Author Topic: [Inactive] Reinstalled windows -- is my system cleaned? (Read 1044 times)

nadavr · « **on:** January 25, 2012, 10:00:56 PM »

I was advised on this forum to reinstall windows on my computer. I did so. I ran the DDS tool on the (hopefully) clean computer. Below are the logs. Has the malware been succesfully removed?

Thanks for your help.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Nadav at 22:56:18 on 2012-01-25
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3062.1458 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\OEM04Mon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\Nadav\AppData\Roaming\Spotify\spotify.exe
C:\Users\Nadav\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\Nadav\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nadav\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nadav\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nadav\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Nadav\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Users\Nadav\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nadav\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\ATH.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\system32\conhost.exe
C:\Users\Nadav\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nadav\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uRun: [Google Update] "c:\users\nadav\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Spotify] "c:\users\nadav\appdata\roaming\spotify\Spotify.exe" /uri spotify:autostart
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [OEM04Mon.exe] c:\windows\OEM04Mon.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KeePass 2 PreLoad] "c:\program files\keepass password safe 2\KeePass.exe" --preload
StartupFolder: c:\users\nadav\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\nadav\appdata\roaming\dropbox\bin\Dropbox.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{59251135-C0AD-41C7-8942-995BAB24449B} : DhcpNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
Hosts: 0.0.0.0
Hosts: 0 text file
Hosts: 0 old macs
Hosts: 255.255.255.255   broadcasthost
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 OEM04Vfx;Creative Camera OEM004 Video VFX Driver;c:\windows\system32\drivers\OEM04Vfx.sys [2007-3-5 7424]
R3 OEM04Vid;Creative Camera OEM004 Driver;c:\windows\system32\drivers\OEM04Vid.sys [2007-10-10 234720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-11 62464]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-1-22 1343400]
.
=============== Created Last 30 ================
.
2012-01-25 04:51:34   6557240   ----a-w-   c:\programdata\microsoft\microsoft antimalware\definition updates\{32d5f691-7589-499d-9cc1-3a471529088a}\mpengine.dll
2012-01-24 13:04:30   6557240   ----a-w-   c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-01-24 04:18:09   --------   d-----w-   c:\users\nadav\appdata\roaming\KeePass
2012-01-24 04:07:19   --------   d-----r-   c:\users\nadav\Dropbox
2012-01-24 04:05:35   --------   d-----w-   c:\program files\KeePass Password Safe 2
2012-01-24 04:02:56   --------   d-----w-   c:\users\nadav\appdata\roaming\Dropbox
2012-01-24 04:00:33   --------   d-----w-   c:\program files\VideoLAN
2012-01-24 03:58:19   --------   d-----w-   c:\program files\uTorrent
2012-01-24 03:57:47   --------   d-----w-   c:\users\nadav\appdata\roaming\uTorrent
2012-01-24 03:42:35   --------   d-----w-   c:\users\nadav\appdata\local\Spotify
2012-01-24 03:41:44   --------   d-----w-   c:\users\nadav\appdata\roaming\Spotify
2012-01-24 03:35:48   --------   d-----w-   C:\Python27
2012-01-24 03:18:36   --------   d-----w-   c:\users\nadav\appdata\local\Apple Computer
2012-01-24 03:18:32   26600   ----a-w-   c:\windows\system32\drivers\GEARAspiWDM.sys
2012-01-24 03:18:32   107368   ----a-w-   c:\windows\system32\GEARAspi.dll
2012-01-24 03:17:51   --------   d-----w-   c:\program files\iPod
2012-01-24 03:17:50   --------   d-----w-   c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-01-24 03:17:50   --------   d-----w-   c:\program files\iTunes
2012-01-24 03:17:23   --------   d-----w-   c:\users\nadav\appdata\local\Apple
2012-01-24 03:16:51   --------   d-----w-   c:\program files\Bonjour
2012-01-23 04:16:19   703824   ------w-   c:\programdata\microsoft\microsoft antimalware\definition updates\{45a92a87-2460-4327-a020-d49c6b084f84}\gapaengine.dll
2012-01-23 04:12:38   --------   d-sh--w-   c:\windows\Installer
2012-01-23 04:12:37   --------   d-----w-   c:\program files\Microsoft Security Client
2012-01-23 04:02:05   43008   ----a-w-   c:\windows\system32\drivers\usbehci.sys
2012-01-23 04:02:04   75776   ----a-w-   c:\windows\system32\drivers\usbccgp.sys
2012-01-23 04:02:04   5888   ----a-w-   c:\windows\system32\drivers\usbd.sys
2012-01-23 04:02:04   284672   ----a-w-   c:\windows\system32\drivers\usbport.sys
2012-01-23 04:02:04   258560   ----a-w-   c:\windows\system32\drivers\usbhub.sys
2012-01-23 04:02:04   24064   ----a-w-   c:\windows\system32\drivers\usbuhci.sys
2012-01-23 04:02:04   20480   ----a-w-   c:\windows\system32\drivers\usbohci.sys
2012-01-23 04:02:00   74240   ----a-w-   c:\windows\system32\fsutil.exe
2012-01-23 04:02:00   1699328   ----a-w-   c:\windows\system32\esent.dll
2012-01-23 04:02:00   148864   ----a-w-   c:\windows\system32\drivers\storport.sys
2012-01-23 04:02:00   1211264   ----a-w-   c:\windows\system32\drivers\ntfs.sys
2012-01-23 04:01:59   80256   ----a-w-   c:\windows\system32\drivers\amdsata.sys
2012-01-23 04:01:59   332160   ----a-w-   c:\windows\system32\drivers\iaStorV.sys
2012-01-23 04:01:59   22400   ----a-w-   c:\windows\system32\drivers\amdxata.sys
2012-01-23 04:01:59   143744   ----a-w-   c:\windows\system32\drivers\nvstor.sys
2012-01-23 04:01:59   117120   ----a-w-   c:\windows\system32\drivers\nvraid.sys
2012-01-23 04:01:49   60416   ----a-w-   c:\windows\system32\drivers\BTHUSB.SYS
2012-01-23 04:01:49   393728   ----a-w-   c:\windows\system32\drivers\bthport.sys
2012-01-23 03:57:03   311808   ----a-w-   c:\windows\system32\drivers\srv.sys
2012-01-23 03:57:03   310272   ----a-w-   c:\windows\system32\drivers\srv2.sys
2012-01-23 03:57:02   114688   ----a-w-   c:\windows\system32\drivers\srvnet.sys
2012-01-23 03:57:01   338944   ----a-w-   c:\windows\system32\drivers\afd.sys
2012-01-23 03:53:10   --------   d-----w-   c:\windows\system32\Wat
2012-01-23 03:51:56   --------   d-----w-   c:\users\nadav\appdata\local\Google
2012-01-23 03:50:50   --------   d-----w-   c:\users\nadav\appdata\local\Opera
2012-01-22 00:17:48   --------   d-----w-   c:\windows\Panther
2012-01-22 00:17:33   --------   d-sh--w-   C:\Boot
2012-01-21 22:03:48   --------   d-----w-   c:\program files\Protector Suite
2012-01-21 21:50:38   31232   ----a-w-   c:\windows\system32\prevhost.exe
2012-01-21 21:43:59   28672   ----a-w-   c:\windows\system32\dnscacheugc.exe
2012-01-21 21:42:12   27008   ----a-w-   c:\windows\system32\drivers\Diskdump.sys
2012-01-21 21:38:56   219008   ----a-w-   c:\windows\system32\drivers\dxgmms1.sys
2012-01-21 21:33:55   398336   ----a-w-   c:\windows\system32\TVWizudlg.exe
2012-01-21 21:33:55   140288   ----a-w-   c:\windows\system32\igfxtvcx.dll
2012-01-21 21:33:55   --------   d-----w-   c:\windows\system32\Lang
2012-01-21 21:32:12   1002008   ----a-w-   c:\windows\system32\igxpun.exe
2012-01-21 21:32:12   --------   d-----w-   c:\windows\system32\x64
.
==================== Find3M ====================
.
2011-11-24 04:25:27   2342912   ----a-w-   c:\windows\system32\win32k.sys
2011-11-19 14:01:00   67072   ----a-w-   c:\windows\system32\packager.dll
2011-11-17 05:41:52   67440   ----a-w-   c:\windows\system32\drivers\ksecdd.sys
2011-11-17 05:41:51   134000   ----a-w-   c:\windows\system32\drivers\ksecpkg.sys
2011-11-17 05:39:24   369352   ----a-w-   c:\windows\system32\drivers\cng.sys
2011-11-17 05:38:39   1288472   ----a-w-   c:\windows\system32\ntdll.dll
2011-11-17 05:35:02   314880   ----a-w-   c:\windows\system32\webio.dll
2011-11-17 05:34:55   15872   ----a-w-   c:\windows\system32\sspisrv.dll
2011-11-17 05:34:55   100352   ----a-w-   c:\windows\system32\sspicli.dll
2011-11-17 05:34:52   224768   ----a-w-   c:\windows\system32\schannel.dll
2011-11-17 05:34:52   22016   ----a-w-   c:\windows\system32\secur32.dll
2011-11-17 05:32:51   1038848   ----a-w-   c:\windows\system32\lsasrv.dll
2011-11-17 05:29:50   22528   ----a-w-   c:\windows\system32\lsass.exe
2011-11-05 04:26:03   2048   ----a-w-   c:\windows\system32\tzres.dll
.
============= FINISH: 22:56:46.76 ===============

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Nadav at 22:56:18 on 2012-01-25
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3062.1458 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\OEM04Mon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\Nadav\AppData\Roaming\Spotify\spotify.exe
C:\Users\Nadav\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\Nadav\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nadav\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nadav\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nadav\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Nadav\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Users\Nadav\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nadav\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\ATH.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\system32\conhost.exe
C:\Users\Nadav\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nadav\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uRun: [Google Update] "c:\users\nadav\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Spotify] "c:\users\nadav\appdata\roaming\spotify\Spotify.exe" /uri spotify:autostart
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [OEM04Mon.exe] c:\windows\OEM04Mon.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KeePass 2 PreLoad] "c:\program files\keepass password safe 2\KeePass.exe" --preload
StartupFolder: c:\users\nadav\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\nadav\appdata\roaming\dropbox\bin\Dropbox.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{59251135-C0AD-41C7-8942-995BAB24449B} : DhcpNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
Hosts: 0.0.0.0
Hosts: 0 text file
Hosts: 0 old macs
Hosts: 255.255.255.255   broadcasthost
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 OEM04Vfx;Creative Camera OEM004 Video VFX Driver;c:\windows\system32\drivers\OEM04Vfx.sys [2007-3-5 7424]
R3 OEM04Vid;Creative Camera OEM004 Driver;c:\windows\system32\drivers\OEM04Vid.sys [2007-10-10 234720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-11 62464]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-1-22 1343400]
.
=============== Created Last 30 ================
.
2012-01-25 04:51:34   6557240   ----a-w-   c:\programdata\microsoft\microsoft antimalware\definition updates\{32d5f691-7589-499d-9cc1-3a471529088a}\mpengine.dll
2012-01-24 13:04:30   6557240   ----a-w-   c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-01-24 04:18:09   --------   d-----w-   c:\users\nadav\appdata\roaming\KeePass
2012-01-24 04:07:19   --------   d-----r-   c:\users\nadav\Dropbox
2012-01-24 04:05:35   --------   d-----w-   c:\program files\KeePass Password Safe 2
2012-01-24 04:02:56   --------   d-----w-   c:\users\nadav\appdata\roaming\Dropbox
2012-01-24 04:00:33   --------   d-----w-   c:\program files\VideoLAN
2012-01-24 03:58:19   --------   d-----w-   c:\program files\uTorrent
2012-01-24 03:57:47   --------   d-----w-   c:\users\nadav\appdata\roaming\uTorrent
2012-01-24 03:42:35   --------   d-----w-   c:\users\nadav\appdata\local\Spotify
2012-01-24 03:41:44   --------   d-----w-   c:\users\nadav\appdata\roaming\Spotify
2012-01-24 03:35:48   --------   d-----w-   C:\Python27
2012-01-24 03:18:36   --------   d-----w-   c:\users\nadav\appdata\local\Apple Computer
2012-01-24 03:18:32   26600   ----a-w-   c:\windows\system32\drivers\GEARAspiWDM.sys
2012-01-24 03:18:32   107368   ----a-w-   c:\windows\system32\GEARAspi.dll
2012-01-24 03:17:51   --------   d-----w-   c:\program files\iPod
2012-01-24 03:17:50   --------   d-----w-   c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-01-24 03:17:50   --------   d-----w-   c:\program files\iTunes
2012-01-24 03:17:23   --------   d-----w-   c:\users\nadav\appdata\local\Apple
2012-01-24 03:16:51   --------   d-----w-   c:\program files\Bonjour
2012-01-23 04:16:19   703824   ------w-   c:\programdata\microsoft\microsoft antimalware\definition updates\{45a92a87-2460-4327-a020-d49c6b084f84}\gapaengine.dll
2012-01-23 04:12:38   --------   d-sh--w-   c:\windows\Installer
2012-01-23 04:12:37   --------   d-----w-   c:\program files\Microsoft Security Client
2012-01-23 04:02:05   43008   ----a-w-   c:\windows\system32\drivers\usbehci.sys
2012-01-23 04:02:04   75776   ----a-w-   c:\windows\system32\drivers\usbccgp.sys
2012-01-23 04:02:04   5888   ----a-w-   c:\windows\system32\drivers\usbd.sys
2012-01-23 04:02:04   284672   ----a-w-   c:\windows\system32\drivers\usbport.sys
2012-01-23 04:02:04   258560   ----a-w-   c:\windows\system32\drivers\usbhub.sys
2012-01-23 04:02:04   24064   ----a-w-   c:\windows\system32\drivers\usbuhci.sys
2012-01-23 04:02:04   20480   ----a-w-   c:\windows\system32\drivers\usbohci.sys
2012-01-23 04:02:00   74240   ----a-w-   c:\windows\system32\fsutil.exe
2012-01-23 04:02:00   1699328   ----a-w-   c:\windows\system32\esent.dll
2012-01-23 04:02:00   148864   ----a-w-   c:\windows\system32\drivers\storport.sys
2012-01-23 04:02:00   1211264   ----a-w-   c:\windows\system32\drivers\ntfs.sys
2012-01-23 04:01:59   80256   ----a-w-   c:\windows\system32\drivers\amdsata.sys
2012-01-23 04:01:59   332160   ----a-w-   c:\windows\system32\drivers\iaStorV.sys
2012-01-23 04:01:59   22400   ----a-w-   c:\windows\system32\drivers\amdxata.sys
2012-01-23 04:01:59   143744   ----a-w-   c:\windows\system32\drivers\nvstor.sys
2012-01-23 04:01:59   117120   ----a-w-   c:\windows\system32\drivers\nvraid.sys
2012-01-23 04:01:49   60416   ----a-w-   c:\windows\system32\drivers\BTHUSB.SYS
2012-01-23 04:01:49   393728   ----a-w-   c:\windows\system32\drivers\bthport.sys
2012-01-23 03:57:03   311808   ----a-w-   c:\windows\system32\drivers\srv.sys
2012-01-23 03:57:03   310272   ----a-w-   c:\windows\system32\drivers\srv2.sys
2012-01-23 03:57:02   114688   ----a-w-   c:\windows\system32\drivers\srvnet.sys
2012-01-23 03:57:01   338944   ----a-w-   c:\windows\system32\drivers\afd.sys
2012-01-23 03:53:10   --------   d-----w-   c:\windows\system32\Wat
2012-01-23 03:51:56   --------   d-----w-   c:\users\nadav\appdata\local\Google
2012-01-23 03:50:50   --------   d-----w-   c:\users\nadav\appdata\local\Opera
2012-01-22 00:17:48   --------   d-----w-   c:\windows\Panther
2012-01-22 00:17:33   --------   d-sh--w-   C:\Boot
2012-01-21 22:03:48   --------   d-----w-   c:\program files\Protector Suite
2012-01-21 21:50:38   31232   ----a-w-   c:\windows\system32\prevhost.exe
2012-01-21 21:43:59   28672   ----a-w-   c:\windows\system32\dnscacheugc.exe
2012-01-21 21:42:12   27008   ----a-w-   c:\windows\system32\drivers\Diskdump.sys
2012-01-21 21:38:56   219008   ----a-w-   c:\windows\system32\drivers\dxgmms1.sys
2012-01-21 21:33:55   398336   ----a-w-   c:\windows\system32\TVWizudlg.exe
2012-01-21 21:33:55   140288   ----a-w-   c:\windows\system32\igfxtvcx.dll
2012-01-21 21:33:55   --------   d-----w-   c:\windows\system32\Lang
2012-01-21 21:32:12   1002008   ----a-w-   c:\windows\system32\igxpun.exe
2012-01-21 21:32:12   --------   d-----w-   c:\windows\system32\x64
.
==================== Find3M ====================
.
2011-11-24 04:25:27   2342912   ----a-w-   c:\windows\system32\win32k.sys
2011-11-19 14:01:00   67072   ----a-w-   c:\windows\system32\packager.dll
2011-11-17 05:41:52   67440   ----a-w-   c:\windows\system32\drivers\ksecdd.sys
2011-11-17 05:41:51   134000   ----a-w-   c:\windows\system32\drivers\ksecpkg.sys
2011-11-17 05:39:24   369352   ----a-w-   c:\windows\system32\drivers\cng.sys
2011-11-17 05:38:39   1288472   ----a-w-   c:\windows\system32\ntdll.dll
2011-11-17 05:35:02   314880   ----a-w-   c:\windows\system32\webio.dll
2011-11-17 05:34:55   15872   ----a-w-   c:\windows\system32\sspisrv.dll
2011-11-17 05:34:55   100352   ----a-w-   c:\windows\system32\sspicli.dll
2011-11-17 05:34:52   224768   ----a-w-   c:\windows\system32\schannel.dll
2011-11-17 05:34:52   22016   ----a-w-   c:\windows\system32\secur32.dll
2011-11-17 05:32:51   1038848   ----a-w-   c:\windows\system32\lsasrv.dll
2011-11-17 05:29:50   22528   ----a-w-   c:\windows\system32\lsass.exe
2011-11-05 04:26:03   2048   ----a-w-   c:\windows\system32\tzres.dll
.
============= FINISH: 22:56:46.76 ===============

Hoov · « **Reply #1 on:** January 25, 2012, 10:12:45 PM »

I am Hoov and I will be helping you with your computer. Can you please direct me to the thread where you were instructed to reinstall windows? The last post I see here you were advised to install the newest version of Java.

Also please copy and paste up the other log (attach.txt) that was generated when you ran DDS please.

nadavr · « **Reply #2 on:** January 25, 2012, 10:16:33 PM »

Hello, thanks.

I attached both above. You are looking at the correct thread. The Java bit is just at the end, making sure that other computers on my network were not infected.

nadavr · « **Reply #3 on:** January 25, 2012, 10:18:17 PM »

Here is the exact post:

http://spywarehammer.com/simplemachinesforum/index.php?topic=11953.msg104066#msg104066

Hoov · « **Reply #4 on:** January 25, 2012, 10:26:49 PM »

Thanks for the link. About the logs above, if you look a bit closer, you posted the same log twice.

nadavr · « **Reply #5 on:** January 25, 2012, 10:29:34 PM »

sorry! thanks.

Here is the "attach" text:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/21/2012 4:30:38 PM
System Uptime: 1/25/2012 8:14:07 PM (2 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz | Microprocessor | 1000/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 136 GiB total, 111.652 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_02091028&REV_12\4&19E0E716&0&0BF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_02091028&REV_12\4&19E0E716&0&0BF0
Service:
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_02091028&REV_12\4&19E0E716&0&0AF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_02091028&REV_12\4&19E0E716&0&0AF0
Service:
.
==== System Restore Points ===================
.
RP3: 1/21/2012 4:31:41 PM - Windows Update
RP4: 1/21/2012 5:02:22 PM - Windows Update
RP5: 1/22/2012 10:52:23 PM - Windows Update
RP6: 1/22/2012 10:55:46 PM - Windows Update
RP7: 1/23/2012 7:15:58 AM - Windows Update
RP8: 1/23/2012 10:11:33 PM - Windows Update
RP9: 1/23/2012 10:12:46 PM - Windows Update
RP10: 1/23/2012 10:17:25 PM - Installed iTunes
RP11: 1/23/2012 10:20:35 PM - Windows Update
RP12: 1/23/2012 10:35:05 PM - Installed Python 2.7.2
RP13: 1/24/2012 11:43:31 PM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Dropbox
Google Chrome
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
iTunes
KeePass Password Safe 2.18
Laptop Integrated Webcam Driver (1.03.01.1011)
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Security Client
Microsoft Security Essentials
Opera 11.60
Python 2.7.2
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Spotify
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
VLC media player 1.1.11
.
==== Event Viewer Messages From Past Week ========
.
1/25/2012 2:44:08 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
1/24/2012 11:44:09 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.119.477.0    Update Source: Microsoft Update Server    Update Stage: Install    Source Path: http://www.microsoft.com    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.8001.0    Error code: 0x80240016    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
1/24/2012 11:44:09 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.119.477.0    Update Source: Microsoft Update Server    Update Stage: Install    Source Path: http://www.microsoft.com    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.8001.0    Error code: 0x80240016    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
1/24/2012 11:44:09 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.119.477.0    Update Source: Microsoft Update Server    Update Stage: Download    Source Path: http://www.microsoft.com    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.8001.0    Error code: 0x80240016    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
1/24/2012 11:43:47 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.119.477.0    Update Source: Microsoft Update Server    Update Stage: Install    Source Path: http://www.microsoft.com    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.8001.0    Error code: 0x80240016    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
1/24/2012 11:43:47 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.119.477.0    Update Source: Microsoft Update Server    Update Stage: Install    Source Path: http://www.microsoft.com    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.8001.0    Error code: 0x80240016    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
1/24/2012 11:43:47 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.119.477.0    Update Source: Microsoft Update Server    Update Stage: Download    Source Path: http://www.microsoft.com    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.8001.0    Error code: 0x80240016    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
1/23/2012 10:12:38 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Internet Explorer 9 for Windows 7.
1/21/2012 5:08:42 PM, Error: Service Control Manager [7023] -
1/21/2012 4:32:43 PM, Error: Service Control Manager [7030] - The Creative OEM004 RunApp Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
.
==== End Of File ===========================

Hoov · « **Reply #6 on:** January 25, 2012, 10:56:13 PM »

Please read The Following Software Must Be Removed Before Posting Here

nadavr · « **Reply #7 on:** January 26, 2012, 06:43:37 AM »

Ok -- I have complied with the requirements of the website. Here are the 2 files:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Nadav at 7:42:04 on 2012-01-26
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3062.1717 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\OEM04Mon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\Nadav\AppData\Roaming\Spotify\spotify.exe
C:\Users\Nadav\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\Nadav\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nadav\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nadav\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Nadav\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Users\Nadav\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\ATH.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\system32\conhost.exe
C:\Users\Nadav\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nadav\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Users\Nadav\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nadav\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uRun: [Google Update] "c:\users\nadav\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Spotify] "c:\users\nadav\appdata\roaming\spotify\Spotify.exe" /uri spotify:autostart
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [OEM04Mon.exe] c:\windows\OEM04Mon.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KeePass 2 PreLoad] "c:\program files\keepass password safe 2\KeePass.exe" --preload
StartupFolder: c:\users\nadav\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\nadav\appdata\roaming\dropbox\bin\Dropbox.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{59251135-C0AD-41C7-8942-995BAB24449B} : DhcpNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
Hosts: 0.0.0.0
Hosts: 0 text file
Hosts: 0 old macs
Hosts: 255.255.255.255   broadcasthost
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl8c78d018;MpKsl8c78d018;c:\programdata\microsoft\microsoft antimalware\definition updates\{32d5f691-7589-499d-9cc1-3a471529088a}\MpKsl8c78d018.sys [2012-1-25 29904]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 OEM04Vfx;Creative Camera OEM004 Video VFX Driver;c:\windows\system32\drivers\OEM04Vfx.sys [2007-3-5 7424]
R3 OEM04Vid;Creative Camera OEM004 Driver;c:\windows\system32\drivers\OEM04Vid.sys [2007-10-10 234720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-11 62464]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-1-22 1343400]
.
=============== Created Last 30 ================
.
2012-01-26 03:56:47   29904   ----a-w-   c:\programdata\microsoft\microsoft antimalware\definition updates\{32d5f691-7589-499d-9cc1-3a471529088a}\MpKsl8c78d018.sys
2012-01-25 04:51:34   6557240   ----a-w-   c:\programdata\microsoft\microsoft antimalware\definition updates\{32d5f691-7589-499d-9cc1-3a471529088a}\mpengine.dll
2012-01-24 13:04:30   6557240   ----a-w-   c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-01-24 04:18:09   --------   d-----w-   c:\users\nadav\appdata\roaming\KeePass
2012-01-24 04:07:19   --------   d-----r-   c:\users\nadav\Dropbox
2012-01-24 04:05:35   --------   d-----w-   c:\program files\KeePass Password Safe 2
2012-01-24 04:02:56   --------   d-----w-   c:\users\nadav\appdata\roaming\Dropbox
2012-01-24 04:00:33   --------   d-----w-   c:\program files\VideoLAN
2012-01-24 03:42:35   --------   d-----w-   c:\users\nadav\appdata\local\Spotify
2012-01-24 03:41:44   --------   d-----w-   c:\users\nadav\appdata\roaming\Spotify
2012-01-24 03:35:48   --------   d-----w-   C:\Python27
2012-01-24 03:18:36   --------   d-----w-   c:\users\nadav\appdata\local\Apple Computer
2012-01-24 03:18:32   26600   ----a-w-   c:\windows\system32\drivers\GEARAspiWDM.sys
2012-01-24 03:18:32   107368   ----a-w-   c:\windows\system32\GEARAspi.dll
2012-01-24 03:17:51   --------   d-----w-   c:\program files\iPod
2012-01-24 03:17:50   --------   d-----w-   c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-01-24 03:17:50   --------   d-----w-   c:\program files\iTunes
2012-01-24 03:17:23   --------   d-----w-   c:\users\nadav\appdata\local\Apple
2012-01-24 03:16:51   --------   d-----w-   c:\program files\Bonjour
2012-01-23 04:16:19   703824   ------w-   c:\programdata\microsoft\microsoft antimalware\definition updates\{45a92a87-2460-4327-a020-d49c6b084f84}\gapaengine.dll
2012-01-23 04:12:38   --------   d-sh--w-   c:\windows\Installer
2012-01-23 04:12:37   --------   d-----w-   c:\program files\Microsoft Security Client
2012-01-23 04:02:05   43008   ----a-w-   c:\windows\system32\drivers\usbehci.sys
2012-01-23 04:02:04   75776   ----a-w-   c:\windows\system32\drivers\usbccgp.sys
2012-01-23 04:02:04   5888   ----a-w-   c:\windows\system32\drivers\usbd.sys
2012-01-23 04:02:04   284672   ----a-w-   c:\windows\system32\drivers\usbport.sys
2012-01-23 04:02:04   258560   ----a-w-   c:\windows\system32\drivers\usbhub.sys
2012-01-23 04:02:04   24064   ----a-w-   c:\windows\system32\drivers\usbuhci.sys
2012-01-23 04:02:04   20480   ----a-w-   c:\windows\system32\drivers\usbohci.sys
2012-01-23 04:02:00   74240   ----a-w-   c:\windows\system32\fsutil.exe
2012-01-23 04:02:00   1699328   ----a-w-   c:\windows\system32\esent.dll
2012-01-23 04:02:00   148864   ----a-w-   c:\windows\system32\drivers\storport.sys
2012-01-23 04:02:00   1211264   ----a-w-   c:\windows\system32\drivers\ntfs.sys
2012-01-23 04:01:59   80256   ----a-w-   c:\windows\system32\drivers\amdsata.sys
2012-01-23 04:01:59   332160   ----a-w-   c:\windows\system32\drivers\iaStorV.sys
2012-01-23 04:01:59   22400   ----a-w-   c:\windows\system32\drivers\amdxata.sys
2012-01-23 04:01:59   143744   ----a-w-   c:\windows\system32\drivers\nvstor.sys
2012-01-23 04:01:59   117120   ----a-w-   c:\windows\system32\drivers\nvraid.sys
2012-01-23 04:01:49   60416   ----a-w-   c:\windows\system32\drivers\BTHUSB.SYS
2012-01-23 04:01:49   393728   ----a-w-   c:\windows\system32\drivers\bthport.sys
2012-01-23 03:57:03   311808   ----a-w-   c:\windows\system32\drivers\srv.sys
2012-01-23 03:57:03   310272   ----a-w-   c:\windows\system32\drivers\srv2.sys
2012-01-23 03:57:02   114688   ----a-w-   c:\windows\system32\drivers\srvnet.sys
2012-01-23 03:57:01   338944   ----a-w-   c:\windows\system32\drivers\afd.sys
2012-01-23 03:53:10   --------   d-----w-   c:\windows\system32\Wat
2012-01-23 03:51:56   --------   d-----w-   c:\users\nadav\appdata\local\Google
2012-01-23 03:50:50   --------   d-----w-   c:\users\nadav\appdata\local\Opera
2012-01-22 00:17:48   --------   d-----w-   c:\windows\Panther
2012-01-22 00:17:33   --------   d-sh--w-   C:\Boot
2012-01-21 22:03:48   --------   d-----w-   c:\program files\Protector Suite
2012-01-21 21:50:38   31232   ----a-w-   c:\windows\system32\prevhost.exe
2012-01-21 21:43:59   28672   ----a-w-   c:\windows\system32\dnscacheugc.exe
2012-01-21 21:42:12   27008   ----a-w-   c:\windows\system32\drivers\Diskdump.sys
2012-01-21 21:38:56   219008   ----a-w-   c:\windows\system32\drivers\dxgmms1.sys
2012-01-21 21:33:55   398336   ----a-w-   c:\windows\system32\TVWizudlg.exe
2012-01-21 21:33:55   140288   ----a-w-   c:\windows\system32\igfxtvcx.dll
2012-01-21 21:33:55   --------   d-----w-   c:\windows\system32\Lang
2012-01-21 21:32:12   1002008   ----a-w-   c:\windows\system32\igxpun.exe
2012-01-21 21:32:12   --------   d-----w-   c:\windows\system32\x64
.
==================== Find3M ====================
.
2011-11-24 04:25:27   2342912   ----a-w-   c:\windows\system32\win32k.sys
2011-11-19 14:01:00   67072   ----a-w-   c:\windows\system32\packager.dll
2011-11-17 05:41:52   67440   ----a-w-   c:\windows\system32\drivers\ksecdd.sys
2011-11-17 05:41:51   134000   ----a-w-   c:\windows\system32\drivers\ksecpkg.sys
2011-11-17 05:39:24   369352   ----a-w-   c:\windows\system32\drivers\cng.sys
2011-11-17 05:38:39   1288472   ----a-w-   c:\windows\system32\ntdll.dll
2011-11-17 05:35:02   314880   ----a-w-   c:\windows\system32\webio.dll
2011-11-17 05:34:55   15872   ----a-w-   c:\windows\system32\sspisrv.dll
2011-11-17 05:34:55   100352   ----a-w-   c:\windows\system32\sspicli.dll
2011-11-17 05:34:52   224768   ----a-w-   c:\windows\system32\schannel.dll
2011-11-17 05:34:52   22016   ----a-w-   c:\windows\system32\secur32.dll
2011-11-17 05:32:51   1038848   ----a-w-   c:\windows\system32\lsasrv.dll
2011-11-17 05:29:50   22528   ----a-w-   c:\windows\system32\lsass.exe
2011-11-05 04:26:03   2048   ----a-w-   c:\windows\system32\tzres.dll
.
============= FINISH: 7:42:31.05 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/21/2012 4:30:38 PM
System Uptime: 1/26/2012 2:48:06 AM (5 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz | Microprocessor | 2000/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 136 GiB total, 111.211 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_02091028&REV_12\4&19E0E716&0&0BF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_02091028&REV_12\4&19E0E716&0&0BF0
Service:
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_02091028&REV_12\4&19E0E716&0&0AF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_02091028&REV_12\4&19E0E716&0&0AF0
Service:
.
==== System Restore Points ===================
.
RP3: 1/21/2012 4:31:41 PM - Windows Update
RP4: 1/21/2012 5:02:22 PM - Windows Update
RP5: 1/22/2012 10:52:23 PM - Windows Update
RP6: 1/22/2012 10:55:46 PM - Windows Update
RP7: 1/23/2012 7:15:58 AM - Windows Update
RP8: 1/23/2012 10:11:33 PM - Windows Update
RP9: 1/23/2012 10:12:46 PM - Windows Update
RP10: 1/23/2012 10:17:25 PM - Installed iTunes
RP11: 1/23/2012 10:20:35 PM - Windows Update
RP12: 1/23/2012 10:35:05 PM - Installed Python 2.7.2
RP13: 1/24/2012 11:43:31 PM - Windows Update
.
==== Installed Programs ======================
.
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Dropbox
Google Chrome
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
iTunes
KeePass Password Safe 2.18
Laptop Integrated Webcam Driver (1.03.01.1011)
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Security Client
Microsoft Security Essentials
Opera 11.60
Python 2.7.2
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Spotify
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
VLC media player 1.1.11
.
==== Event Viewer Messages From Past Week ========
.
1/26/2012 7:35:32 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
1/26/2012 7:01:11 AM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
1/24/2012 11:44:09 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.119.477.0    Update Source: Microsoft Update Server    Update Stage: Install    Source Path: http://www.microsoft.com    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.8001.0    Error code: 0x80240016    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
1/24/2012 11:44:09 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.119.477.0    Update Source: Microsoft Update Server    Update Stage: Install    Source Path: http://www.microsoft.com    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.8001.0    Error code: 0x80240016    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
1/24/2012 11:44:09 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.119.477.0    Update Source: Microsoft Update Server    Update Stage: Download    Source Path: http://www.microsoft.com    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.8001.0    Error code: 0x80240016    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
1/24/2012 11:43:47 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.119.477.0    Update Source: Microsoft Update Server    Update Stage: Install    Source Path: http://www.microsoft.com    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.8001.0    Error code: 0x80240016    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
1/24/2012 11:43:47 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.119.477.0    Update Source: Microsoft Update Server    Update Stage: Install    Source Path: http://www.microsoft.com    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.8001.0    Error code: 0x80240016    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
1/24/2012 11:43:47 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.119.477.0    Update Source: Microsoft Update Server    Update Stage: Download    Source Path: http://www.microsoft.com    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.8001.0    Error code: 0x80240016    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
1/23/2012 10:12:38 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Internet Explorer 9 for Windows 7.
1/21/2012 5:08:42 PM, Error: Service Control Manager [7023] -
1/21/2012 4:32:43 PM, Error: Service Control Manager [7030] - The Creative OEM004 RunApp Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
.
==== End Of File ===========================

Hoov · « **Reply #8 on:** January 26, 2012, 12:52:59 PM »

I do not see anything that is jumping out at me. There is one program that I would not run, Spotify, but it is not malware of any kind. My reservations about it would be more legal than malware.

Are you experiencing any problems or have any questions or concerns? It does look like your Antivirus is having problems trying to update, but that could be network connection problems.

Hoov · « **Reply #9 on:** February 05, 2012, 09:10:10 AM »

This thread is being closed due to inactivity. If you need it reopened send me a PM. This applies to the originator only. Anyone else please start a new thread.

News:

Author Topic: [Inactive] Reinstalled windows -- is my system cleaned? (Read 1044 times)

nadavr

[Inactive] Reinstalled windows -- is my system cleaned?

Hoov

Re: [In Progress] Reinstalled windows -- is my system cleaned?

nadavr

Re: [In Progress] Reinstalled windows -- is my system cleaned?

nadavr

Re: [In Progress] Reinstalled windows -- is my system cleaned?

Hoov

Re: [In Progress] Reinstalled windows -- is my system cleaned?

nadavr

Re: [In Progress] Reinstalled windows -- is my system cleaned?

Hoov

Re: [In Progress] Reinstalled windows -- is my system cleaned?

nadavr

Re: [In Progress] Reinstalled windows -- is my system cleaned?

Hoov

Re: [In Progress] Reinstalled windows -- is my system cleaned?

Hoov

Re: [In Progress] Reinstalled windows -- is my system cleaned?