Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

lucasggg

1 Message

561

August 23rd, 2011 14:00

Using ComboFix to remove malware - Problem is first solved, but returns after restarting PC

hi, I've got the "double accent" malware problem (that makes the accents to appear twice when typing with a Spanish keyboard, as in "h´´ay" or "e^^a". 

I downloaded and ran ComboFix, and right after it runs the issue is solved. But, after restarting the PC, the problem reappears...

any help would be greatly appreciated. 

here's the ComboFix log: 

 

ComboFix 11-08-23.03 - Lucas 08/23/2011   8:20.4.4 - x86Microsoft Windows 7 Professional   6.1.7600.0.1252.1.1033.18.3510.1165 [GMT -7:00]Running from: c:\users\Lucas\Desktop\ComboFix.exeAV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}FW: Trend Micro Personal Firewall *Enabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\Lucas\AppData\Local\Temp\BDiffJava.dll6683375275116756701.libc:\users\Lucas\AppData\Local\Temp\libsqlitejdbc-7543201636096532871.libc:\users\Lucas\AppData\Local\Temp\swt-gdip-win32-3448.dllc:\users\Lucas\AppData\Local\Temp\swt-win32-3448.dllc:\users\Lucas\AppData\Local\Temp\WindowsAPI.dll248451730698713579.libc:\users\Lucas\AppData\Local\Temp\WindowsFolderWatcher.dll7173677068973587066.libc:\users\Lucas\AppData\Local\Temp\WindowsZFSJNI.dll4844103669121204132.lib..(((((((((((((((((((((((((   Files Created from 2011-07-23 to 2011-08-23  )))))))))))))))))))))))))))))))..2011-08-23 16:09 . 2011-08-23 16:09 -------- d-----w- c:\users\Default\AppData\Local\temp2011-08-23 16:09 . 2011-08-23 16:09 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp2011-08-23 14:59 . 2011-08-23 14:59 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{61FD03AD-1664-45CC-B3E8-B25B161321B7}\MpKsl48f11a00.sys2011-08-22 21:18 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{61FD03AD-1664-45CC-B3E8-B25B161321B7}\mpengine.dll2011-08-22 16:38 . 2011-08-22 16:38 -------- d-----w- c:\users\Lucas\AppData\Roaming\com.skinkers.aa2011-08-22 16:38 . 2011-08-22 16:38 -------- d-----w- c:\program files\AA2011-08-18 16:25 . 2011-05-13 00:32 82696 ----a-w- c:\windows\system32\lmdimon8.dll2011-08-18 16:25 . 2011-05-13 00:32 82184 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lmdippr8.dll2011-08-18 16:24 . 2011-08-18 16:24 -------- d-----w- c:\programdata\Applications2011-08-12 15:04 . 2011-03-15 16:29 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E88CDDC5-837B-43CE-8126-A67F28909EBA}\gapaengine.dll2011-08-09 18:04 . 2011-08-09 18:04 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll2011-08-08 20:40 . 2011-08-08 20:40 -------- d-----w- c:\users\Lucas\AppData\Roaming\com.kicksend.Kicksend2011-08-08 20:32 . 2011-08-08 20:32 -------- d-----w- c:\program files\Kicksend2011-07-29 23:46 . 2011-07-29 23:46 -------- d-----w- c:\program files\TweetDeck...((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-08-23 15:00 . 2010-11-18 23:25 0 ----a-w- c:\users\Lucas\AppData\Local\WavXMapDrive.bat2011-08-16 15:46 . 2011-05-19 15:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-08-12 02:44 . 2011-03-15 16:29 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2011-07-12 18:20 . 2011-07-12 18:20 83816 ----a-w- c:\windows\system32\dns-sd.exe2011-07-12 18:20 . 2011-07-12 18:20 73064 ----a-w- c:\windows\system32\dnssd.dll2011-07-12 18:20 . 2011-07-12 18:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll2011-07-12 18:20 . 2011-07-12 18:20 178536 ----a-w- c:\windows\system32\dnssdX.dll2011-07-07 02:52 . 2011-07-13 18:29 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-07-07 02:52 . 2011-07-13 18:29 22712 ----a-w- c:\windows\system32\drivers\mbam.sys2011-07-06 01:37 . 2011-07-06 01:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx2011-07-06 01:37 . 2011-07-06 01:37 69632 ----a-w- c:\windows\system32\QuickTime.qts2011-06-11 02:37 . 2011-07-13 15:38 2332672 ----a-w- c:\windows\system32\win32k.sys2011-06-07 15:55 . 2011-07-14 17:41 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll2011-08-16 15:31 . 2011-04-19 23:22 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll..(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-01-21 213816].[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}][HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1][HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}][HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]2010-09-08 03:16 754176 ----a-w- c:\program files\ZumoDrive\ShellExt.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]2010-09-08 03:16 754176 ----a-w- c:\program files\ZumoDrive\ShellExt.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]2010-09-08 03:16 754176 ----a-w- c:\program files\ZumoDrive\ShellExt.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]2010-09-08 03:16 754176 ----a-w- c:\program files\ZumoDrive\ShellExt.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]2010-09-08 03:16 754176 ----a-w- c:\program files\ZumoDrive\ShellExt.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2010-10-06 23:36 94208 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2010-10-06 23:36 94208 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2010-10-06 23:36 94208 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]2010-03-29 18:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]2011-06-01 20:45 319488 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]2011-06-01 20:45 319488 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]@="{A759AFF6-5851-457D-A540-F4ECED148351}"[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]2011-06-01 20:45 319488 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]2011-06-01 20:45 319488 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]2010-03-29 18:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-11-05 6174008]"SugarSync"="c:\program files\SugarSync\SugarSyncManager.exe" [2011-06-01 16007168]"googletalk"="c:\users\Lucas\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]"ZumoDrive"="c:\program files\ZumoDrive\ZumoLauncher.lnk" [2010-11-19 1832]"PTIM.exe"="c:\program files\WebEx\Productivity Tools\PTIM.exe" [2011-05-25 405816]"MusicManager"="c:\users\Lucas\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2011-06-15 12817920]"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-07-29 17361032].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-06-04 292208]"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-05-26 495708]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-26 141848]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-26 175640]"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-26 169496]"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-02 5249024]"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2010-07-21 147840]"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-06-22 34232]"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-03-12 462993]"OfficeScanNT Monitor"="c:\program files\Trend Micro\Client Server Security Agent\pccntmon.exe" [2010-06-25 1099088]"lxeamon.exe"="c:\program files\Lexmark S300-S400 Series\lxeamon.exe" [2010-05-05 770728]"EzPrint"="c:\program files\Lexmark S300-S400 Series\ezprint.exe" [2010-05-05 148280]"HP Input Device Main Program"="c:\program files\Hewlett-Packard\HP Wireless Comfort Desktop\TSR\xDaemon.exe" [2008-10-17 356352]"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2011-01-26 3270072]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 1808784]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-20 421736]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584].c:\users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\Lucas\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2011-2-16 967168]ZangZing.lnk - c:\users\Lucas\AppData\Roaming\ZangZing\run\current\ZangZingW.exe [2011-7-6 97280].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2010-8-24 1458032]Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]RescueTime.lnk - c:\program files\RescueTime\RescueTime.exe [2011-5-31 2512896]Sizer.lnk - c:\program files\Sizer\sizer.exe [2011-1-22 23040]Snagit 10.lnk - c:\program files\TechSmith\Snagit 10\Snagit32.exe [2010-4-13 7046984]TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2010-3-29 132456].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver".[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]2011-07-20 01:29 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe.R1 MpKsl16e4e27f;MpKsl16e4e27f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{20625AFE-3108-4E91-9504-E5664DADD671}\MpKsl16e4e27f.sys R1 MpKsl1e5e8798;MpKsl1e5e8798;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0C521006-E39D-4A5E-97E1-65C752EB1BFA}\MpKsl1e5e8798.sys R1 MpKsl23b657b5;MpKsl23b657b5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5CB7BD5E-3794-44B2-804F-1ABE4500236F}\MpKsl23b657b5.sys R1 MpKsl4c165409;MpKsl4c165409;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7BE6954D-0EA6-466B-BA65-70ECC52BD308}\MpKsl4c165409.sys R1 MpKsl585b162c;MpKsl585b162c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{55EB5223-2467-44A1-8FD5-C1B8F313E1EA}\MpKsl585b162c.sys R1 MpKsl70447df1;MpKsl70447df1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FC5FC7A0-A980-45F9-B01F-C7F4CB4ADC4C}\MpKsl70447df1.sys R1 MpKsl71abf7e5;MpKsl71abf7e5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ADCCA634-D617-44E5-BC32-4E8A3992BA58}\MpKsl71abf7e5.sys R1 MpKsl82ffc0ad;MpKsl82ffc0ad;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0E19598F-2EEA-4910-BAAB-669E643E77A7}\MpKsl82ffc0ad.sys R1 MpKsl917a4c75;MpKsl917a4c75;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6D416798-9D4C-4AB6-A818-822CDC3B09D4}\MpKsl917a4c75.sys R1 MpKsl937989be;MpKsl937989be;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E8981649-CD35-4120-8563-F692C42753B4}\MpKsl937989be.sys R1 MpKslb2f72e5a;MpKslb2f72e5a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{118D0446-5716-484D-B7EB-E001520905F3}\MpKslb2f72e5a.sys R1 MpKslc555a735;MpKslc555a735;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C1029AB5-748B-4A0F-98BD-7225C71EFF55}\MpKslc555a735.sys R1 MpKslc55ddf20;MpKslc55ddf20;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A6850C66-1524-4E1C-B8EB-4F3C6DA39A92}\MpKslc55ddf20.sys R1 MpKsld14a88bf;MpKsld14a88bf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EB1BBE5B-0B10-466C-8E24-4D150208DC0E}\MpKsld14a88bf.sys R1 MpKsld186765c;MpKsld186765c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0C521006-E39D-4A5E-97E1-65C752EB1BFA}\MpKsld186765c.sys R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-19 136176]R2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxeaserv.exe [2010-04-15 193192]R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-19 136176]R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 25112]R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-13 30576]R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]R3 P0870Dev;Creative WebCam Live! Motion;c:\windows\system32\DRIVERS\P0870Dev.sys [2007-04-20 172544]R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2010-03-21 48640]R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2010-03-21 38912]R3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\Trend Micro\Client Server Security Agent\TmProxy.exe [2009-07-15 689416]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-19 1343400]R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdfltn.sys [2010-01-18 17072]S1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2010-09-08 147416]S1 MpKsl48f11a00;MpKsl48f11a00;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{61FD03AD-1664-45CC-B3E8-B25B161321B7}\MpKsl48f11a00.sys [2011-08-23 28752]S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2009-07-15 146448]S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2010-05-26 81920]S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2010-05-10 1803584]S2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2009-11-05 114688]S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2010-08-24 388464]S2 InstallFilterService;FF Install Filter Service;c:\program files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [2010-01-10 60928]S2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe [2010-04-15 598696]S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640]S2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-04-02 67400]S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2010-03-21 59904]S2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2010-07-05 45056]S2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2010-05-11 230928]S2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\Client Server Security Agent\TmPreFlt.sys [2010-05-11 36368]S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2009-07-15 283152]S2 wordpressApache;wordpressApache;c:\progra~1\BITNAM~1\apache2\bin\httpd.exe [2010-10-17 20549]S2 wordpressMySQL;wordpressMySQL;c:\program files\BitNami WordPress Stack\mysql\bin\mysqld.exe [2011-02-12 6107136]S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-01-18 42672]S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-09-16 144576]S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-04-12 45464]S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 132480]S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 232960]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-07 22712]S3 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys S3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files\Trend Micro\Client Server Security Agent\TmPfw.exe [2009-07-15 497008]S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]..[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12HPService REG_MULTI_SZ   HPSLPSVChpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc.Contents of the 'Scheduled Tasks' folder.2011-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-28 17:27].2011-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-28 17:27].2011-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3436545362-303916665-3483103327-1000Core.job- c:\users\Lucas\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-19 17:27].2011-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3436545362-303916665-3483103327-1000UA.job- c:\users\Lucas\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-19 17:27]..------- Supplementary Scan -------.uStart Page = hxxp://www.bing.com/mStart Page = hxxp://www.yahoo.com/?fr=fp-tyc8uInternet Settings,ProxyOverride = *.localIE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000IE: LastPass - file://c:\program files\LastPass\context.html?cmd=lastpassIE: LastPass Fill Forms - file://c:\program files\LastPass\context.html?cmd=fillformsIE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htmIE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htmIE: { {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\Evernote\Evernote\EvernoteIE.dll/204TCP: DhcpNameServer = 192.168.10.1FF - ProfilePath - c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\hzmbu6d9.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - hxxp://us.yahoo.comFF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=63323&p=FF - user.js: yahoo.ytff.general.dontshowhpoffer - true.- - - - ORPHANS REMOVED - - - -.WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsDepSvc]"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'Explorer.exe'(2284)c:\program files\ZumoDrive\ShellExt.dllc:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dllc:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll.------------------------ Other Running Processes ------------------------.c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exec:\program files\IDT\WDM\STacSV.exec:\program files\Dell\DW WLAN Card\WLTRYSVC.EXEc:\windows\system32\WLANExt.exec:\windows\system32\conhost.exec:\program files\Dell\DW WLAN Card\bcmwltry.exec:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exec:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files\Bonjour\mDNSResponder.exec:\program files\Microsoft LifeCam\MSCamS32.exec:\program files\Trend Micro\Client Server Security Agent\ntrtscan.exec:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exec:\windows\system32\wbem\unsecapp.exec:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exec:\program files\Trend Micro\Client Server Security Agent\tmlisten.exec:\program files\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exec:\windows\system32\conhost.exec:\program files\Trend Micro\BM\TMBMSRV.exec:\program files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exec:\windows\system32\conhost.exec:\windows\system32\taskhost.exec:\program files\Google\Update\1.3.21.65\GoogleCrashHandler.exec:\windows\system32\conhost.exec:\program files\Windows Media Player\wmpnetwk.exec:\windows\system32\sppsvc.exe.**************************************************************************.Completion time: 2011-08-23  09:38:08 - machine was rebootedComboFix-quarantined-files.txt  2011-08-23 16:38ComboFix2.txt  2011-08-04 18:43.Pre-Run: 96,317,173,760 bytes freePost-Run: 95,801,176,064 bytes free.- - End Of File - - F1500F08F67C11B41BF0C7926AC4EC32

No Responses!

Was this post helpful?

View All

No Events found!

Top