrService  (3a2154b4f22af4771f40b8f2fc7dbbf6) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/06/01 22:24:38.0716 3980	arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/06/01 22:24:38.0771 3980	arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/06/01 22:24:38.0861 3980	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/01 22:24:38.0905 3980	atapi           (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/06/01 22:24:39.0012 3980	BCM43XV         (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/06/01 22:24:39.0083 3980	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/06/01 22:24:39.0220 3980	bowser          (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/01 22:24:39.0273 3980	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/01 22:24:39.0331 3980	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/06/01 22:24:39.0394 3980	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/06/01 22:24:39.0453 3980	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/06/01 22:24:39.0502 3980	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/01 22:24:39.0540 3980	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/06/01 22:24:39.0580 3980	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/06/01 22:24:39.0630 3980	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/01 22:24:39.0680 3980	cdrom           (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/01 22:24:39.0722 3980	circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/06/01 22:24:39.0772 3980	CLFS            (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/06/01 22:24:39.0834 3980	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/01 22:24:39.0874 3980	cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/06/01 22:24:39.0932 3980	CnxtHdAudService (2e39f9c51912f4f211b0334aed33e7bd) C:\Windows\system32\drivers\CHDRT32.sys
2011/06/01 22:24:39.0978 3980	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/01 22:24:40.0134 3980	crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/06/01 22:24:40.0176 3980	Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/06/01 22:24:40.0271 3980	DfsC            (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/06/01 22:24:40.0397 3980	disk            (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/06/01 22:24:40.0450 3980	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/06/01 22:24:40.0495 3980	DrvAgent32      (651554e483712b708ede864d0ca1aa73) C:\Windows\system32\Drivers\DrvAgent32.sys
2011/06/01 22:24:40.0569 3980	DXGKrnl         (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/01 22:24:40.0653 3980	E100B           (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys
2011/06/01 22:24:40.0697 3980	E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/01 22:24:40.0807 3980	Ecache          (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/06/01 22:24:40.0874 3980	elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/06/01 22:24:40.0994 3980	exfat           (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/06/01 22:24:41.0054 3980	fastfat         (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/06/01 22:24:41.0108 3980	fdc             (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/01 22:24:41.0167 3980	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/06/01 22:24:41.0223 3980	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/06/01 22:24:41.0262 3980	flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/01 22:24:41.0351 3980	FltMgr          (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/06/01 22:24:41.0410 3980	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/01 22:24:41.0458 3980	gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/01 22:24:41.0550 3980	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/06/01 22:24:41.0612 3980	giveio          (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
2011/06/01 22:24:41.0659 3980	HBtnKey         (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys
2011/06/01 22:24:41.0723 3980	HdAudAddService (a1be5a64ddcb0880301cf860be3f0a07) C:\Windows\system32\drivers\CHDART.sys
2011/06/01 22:24:41.0797 3980	HDAudBus        (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/01 22:24:41.0852 3980	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/06/01 22:24:41.0890 3980	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/06/01 22:24:41.0947 3980	HidUsb          (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/01 22:24:41.0990 3980	HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/06/01 22:24:42.0032 3980	HpqKbFiltr      (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2011/06/01 22:24:42.0114 3980	HSFHWAZL        (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/06/01 22:24:42.0251 3980	HSF_DPV         (1882827f41dee51c70e24c567c35bfb5) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/06/01 22:24:42.0369 3980	HSXHWAZL        (a44ddf3ba83e4664bf4de9220097578c) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/06/01 22:24:42.0471 3980	HTTP            (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
2011/06/01 22:24:42.0652 3980	i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/06/01 22:24:42.0799 3980	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/01 22:24:43.0173 3980	ialm            (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/06/01 22:24:43.0388 3980	iaStor          (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\DRIVERS\iaStor.sys
2011/06/01 22:24:43.0559 3980	iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/06/01 22:24:43.0930 3980	igfx            (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/06/01 22:24:44.0175 3980	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/06/01 22:24:44.0267 3980	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/06/01 22:24:44.0327 3980	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/01 22:24:44.0400 3980	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/01 22:24:44.0485 3980	IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/01 22:24:44.0541 3980	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/01 22:24:44.0585 3980	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/06/01 22:24:44.0626 3980	isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/06/01 22:24:44.0685 3980	iScsiPrt        (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/01 22:24:44.0727 3980	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/06/01 22:24:44.0759 3980	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/06/01 22:24:44.0802 3980	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/01 22:24:44.0834 3980	kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/01 22:24:44.0935 3980	KSecDD          (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/01 22:24:45.0107 3980	Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2011/06/01 22:24:45.0341 3980	Lbd             (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
2011/06/01 22:24:45.0394 3980	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/01 22:24:45.0507 3980	LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/01 22:24:45.0569 3980	LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/01 22:24:45.0656 3980	LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/01 22:24:45.0722 3980	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/06/01 22:24:45.0782 3980	mdmxsdk         (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/06/01 22:24:45.0834 3980	megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/06/01 22:24:45.0913 3980	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/06/01 22:24:45.0965 3980	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/01 22:24:46.0013 3980	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/01 22:24:46.0061 3980	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/01 22:24:46.0109 3980	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/06/01 22:24:46.0156 3980	mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/06/01 22:24:46.0522 3980	MpNWMon         (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/06/01 22:24:46.0596 3980	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/01 22:24:46.0674 3980	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/06/01 22:24:46.0737 3980	MRxDAV          (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/06/01 22:24:46.0803 3980	mrxsmb          (cc752d233ef39875ca6885d9415ba869) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/01 22:24:46.0858 3980	mrxsmb10        (9049dddd4bd27d43d82f5968f1da76e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/01 22:24:46.0886 3980	mrxsmb20        (91dc069b6831ef564e7d8c97eaf0343e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/01 22:24:46.0920 3980	msahci          (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/06/01 22:24:46.0968 3980	msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/06/01 22:24:47.0043 3980	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/06/01 22:24:47.0095 3980	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/06/01 22:24:47.0174 3980	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/01 22:24:47.0203 3980	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/01 22:24:47.0223 3980	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/06/01 22:24:47.0287 3980	MsRPC           (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/06/01 22:24:47.0341 3980	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/01 22:24:47.0392 3980	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/06/01 22:24:47.0427 3980	Mup             (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/06/01 22:24:47.0501 3980	NativeWifiP     (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/01 22:24:47.0568 3980	NDIS            (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/06/01 22:24:47.0635 3980	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/01 22:24:47.0678 3980	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/01 22:24:47.0719 3980	NdisWan         (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/01 22:24:47.0752 3980	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/06/01 22:24:47.0779 3980	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/01 22:24:47.0832 3980	netbt           (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/01 22:24:48.0096 3980	NETw3v32        (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys
2011/06/01 22:24:48.0445 3980	NETw4v32        (25acccfc33dd448b9d3037c5e439e830) C:\Windows\system32\DRIVERS\NETw4v32.sys
2011/06/01 22:24:49.0035 3980	NETw5v32        (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys
2011/06/01 22:24:49.0272 3980	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/06/01 22:24:49.0332 3980	nhcDriverDevice (37260a293b6a89373ae76791e6cc5a12) C:\Windows\system32\drivers\nhcDriver.sys
2011/06/01 22:24:49.0424 3980	NisDrv          (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/06/01 22:24:49.0520 3980	NPF             (6623e51595c0076755c29c00846c4eb2) C:\Windows\system32\drivers\npf.sys
2011/06/01 22:24:49.0588 3980	Npfs            (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/06/01 22:24:49.0643 3980	NPPTNT2         (9131fe60adfab595c8da53ad6a06aa31) C:\Windows\system32\npptNT2.sys
2011/06/01 22:24:49.0696 3980	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/01 22:24:49.0799 3980	Ntfs            (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/06/01 22:24:49.0900 3980	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/06/01 22:24:49.0941 3980	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/06/01 22:24:49.0998 3980	nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/06/01 22:24:50.0034 3980	nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/06/01 22:24:50.0075 3980	nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/06/01 22:24:50.0217 3980	ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/06/01 22:24:50.0299 3980	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/06/01 22:24:50.0330 3980	partmgr         (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/06/01 22:24:50.0367 3980	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/06/01 22:24:50.0417 3980	pci             (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/06/01 22:24:50.0474 3980	pciide          (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/06/01 22:24:50.0564 3980	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/06/01 22:24:50.0647 3980	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/06/01 22:24:50.0763 3980	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/01 22:24:50.0802 3980	Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/06/01 22:24:50.0870 3980	PSched          (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/01 22:24:50.0973 3980	ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/06/01 22:24:51.0019 3980	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/06/01 22:24:51.0085 3980	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/01 22:24:51.0133 3980	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/01 22:24:51.0182 3980	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/01 22:24:51.0213 3980	RasPppoe        (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/01 22:24:51.0249 3980	RasSstp         (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/01 22:24:51.0287 3980	rdbss           (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/01 22:24:51.0334 3980	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/01 22:24:51.0396 3980	rdpdr           (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/06/01 22:24:51.0455 3980	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/01 22:24:51.0495 3980	RDPWD           (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/06/01 22:24:51.0594 3980	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/01 22:24:51.0638 3980	RTL8023xp       (8de22fb05e4a0f797b1e442eb4b3b51c) C:\Windows\system32\DRIVERS\Rtnicxp.sys
2011/06/01 22:24:51.0686 3980	RTSTOR          (68180821fedebb2b373d83a2d8e4e16a) C:\Windows\system32\drivers\RTSTOR.SYS
2011/06/01 22:24:51.0737 3980	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/06/01 22:24:51.0787 3980	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/01 22:24:51.0831 3980	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/06/01 22:24:51.0874 3980	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/06/01 22:24:51.0929 3980	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/06/01 22:24:51.0985 3980	sffdisk         (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/06/01 22:24:52.0027 3980	sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/01 22:24:52.0075 3980	sffp_sd         (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/01 22:24:52.0124 3980	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/06/01 22:24:52.0181 3980	sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/06/01 22:24:52.0223 3980	SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/06/01 22:24:52.0271 3980	SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/06/01 22:24:52.0365 3980	Smb             (5dafe376998d970cb87135a83424e67f) C:\Windows\system32\DRIVERS\smb.sys
2011/06/01 22:24:52.0374 3980	Smb - detected Rootkit.Win32.ZAccess.c (0)
2011/06/01 22:24:52.0475 3980	speedfan        (5d6401db90ec81b71f8e2c5c8f0fef23) C:\Windows\system32\speedfan.sys
2011/06/01 22:24:52.0521 3980	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/06/01 22:24:52.0604 3980	sptd            (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/06/01 22:24:52.0605 3980	Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/06/01 22:24:52.0610 3980	sptd - detected LockedFile.Multi.Generic (1)
2011/06/01 22:24:52.0678 3980	srv             (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
2011/06/01 22:24:52.0743 3980	srv2            (96512f4a30b741e7d33a7936b9abbc20) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/01 22:24:52.0794 3980	srvnet          (1c69e33e0e23626da5a34ca5ba0dd990) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/01 22:24:52.0850 3980	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/01 22:24:52.0893 3980	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/06/01 22:24:52.0989 3980	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/06/01 22:24:53.0043 3980	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/06/01 22:24:53.0214 3980	Tcpip           (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\drivers\tcpip.sys
2011/06/01 22:24:53.0269 3980	Tcpip6          (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/01 22:24:53.0313 3980	tcpipreg        (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/01 22:24:53.0364 3980	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/06/01 22:24:53.0408 3980	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/06/01 22:24:53.0452 3980	tdx             (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/01 22:24:53.0489 3980	TermDD          (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/01 22:24:53.0560 3980	TPkd            (409a577fd5781c717e55a28717514c58) C:\Windows\system32\drivers\TPkd.sys
2011/06/01 22:24:53.0629 3980	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/01 22:24:53.0677 3980	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/06/01 22:24:53.0729 3980	tunnel          (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/01 22:24:53.0768 3980	uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/06/01 22:24:53.0836 3980	udfs            (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/01 22:24:53.0915 3980	uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/01 22:24:53.0982 3980	uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/06/01 22:24:54.0030 3980	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/06/01 22:24:54.0074 3980	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/06/01 22:24:54.0131 3980	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/01 22:24:54.0180 3980	UMPass          (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys
2011/06/01 22:24:54.0252 3980	USBAAPL         (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/06/01 22:24:54.0307 3980	usbaudio        (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys
2011/06/01 22:24:54.0343 3980	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/01 22:24:54.0414 3980	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/06/01 22:24:54.0478 3980	usbehci         (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/01 22:24:54.0551 3980	usbhub          (c2beb0929e18adf60344c66398e36526) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/01 22:24:54.0575 3980	usbhub - detected Rootkit.Win32.ZAccess.c (0)
2011/06/01 22:24:54.0609 3980	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/06/01 22:24:54.0665 3980	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/01 22:24:54.0742 3980	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/06/01 22:24:54.0793 3980	USBSTOR         (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/01 22:24:54.0829 3980	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/01 22:24:54.0885 3980	usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/06/01 22:24:54.0952 3980	vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/01 22:24:55.0003 3980	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/06/01 22:24:55.0037 3980	viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/06/01 22:24:55.0072 3980	ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/06/01 22:24:55.0104 3980	viaide          (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/06/01 22:24:55.0150 3980	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/06/01 22:24:55.0217 3980	volmgrx         (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/06/01 22:24:55.0265 3980	volsnap         (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/06/01 22:24:55.0306 3980	vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/06/01 22:24:55.0372 3980	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/06/01 22:24:55.0447 3980	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/01 22:24:55.0473 3980	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/01 22:24:55.0537 3980	Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/06/01 22:24:55.0623 3980	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/01 22:24:55.0734 3980	winachsf        (e096ffb754f1e45ae1bddac1275ae2c5) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/06/01 22:24:55.0863 3980	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/06/01 22:24:55.0938 3980	WpdUsb          (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/06/01 22:24:56.0032 3980	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/01 22:24:56.0109 3980	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/01 22:24:56.0148 3980	XAudio          (19e7c173b6242ad7521e537ae54768bf) C:\Windows\system32\DRIVERS\xaudio.sys
2011/06/01 22:24:56.0406 3980	MBR (0x1B8)     (1a1a06f62e891045814007163c1c76c3) \Device\Harddisk0\DR0
2011/06/01 22:24:56.0482 3980	================================================================================
2011/06/01 22:24:56.0482 3980	Scan finished
2011/06/01 22:24:56.0482 3980	================================================================================
2011/06/01 22:24:56.0494 2008	Detected object count: 3
2011/06/01 22:24:56.0494 2008	Actual detected object count: 3
2011/06/01 22:25:03.0281 2008	Smb             (5dafe376998d970cb87135a83424e67f) C:\Windows\system32\DRIVERS\smb.sys
2011/06/01 22:25:11.0797 2008	Backup copy not found, trying to cure infected file..
2011/06/01 22:25:11.0797 2008	C:\Windows\system32\DRIVERS\smb.sys - Cure failed (FFFFFFFF)
2011/06/01 22:25:11.0797 2008	C:\Windows\system32\DRIVERS\smb.sys - processing error
2011/06/01 22:25:11.0797 2008	Rootkit.Win32.ZAccess.c(Smb) - User select action: Cure 
2011/06/01 22:25:11.0798 2008	LockedFile.Multi.Generic(sptd) - User select action: Skip 
2011/06/01 22:25:11.0929 2008	usbhub          (c2beb0929e18adf60344c66398e36526) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/01 22:25:12.0494 2008	Backup copy found, using it..
2011/06/01 22:25:12.0553 2008	C:\Windows\system32\DRIVERS\usbhub.sys - will be cured after reboot
2011/06/01 22:25:12.0553 2008	Rootkit.Win32.ZAccess.c(usbhub) - User select action: Cure 
2011/06/01 22:25:17.0889 4080	Deinitialize success



malware bytes log (i ran the scan with my own malware bytes, downloaded from the same site just weeks ago. i just updated as well)

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6701

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19048

1/06/2011 10:39:31 PM
mbam-log-2011-06-01 (22-39-31).txt

Scan type: Quick scan
Objects scanned: 172212
Time elapsed: 6 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{650BE2A4-3A6F-6C69-69E0-9BB14349172E} (Trojan.ZbotR.Gen) -> Value: {650BE2A4-3A6F-6C69-69E0-9BB14349172E} -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\William\AppData\Roaming\Efuqok\tyexa.exe (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully.


Then I got the blue screen of death =(



After I booted again, I ran the last one:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:46:15 PM, on 1/06/2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19048)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Mouse Driver\MouseDrv.exe
C:\WINDOWS\System32\wpcumi.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=81&bd=Presario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=81&bd=Presario&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: wit for ie - {75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Prize Live Toolbar BHO - {a4d3eb65-a437-449e-b7ef-203afb312f46} - mscoree.dll (file missing)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Prize Live Toolbar - {594d6baf-faa1-4ff1-beff-e4f1674c22c5} - mscoree.dll (file missing)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Mouse Driver\MouseDrv.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [{650BE2A4-3A6F-6C69-69E0-9BB14349172E}] C:\Users\William\AppData\Roaming\Efuqok\tyexa.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - (no file)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - (no file)
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.23.0.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://service.futuremark.com/openapi/receivers/FMSI.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: lxcz_device -   - C:\Windows\system32\lxczcoms.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SophosCleanupTool - Sophos Group - C:\Program Files\Sophos\Sophos confic-a Cleanup Tool\service.sys
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12426 bytes




I also get some Security Client on startup, with error code: 0x8007064e


----------



## johnb35 (Jun 1, 2011)

You aren't running the latest version of malwarebytes.  Please update it and rerun the scan.  However, please run this first.

*Download and Run ComboFix*
*If you already have Combofix, please delete this copy and download it again as it's being updated regularly.*

*Download this file* here :

http://www.bleepingcomputer.com/download/anti-virus/combofix

Then double click *combofix.exe* & follow the prompts.
When finished, it shall produce *a log* for you. *Post that log* in your next reply
*Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall*

Combofix should never take more that 20 minutes including the reboot if malware is detected.


In your next reply please post:

The ComboFix log
A fresh HiJackThis log
An update on how your computer is running


----------



## SoMeAm (Jun 1, 2011)

Hi,

Mushyme8, you are in the right place for your issue.  John, I mentioned you in our staff meeting.  Your work on this Forum is amazing, and I have advised others to come here for virus/malware issues.

Thanks again,

Priscilla


----------



## mushyme8 (Jun 2, 2011)

ComboFix Log:

ComboFix 11-06-01.05 - William 02/06/2011  15:49:21.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.61.1033.18.2037.737 [GMT 10:00]
Running from: c:\users\William\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\CrashLog_20100819.txt
c:\cflog\CrashLog_20100820.txt
c:\cflog\CrashLog_20101024.txt
c:\programdata\install\1.reg
c:\users\William\AppData\Roaming\chrtmp
c:\users\William\AppData\Roaming\Efuqok\tyexa.exe
c:\users\William\ComboFix.exe
c:\users\William\Logo.png
c:\users\William\tdsskiller.exe
c:\users\William\TRON Legacy {2010} DVDRIP. Jaybob .avi
c:\users\William\videos\Battlefunds-Generator-v3.exe
c:\users\William\videos\lolBattlefunds-Generator-v3.exe
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\KBL.LOG
c:\windows\system32\server.log
c:\windows\system32\system
.
Infected copy of c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe was found and disinfected 
Restored copy from - c:\windows\winsxs\x86_infocard_b77a5c561934e089_6.0.6000.20864_none_b4e76b3f31dd2ea8\infocard.exe 
.
.
(((((((((((((((((((((((((   Files Created from 2011-05-02 to 2011-06-02  )))))))))))))))))))))))))))))))
.
.
2030-08-29 13:22 . 2030-08-29 13:22	56832	------w-	c:\windows\system32\iyvu9_32.dll
2030-08-29 13:22 . 2030-08-29 13:22	143872	------w-	c:\windows\system32\iacenc.dll
2011-06-01 12:45 . 2011-06-01 12:45	388096	----a-r-	c:\users\William\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-01 12:45 . 2011-06-01 12:45	--------	d-----w-	c:\program files\Trend Micro
2011-06-01 12:40 . 2011-06-01 12:40	1402880	----a-w-	c:\users\William\HiJackThis.msi
2011-05-31 13:44 . 2011-05-31 13:59	--------	dc----w-	C:\WINSSLog
2011-05-31 13:19 . 2011-06-01 12:39	--------	d-----w-	c:\users\William\AppData\Roaming\Efuqok
2011-05-31 13:19 . 2011-06-01 09:17	--------	d-----w-	c:\users\William\AppData\Roaming\Iqir
2011-05-29 11:19 . 2011-05-29 11:19	--------	d-----w-	c:\users\William\AppData\Roaming\NCH Swift Sound
2011-05-29 11:19 . 2011-05-29 11:19	--------	d-----w-	c:\programdata\NCH Swift Sound
2011-05-29 11:19 . 2011-05-29 11:19	--------	d-----w-	c:\program files\NCH Swift Sound
2011-05-26 15:22 . 2009-09-04 07:29	453456	----a-w-	c:\windows\system32\d3dx10_42.dll
2011-05-26 15:22 . 2009-09-04 07:29	1892184	----a-w-	c:\windows\system32\D3DX9_42.dll
2011-05-26 15:22 . 2011-05-26 15:22	--------	d-----w-	c:\windows\system32\xlive
2011-05-26 15:22 . 2011-05-27 17:03	--------	d-----w-	c:\program files\Microsoft Games for Windows - LIVE
2011-05-26 15:18 . 2011-05-26 15:18	--------	d-----w-	c:\program files\Microsoft Synchronization Services
2011-05-26 15:18 . 2011-05-26 15:20	188128	----a-w-	c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2011-05-26 15:15 . 2011-05-26 15:15	--------	d-----w-	c:\program files\Microsoft Help Viewer
2011-05-26 15:15 . 2011-05-26 15:20	--------	d-----w-	c:\program files\Microsoft Visual Studio 10.0
2011-05-26 15:15 . 2011-05-26 15:15	--------	d-----w-	c:\program files\Microsoft SDKs
2011-05-26 15:05 . 2008-11-13 02:28	2560	----a-w-	c:\windows\system32\msimsg.dll
2011-05-26 15:05 . 2008-11-13 04:50	332800	----a-w-	c:\windows\system32\msihnd.dll
2011-05-26 15:05 . 2008-11-13 04:50	2241536	----a-w-	c:\windows\system32\msi.dll
2011-05-26 15:05 . 2008-11-13 04:50	16384	----a-w-	c:\windows\system32\msisip.dll
2011-05-26 15:05 . 2008-11-13 04:49	73216	----a-w-	c:\windows\system32\msiexec.exe
2011-05-26 13:22 . 2010-02-04 00:01	74072	----a-w-	c:\windows\system32\XAPOFX1_4.dll
2011-05-26 13:22 . 2010-02-04 00:01	528216	----a-w-	c:\windows\system32\XAudio2_6.dll
2011-05-26 13:22 . 2010-02-04 00:01	238936	----a-w-	c:\windows\system32\xactengine3_6.dll
2011-05-26 13:22 . 2010-02-04 00:01	22360	----a-w-	c:\windows\system32\X3DAudio1_7.dll
2011-05-26 13:22 . 2009-03-09 05:27	4178264	----a-w-	c:\windows\system32\D3DX9_41.dll
2011-05-26 13:22 . 2007-04-04 08:53	81768	----a-w-	c:\windows\system32\xinput1_3.dll
2011-05-26 13:22 . 2007-03-12 06:42	3495784	----a-w-	c:\windows\system32\d3dx9_33.dll
2011-05-26 13:22 . 2011-05-26 13:22	--------	d-----w-	c:\program files\Microsoft XNA
2011-05-25 12:53 . 2011-05-25 12:53	--------	d-----w-	c:\program files\CoffeeTycoon_at
2011-05-21 17:17 . 2010-07-01 07:49	--------	d-----w-	c:\program files\CyberLink - Copy
2011-05-20 23:29 . 2011-05-20 23:29	15876	----a-w-	c:\users\William\BACKUP.reg
2011-05-19 13:06 . 2011-05-09 20:46	6962000	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7FE6847E-BDFE-48DA-9CA7-263695E18961}\mpengine.dll
2011-05-11 12:24 . 2011-05-11 12:24	507392	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{2E3A551E-016C-410B-B975-B108E7B6BD7E}-Gen v1.22.4.exe
2011-05-11 07:53 . 2011-05-11 07:53	--------	d-----w-	c:\users\William\AppData\Local\Geckofx
2011-05-11 07:51 . 2011-05-11 07:51	--------	d-----w-	c:\program files\AviSynth 2.5
2011-05-11 07:49 . 2011-05-11 07:49	--------	d-----w-	c:\program files\Red Kawa
2011-05-11 05:12 . 2011-04-07 12:01	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-05-09 13:14 . 2011-05-09 12:52	16432	----a-w-	c:\windows\system32\lsdelete.exe
2011-05-09 12:52 . 2011-05-09 12:52	98392	----a-w-	c:\windows\system32\drivers\SBREDrv.sys
2011-05-09 12:47 . 2011-04-29 02:12	64512	----a-w-	c:\windows\system32\drivers\Lbd.sys
2011-05-09 12:47 . 2011-05-09 12:47	--------	d-----w-	c:\program files\Lavasoft
2011-05-09 12:47 . 2011-05-09 12:47	--------	d-----w-	c:\programdata\Lavasoft
2011-05-08 21:42 . 2011-05-08 21:42	781272	----a-w-	c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-08 21:42 . 2011-05-08 21:42	1874904	----a-w-	c:\program files\Mozilla Firefox\mozjs.dll
2011-05-08 21:42 . 2011-05-08 21:42	89048	----a-w-	c:\program files\Mozilla Firefox\libEGL.dll
2011-05-08 21:42 . 2011-05-08 21:42	465880	----a-w-	c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-08 21:42 . 2011-05-08 21:42	1892184	----a-w-	c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-08 21:42 . 2011-05-08 21:42	15832	----a-w-	c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-08 21:42 . 2011-05-08 21:42	142296	----a-w-	c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-08 21:42 . 2011-05-08 21:42	1974616	----a-w-	c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-06 10:27 . 2009-05-18 03:17	26600	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2011-05-06 10:27 . 2008-04-17 02:12	107368	----a-w-	c:\windows\system32\GEARAspi.dll
2011-05-06 10:26 . 2011-05-06 10:26	--------	d-----w-	c:\program files\iPod
2011-05-06 10:26 . 2011-05-06 10:27	--------	d-----w-	c:\program files\iTunes
2011-05-06 10:24 . 2011-05-06 10:24	--------	d-----w-	c:\program files\Bonjour
2011-05-05 05:57 . 2011-05-05 06:13	--------	d-----w-	c:\windows\system32\world
2011-05-03 08:04 . 2011-05-28 23:09	--------	d-----w-	c:\users\William\AppData\Roaming\skypePM
2011-05-03 08:04 . 2011-05-28 13:30	--------	d-----w-	c:\programdata\Skype Extras
2011-05-03 08:02 . 2011-05-28 23:10	--------	d-----w-	c:\users\William\AppData\Roaming\Skype
2011-05-03 08:02 . 2011-05-03 08:02	--------	d-----w-	c:\program files\Common Files\Skype
2011-05-03 08:02 . 2011-05-03 08:02	--------	d-----r-	c:\program files\Skype
2011-05-03 08:02 . 2011-05-03 08:02	--------	d-----w-	c:\programdata\Skype
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-01 12:26 . 2010-08-11 06:04	194560	----a-w-	c:\windows\system32\drivers\usbhub.sys
2011-05-31 13:20 . 2011-03-10 20:46	133120	----a-w-	c:\windows\system32\drivers\smb.sys
2011-05-28 23:11 . 2011-03-10 13:22	39984	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-28 23:11 . 2011-03-10 13:22	22712	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-05-01 06:59 . 2010-07-09 12:04	22528	----a-w-	c:\windows\system32\drivers\nhcDriver.sys
2011-04-29 13:15 . 2011-04-29 13:16	439632	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{963A4107-8B32-499C-9B9E-186152C974C2}\gapaengine.dll
2011-04-14 07:47 . 2011-04-14 07:47	86016	----a-w-	c:\windows\system32\frapsvid.dll
2011-04-10 14:04 . 2011-04-30 11:58	7071056	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-09 08:55 . 2011-04-09 08:55	15453336	----a-w-	c:\windows\system32\xlive.dll
2011-04-09 08:55 . 2011-04-09 08:55	13642904	----a-w-	c:\windows\system32\xlivefnt.dll
2011-04-06 06:20 . 2011-04-06 06:20	91424	----a-w-	c:\windows\system32\dnssd.dll
2011-04-06 06:20 . 2011-04-06 06:20	107808	----a-w-	c:\windows\system32\dns-sd.exe
2011-03-10 21:06 . 2006-11-02 10:32	101888	----a-w-	c:\windows\system32\ifxcardm.dll
2011-03-10 21:06 . 2006-11-02 10:32	82432	----a-w-	c:\windows\system32\axaltocm.dll
2011-03-10 16:12 . 2011-04-28 13:50	1161728	----a-w-	c:\windows\system32\mfc42u.dll
2011-03-10 16:12 . 2011-04-28 13:50	1136640	----a-w-	c:\windows\system32\mfc42.dll
2011-03-09 11:50 . 2011-03-09 11:50	65536	----a-r-	c:\users\William\AppData\Roaming\Microsoft\Installer\{2c557f98-ef74-4a1e-a856-9df2f633b41f}\gui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2011-03-09 11:50 . 2011-03-09 11:50	65536	----a-r-	c:\users\William\AppData\Roaming\Microsoft\Installer\{2c557f98-ef74-4a1e-a856-9df2f633b41f}\gui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2011-03-09 11:50 . 2011-03-09 11:50	65536	----a-r-	c:\users\William\AppData\Roaming\Microsoft\Installer\{2c557f98-ef74-4a1e-a856-9df2f633b41f}\ARPPRODUCTICON.exe
2011-05-08 21:42 . 2011-05-08 21:42	142296	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 01:51	3911776	----a-w-	c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 01:51	3911776	----a-w-	c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-10-24 212992]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-28 202032]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-01 181544]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-14 222504]
"CreativeMouse "="c:\program files\Mouse Driver\MouseDrv.exe" [2004-06-27 503808]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-26 15:22	421160	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TouchFreeze]
2005-04-29 05:15	45056	----a-w-	c:\program files\TouchFreeze\TouchFreeze.exe
.
R1 MpKsl212f0f8f;MpKsl212f0f8f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E2CD9590-BA2B-4CD7-833F-2596B18B6D30}\MpKsl212f0f8f.sys [x]
R1 MpKsl330ab594;MpKsl330ab594;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7FE6847E-BDFE-48DA-9CA7-263695E18961}\MpKsl330ab594.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-05-16 2151128]
R3 apf001;apf001;c:\program files\SoftnyxGame\WolfTeamIS\apf001.sys [x]
R3 cpuz130;cpuz130; [x]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2010-08-03 23456]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-04-29 15232]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-28 39984]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-03-23 3425416]
R3 SophosCleanupTool;SophosCleanupTool;c:\program files\Sophos\Sophos confic-a Cleanup Tool\service.sys [2010-03-01 148720]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 XDva358;XDva358;c:\windows\system32\XDva358.sys [x]
R3 XDva359;XDva359;c:\windows\system32\XDva359.sys [x]
R3 XDva361;XDva361;c:\windows\system32\XDva361.sys [x]
R3 XDva362;XDva362;c:\windows\system32\XDva362.sys [x]
R3 XDva370;XDva370;c:\windows\system32\XDva370.sys [x]
R3 XDva379;XDva379;c:\windows\system32\XDva379.sys [x]
R3 XDva382;XDva382;c:\windows\system32\XDva382.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-04-29 64512]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-01 691696]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-02 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-08-26 04:11]
.
2011-05-29 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2010-07-09 01:08]
.
2011-05-20 c:\windows\Tasks\HPCeeScheduleForWilliam.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2007-11-13 19:58]
.
2011-06-01 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2011-05-12 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2011-05-29 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-08-07 08:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=81&bd=Presario&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Download ALL with IDA
IE: Download remotely with IDA
IE: Download with IDA
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}
LSP: c:\windows\system32\wpclsp.dll
LSP: mswsock.dll
TCP: DhcpNameServer = 211.29.152.116 198.142.0.51 211.29.132.12
FF - ProfilePath - c:\users\William\AppData\Roaming\Mozilla\Firefox\Profiles\owvv43w0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com.au
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-{650BE2A4-3A6F-6C69-69E0-9BB14349172E} - c:\users\William\AppData\Roaming\Efuqok\tyexa.exe
SafeBoot-25481015.sys
SafeBoot-MsMpSvc
.
.
.
**************************************************************************
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\.smb]
"ImagePath"="\*"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2246853073-2034409028-415395374-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{796562E3-8B6B-6B71-9356-E198764F19F3}*]
"famclbajicpl"=hex:66,61,6c,6f,62,64,6a,69,6b,63,70,6c,00,ff
.
[HKEY_USERS\S-1-5-21-2246853073-2034409028-415395374-1003\Software\SecuROM\License information*]
"datasecu"=hex:2a,e3,27,ef,d9,13,1f,d5,9a,98,bb,eb,b4,03,f2,a8,9a,eb,20,4f,6e,
   3f,38,5a,4d,9d,86,5c,8b,d3,94,21,5f,a3,a3,ea,d4,1a,06,0e,a8,f0,9d,75,d9,95,\
"rkeysecu"=hex:77,3a,a8,a7,7f,6c,7e,2e,17,5a,c7,51,f2,45,da,df
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\windows\system32\lxczcoms.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\windows\ehome\ehmsas.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\Apntex.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
c:\windows\system32\WerFault.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2011-06-02  16:13:41 - machine was rebooted
ComboFix-quarantined-files.txt  2011-06-02 06:13
.
Pre-Run: 16,625,184,768 bytes free
Post-Run: 20,904,386,560 bytes free
.
- - End Of File - - D64C6C1C6A2DD9EC6D43C28DDEC5EC2D



SIDENOTE:
After I finished the scan, nothing worked, not even explorer.exe
It always said something about this process running on a registry key marked for deletion.
I tried to reboot it again, and then it was fine.



New HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:44:08 PM, on 2/06/2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19048)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Mouse Driver\MouseDrv.exe
C:\WINDOWS\System32\wpcumi.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=81&bd=Presario&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: wit for ie - {75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Prize Live Toolbar BHO - {a4d3eb65-a437-449e-b7ef-203afb312f46} - mscoree.dll (file missing)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Prize Live Toolbar - {594d6baf-faa1-4ff1-beff-e4f1674c22c5} - mscoree.dll (file missing)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Mouse Driver\MouseDrv.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - (no file)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - (no file)
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.23.0.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://service.futuremark.com/openapi/receivers/FMSI.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: lxcz_device -   - C:\Windows\system32\lxczcoms.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SophosCleanupTool - Sophos Group - C:\Program Files\Sophos\Sophos confic-a Cleanup Tool\service.sys
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11496 bytes





My computer is doing okay, but I get this security client message on startup with error code: 0x8007064e

The blue screens have generally stopped I think, I used to get like once every few hours.

I'll re-run the MalwareBytes scan soon. I updated to new one. Sorry about the inconvenience. Thanks for all your help so far, I couldn't have done anything without you. =)


----------



## mushyme8 (Jun 2, 2011)

Ah wait, forgot to mention. I think the redirect problem is still here.


----------



## johnb35 (Jun 2, 2011)

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box


```
Driver::
XDva358
XDva359
XDva361
XDva362
XDva370
XDva379
XDva382
MpKsl212f0f8f
MpKsl330ab594

Folder::
c:\users\William\AppData\Roaming\Efuqok
c:\users\William\AppData\Roaming\Iqir
```


3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!







ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.



Then navigate to C:\qoobox and in that folder will be a file named "add-remove programs.txt"  Please open that file and then copy and paste the contents in your next reply.


----------



## mushyme8 (Jun 3, 2011)

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6758

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19048

3/06/2011 7:55:12 PM
mbam-log-2011-06-03 (19-55-12).txt

Scan type: Quick scan
Objects scanned: 172778
Time elapsed: 5 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




That was an updated version of MalwareBytes. Following your new instructions now.


----------



## mushyme8 (Jun 3, 2011)

New ComboFix log (after downloading again)


ComboFix 11-06-03.02 - William 03/06/2011  20:16:37.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.61.1033.18.2037.1007 [GMT 10:00]
Running from: c:\users\William\ComboFix.exe
Command switches used :: c:\users\William\Downloads\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\William\AppData\Roaming\Efuqok
c:\users\William\AppData\Roaming\Iqir
c:\users\William\ComboFix.exe
c:\users\William\Minecraft_Server.exe
.
Infected copy of c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe was found and disinfected 
Restored copy from - c:\windows\winsxs\x86_infocard_b77a5c561934e089_6.0.6000.20864_none_b4e76b3f31dd2ea8\infocard.exe 
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MPKSL212F0F8F
-------\Legacy_MPKSL330AB594
-------\Legacy_XDVA358
-------\Legacy_XDVA359
-------\Legacy_XDVA361
-------\Legacy_XDVA362
-------\Legacy_XDVA370
-------\Legacy_XDVA379
-------\Legacy_XDVA382
-------\Service_MpKsl212f0f8f
-------\Service_MpKsl330ab594
-------\Service_XDva358
-------\Service_XDva359
-------\Service_XDva361
-------\Service_XDva362
-------\Service_XDva370
-------\Service_XDva379
-------\Service_XDva382
.
.
(((((((((((((((((((((((((   Files Created from 2011-05-03 to 2011-06-03  )))))))))))))))))))))))))))))))
.
.
2030-08-29 13:22 . 2030-08-29 13:22	56832	------w-	c:\windows\system32\iyvu9_32.dll
2030-08-29 13:22 . 2030-08-29 13:22	143872	------w-	c:\windows\system32\iacenc.dll
2011-06-03 10:32 . 2011-06-03 10:32	--------	d-----w-	c:\users\Mcx1\AppData\Local\temp
2011-06-03 10:32 . 2011-06-03 10:32	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-06-02 13:16 . 2011-06-02 13:21	--------	d-----w-	c:\users\William\world
2011-06-01 12:45 . 2011-06-01 12:45	388096	----a-r-	c:\users\William\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-01 12:45 . 2011-06-01 12:45	--------	d-----w-	c:\program files\Trend Micro
2011-06-01 12:40 . 2011-06-01 12:40	1402880	----a-w-	c:\users\William\HiJackThis.msi
2011-05-31 13:44 . 2011-05-31 13:59	--------	dc----w-	C:\WINSSLog
2011-05-29 11:19 . 2011-05-29 11:19	--------	d-----w-	c:\users\William\AppData\Roaming\NCH Swift Sound
2011-05-29 11:19 . 2011-05-29 11:19	--------	d-----w-	c:\programdata\NCH Swift Sound
2011-05-29 11:19 . 2011-05-29 11:19	--------	d-----w-	c:\program files\NCH Swift Sound
2011-05-26 15:22 . 2009-09-04 07:29	453456	----a-w-	c:\windows\system32\d3dx10_42.dll
2011-05-26 15:22 . 2009-09-04 07:29	1892184	----a-w-	c:\windows\system32\D3DX9_42.dll
2011-05-26 15:22 . 2011-05-26 15:22	--------	d-----w-	c:\windows\system32\xlive
2011-05-26 15:22 . 2011-05-27 17:03	--------	d-----w-	c:\program files\Microsoft Games for Windows - LIVE
2011-05-26 15:18 . 2011-05-26 15:18	--------	d-----w-	c:\program files\Microsoft Synchronization Services
2011-05-26 15:18 . 2011-05-26 15:20	188128	----a-w-	c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2011-05-26 15:15 . 2011-05-26 15:15	--------	d-----w-	c:\program files\Microsoft Help Viewer
2011-05-26 15:15 . 2011-05-26 15:20	--------	d-----w-	c:\program files\Microsoft Visual Studio 10.0
2011-05-26 15:15 . 2011-05-26 15:15	--------	d-----w-	c:\program files\Microsoft SDKs
2011-05-26 15:05 . 2008-11-13 02:28	2560	----a-w-	c:\windows\system32\msimsg.dll
2011-05-26 15:05 . 2008-11-13 04:50	332800	----a-w-	c:\windows\system32\msihnd.dll
2011-05-26 15:05 . 2008-11-13 04:50	2241536	----a-w-	c:\windows\system32\msi.dll
2011-05-26 15:05 . 2008-11-13 04:50	16384	----a-w-	c:\windows\system32\msisip.dll
2011-05-26 15:05 . 2008-11-13 04:49	73216	----a-w-	c:\windows\system32\msiexec.exe
2011-05-26 13:22 . 2010-02-04 00:01	74072	----a-w-	c:\windows\system32\XAPOFX1_4.dll
2011-05-26 13:22 . 2010-02-04 00:01	528216	----a-w-	c:\windows\system32\XAudio2_6.dll
2011-05-26 13:22 . 2010-02-04 00:01	238936	----a-w-	c:\windows\system32\xactengine3_6.dll
2011-05-26 13:22 . 2010-02-04 00:01	22360	----a-w-	c:\windows\system32\X3DAudio1_7.dll
2011-05-26 13:22 . 2009-03-09 05:27	4178264	----a-w-	c:\windows\system32\D3DX9_41.dll
2011-05-26 13:22 . 2007-04-04 08:53	81768	----a-w-	c:\windows\system32\xinput1_3.dll
2011-05-26 13:22 . 2007-03-12 06:42	3495784	----a-w-	c:\windows\system32\d3dx9_33.dll
2011-05-26 13:22 . 2011-05-26 13:22	--------	d-----w-	c:\program files\Microsoft XNA
2011-05-25 12:53 . 2011-05-25 12:53	--------	d-----w-	c:\program files\CoffeeTycoon_at
2011-05-21 17:17 . 2010-07-01 07:49	--------	d-----w-	c:\program files\CyberLink - Copy
2011-05-20 23:29 . 2011-05-20 23:29	15876	----a-w-	c:\users\William\BACKUP.reg
2011-05-19 13:06 . 2011-05-09 20:46	6962000	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7FE6847E-BDFE-48DA-9CA7-263695E18961}\mpengine.dll
2011-05-11 12:24 . 2011-05-11 12:24	507392	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{2E3A551E-016C-410B-B975-B108E7B6BD7E}-Gen v1.22.4.exe
2011-05-11 07:53 . 2011-05-11 07:53	--------	d-----w-	c:\users\William\AppData\Local\Geckofx
2011-05-11 07:51 . 2011-05-11 07:51	--------	d-----w-	c:\program files\AviSynth 2.5
2011-05-11 07:49 . 2011-05-11 07:49	--------	d-----w-	c:\program files\Red Kawa
2011-05-11 05:12 . 2011-04-07 12:01	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-05-09 13:14 . 2011-05-09 12:52	16432	----a-w-	c:\windows\system32\lsdelete.exe
2011-05-09 12:52 . 2011-05-09 12:52	98392	----a-w-	c:\windows\system32\drivers\SBREDrv.sys
2011-05-09 12:47 . 2011-04-29 02:12	64512	----a-w-	c:\windows\system32\drivers\Lbd.sys
2011-05-09 12:47 . 2011-05-09 12:47	--------	d-----w-	c:\program files\Lavasoft
2011-05-09 12:47 . 2011-05-09 12:47	--------	d-----w-	c:\programdata\Lavasoft
2011-05-08 21:42 . 2011-05-08 21:42	781272	----a-w-	c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-08 21:42 . 2011-05-08 21:42	1874904	----a-w-	c:\program files\Mozilla Firefox\mozjs.dll
2011-05-08 21:42 . 2011-05-08 21:42	89048	----a-w-	c:\program files\Mozilla Firefox\libEGL.dll
2011-05-08 21:42 . 2011-05-08 21:42	465880	----a-w-	c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-08 21:42 . 2011-05-08 21:42	1892184	----a-w-	c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-08 21:42 . 2011-05-08 21:42	15832	----a-w-	c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-08 21:42 . 2011-05-08 21:42	142296	----a-w-	c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-08 21:42 . 2011-05-08 21:42	1974616	----a-w-	c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-06 10:27 . 2009-05-18 03:17	26600	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2011-05-06 10:27 . 2008-04-17 02:12	107368	----a-w-	c:\windows\system32\GEARAspi.dll
2011-05-06 10:26 . 2011-05-06 10:26	--------	d-----w-	c:\program files\iPod
2011-05-06 10:26 . 2011-05-06 10:27	--------	d-----w-	c:\program files\iTunes
2011-05-06 10:24 . 2011-05-06 10:24	--------	d-----w-	c:\program files\Bonjour
2011-05-05 05:57 . 2011-06-02 13:00	--------	d-----w-	c:\windows\system32\world
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-01 12:26 . 2010-08-11 06:04	194560	----a-w-	c:\windows\system32\drivers\usbhub.sys
2011-05-31 13:20 . 2011-03-10 20:46	133120	----a-w-	c:\windows\system32\drivers\smb.sys
2011-05-28 23:11 . 2011-03-10 13:22	39984	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-28 23:11 . 2011-03-10 13:22	22712	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-05-01 06:59 . 2010-07-09 12:04	22528	----a-w-	c:\windows\system32\drivers\nhcDriver.sys
2011-04-29 13:15 . 2011-04-29 13:16	439632	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{963A4107-8B32-499C-9B9E-186152C974C2}\gapaengine.dll
2011-04-14 07:47 . 2011-04-14 07:47	86016	----a-w-	c:\windows\system32\frapsvid.dll
2011-04-10 14:04 . 2011-04-30 11:58	7071056	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-09 08:55 . 2011-04-09 08:55	15453336	----a-w-	c:\windows\system32\xlive.dll
2011-04-09 08:55 . 2011-04-09 08:55	13642904	----a-w-	c:\windows\system32\xlivefnt.dll
2011-04-06 06:20 . 2011-04-06 06:20	91424	----a-w-	c:\windows\system32\dnssd.dll
2011-04-06 06:20 . 2011-04-06 06:20	107808	----a-w-	c:\windows\system32\dns-sd.exe
2011-03-10 21:06 . 2006-11-02 10:32	101888	----a-w-	c:\windows\system32\ifxcardm.dll
2011-03-10 21:06 . 2006-11-02 10:32	82432	----a-w-	c:\windows\system32\axaltocm.dll
2011-03-10 16:12 . 2011-04-28 13:50	1161728	----a-w-	c:\windows\system32\mfc42u.dll
2011-03-10 16:12 . 2011-04-28 13:50	1136640	----a-w-	c:\windows\system32\mfc42.dll
2011-03-09 11:50 . 2011-03-09 11:50	65536	----a-r-	c:\users\William\AppData\Roaming\Microsoft\Installer\{2c557f98-ef74-4a1e-a856-9df2f633b41f}\gui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2011-03-09 11:50 . 2011-03-09 11:50	65536	----a-r-	c:\users\William\AppData\Roaming\Microsoft\Installer\{2c557f98-ef74-4a1e-a856-9df2f633b41f}\gui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2011-03-09 11:50 . 2011-03-09 11:50	65536	----a-r-	c:\users\William\AppData\Roaming\Microsoft\Installer\{2c557f98-ef74-4a1e-a856-9df2f633b41f}\ARPPRODUCTICON.exe
2011-05-08 21:42 . 2011-05-08 21:42	142296	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 01:51	3911776	----a-w-	c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 01:51	3911776	----a-w-	c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-10-24 212992]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-28 202032]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-01 181544]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-14 222504]
"CreativeMouse "="c:\program files\Mouse Driver\MouseDrv.exe" [2004-06-27 503808]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-26 15:22	421160	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TouchFreeze]
2005-04-29 05:15	45056	----a-w-	c:\program files\TouchFreeze\TouchFreeze.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 apf001;apf001;c:\program files\SoftnyxGame\WolfTeamIS\apf001.sys [x]
R3 cpuz130;cpuz130; [x]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2010-08-03 23456]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-04-29 15232]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-03-23 3425416]
R3 SophosCleanupTool;SophosCleanupTool;c:\program files\Sophos\Sophos confic-a Cleanup Tool\service.sys [2010-03-01 148720]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-04-29 64512]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-01 691696]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-05-16 2151128]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-03 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-08-26 04:11]
.
2011-05-20 c:\windows\Tasks\HPCeeScheduleForWilliam.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2007-11-13 19:58]
.
2011-06-03 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2011-05-12 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=81&bd=Presario&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Download ALL with IDA
IE: Download remotely with IDA
IE: Download with IDA
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}
LSP: c:\windows\system32\wpclsp.dll
LSP: mswsock.dll
TCP: Interfaces\{175B7B6F-94E1-4DEF-836C-B34ED41AC5D3}: NameServer = 211.29.152.116,211.29.132.12
FF - ProfilePath - c:\users\William\AppData\Roaming\Mozilla\Firefox\Profiles\owvv43w0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com.au
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-03 20:35
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\.smb]
"ImagePath"="\*"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PEVSystemStart]
"ImagePath"="\"c:\combofix\pev.cfxxe\" EXEC /i \"c:\combofix\REGT.cfxxe\" /S \"c:\combofix\erunt.dat\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2246853073-2034409028-415395374-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{796562E3-8B6B-6B71-9356-E198764F19F3}*]
"famclbajicpl"=hex:66,61,6c,6f,62,64,6a,69,6b,63,70,6c,00,ff
.
[HKEY_USERS\S-1-5-21-2246853073-2034409028-415395374-1003\Software\SecuROM\License information*]
"datasecu"=hex:2a,e3,27,ef,d9,13,1f,d5,9a,98,bb,eb,b4,03,f2,a8,9a,eb,20,4f,6e,
   3f,38,5a,4d,9d,86,5c,8b,d3,94,21,5f,a3,a3,ea,d4,1a,06,0e,a8,f0,9d,75,d9,95,\
"rkeysecu"=hex:77,3a,a8,a7,7f,6c,7e,2e,17,5a,c7,51,f2,45,da,df
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\windows\system32\lxczcoms.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
c:\windows\system32\wermgr.exe
.
**************************************************************************
.
Completion time: 2011-06-03  20:44:59 - machine was rebooted
ComboFix-quarantined-files.txt  2011-06-03 10:44
ComboFix2.txt  2011-06-02 06:13
.
Pre-Run: 20,683,522,048 bytes free
Post-Run: 20,428,734,464 bytes free
.
- - End Of File - - E135B4A689E2EECE1FBB81034FB32FA2


----------



## johnb35 (Jun 3, 2011)

It looks like you missed the last part of my last reply.  I needed you to post the contents of a file for me.  

Navigate to C:\qoobox and in that folder will be a file named "add-remove programs.txt" Please open that file and then copy and paste the contents in your next reply.


----------



## mushyme8 (Jun 5, 2011)

Sorry about that, I didn't see it =(

Here it is:

HiJackThis
Malwarebytes' Anti-Malware version 1.51.0.1200
Skype™ 5.3



I reinstalled Skype after though, it that's okay.


----------



## johnb35 (Jun 5, 2011)

That list should be a lot longer than what you posted.


----------



## mushyme8 (Jun 5, 2011)

Nope, that was it. What else is it meant to have? And that's the only add-remove program.txt file in there


----------



## johnb35 (Jun 5, 2011)

Ok, do this instead.

Open hijackthis, click on open misc tools section, click on open uninstall manager, click on save list and save it.  Then copy and paste the contents of that log back here.  

I want to see if this log matches the combofix uninstall log.


----------



## mushyme8 (Jun 5, 2011)

HiJackThis
Malwarebytes' Anti-Malware version 1.51.0.1200




Also remember, I reinstalled Skype.


----------



## johnb35 (Jun 5, 2011)

Try running this microsoft fix it tool and see if it fixes anything.  This should fix the firewall issue and possibly the security center.

http://support.microsoft.com/kb/943996


----------



## mushyme8 (Jun 5, 2011)

I tried running and it said:


Fix it troubleshooting cannot continue because an error occured.

This troubleshooter doesn't apply to this computer.



I don't know what to do now, so I went through the Windows security services and recorded the error messages.

The error messages I get:


Windows Security Center:

- Only Automatic Updating is turned on.

- If I try turn on Windows Firewall: Security Center can't turn on Windows Firewall. (Then there is a link for: Turn on Windows Firewall manually)

- Under Malware Protection, When I click 'Turn on Now' next to Windows Defender, it states: Security Center can't turn on Windows Defender. Please try again later.


Windows Firewall:

- There is a warning sign with: Windows Firewall is not using the recommended settings to protect your computer. (Then there is a link for: What are the recommended settings?)

- If I click 'Update settings now' next to that message, it says: Windows Firewall was unable to make the requested updates.

- If I click 'Turn Windows Firewall On or Off' or 'Allow a program through Windows Firewall' on the left sidebar, it says: Due to an unidentified problem, Windows cannot display Windows Firewall settings.


Microsoft Security Essentials:

-If I try to start the program, I get an error message from Microsoft Security Client saying: An error has occurred in your program. Try to open it again. If this problem continues, you'll need to reinstall Microsoft Security Client. Error Code: 0x8007064e


Windows Defender:

-When I start, it says: Windows Defender is turned off. Windows Defender won't provide protection against harmful or potentially unwanted software and it won't send you alerts because it is off. To help protect your computer against harmful or potentially unwanted software, (link starts) Turn on and open Windows Defender. 

- When I click the link, I get this: Windows Defender encountered an error: 0x80070424. The specified service does not exist as an installed service.



If you need any more error messages from my programs, please request it.


----------



## mushyme8 (Jun 8, 2011)

What Should I do now? All the error messages are listed above. I thought they might help.


----------



## Okedokey (Jun 8, 2011)

Save your files and reinstall.  Anything else is a waste of time inho.


----------



## JeanAHough (Jul 6, 2011)

Hi mushyme,

This type of problem usually occurs when setup d3dx9_42.dll is missing from your computer. This dll file can be downloaded from here. 
http://www.d3dx9.net/download-missing-d3dx9_42-dll/
Download it and then extract the downloaded zip file to the Windows System32 folder, which is located in Windows Drive.


----------

