Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect especially in Chrome - "had" Data Recovery virus


  • This topic is locked This topic is locked
59 replies to this topic

#1 thanksforhelping

thanksforhelping

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 23 September 2011 - 09:14 AM

I used followed the instructions here: http://www.bleepingcomputer.com/virus-removal/remove-data-recovery
But still having redirects with Google and sometimes Chrome and Firefox will just shut down.
I have McAfee running on the computer

I tried running malbytes again and McAfee. I got a BSOD.
I rebooted in safe mode. The browsers were redirecting and crashing. The firewall and virus protection on McAfee turned off suddenly and I could not turn it back on.
I ran several scans and got nothing.

I downloaded unHackme and ran it but only got false positives. I install and ran spyware doctor and removed 76 tracking cookies
I am also running Mikogo a screen sharing app that is flagged as a virus by AVG and Unhack me but it's a legit program that AVG has written about in the past as a false positive.


When I ran the GMER app - only the Services, Registry, & Files options were check on the right side. The rest were grayed out.
GMER results: stated it hasn't found any system midification.

Thanks in advance for anyone who decides to help!!!


Here are the dds logs.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by Da Jules at 9:30:23 on 2011-09-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7991.5324 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\UnHackMe\hackmon.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Users\Da Jules\AppData\Roaming\Mikogo\Mikogo-Host.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Da Jules\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Da Jules\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Da Jules\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Da Jules\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Da Jules\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Da Jules\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\Da Jules\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Da Jules\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Da Jules\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Da Jules\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Da Jules\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Da Jules\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Da Jules\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Users\Da Jules\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Da Jules\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Da Jules\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Da Jules\Downloads\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = about:blank
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110920200611.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
uRun: [Google Update] "C:\Users\Da Jules\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Mikogo] "C:\Users\Da Jules\AppData\Roaming\Mikogo\Mikogo-Host.exe"
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVEWU4tWE5JTFItNFpISlAtUU9GUFctSlVBTE4tUlJBNkk"&"inst=NzctNzI0ODIxMzI4LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ"&"prod=90"&"ver=2012.0.1796"&"mid=145f7bd8d02947d1a044a9628d64350a-46ceeeea51e7458d2e1b269da8614e662280c03d
StartupFolder: C:\Users\DAJULE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Mozenda.lnk - C:\Users\Da Jules\AppData\Roaming\Mozenda\Programs\Mozenda.ClientConnector.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUDIBL~1.LNK - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 71.243.0.12
TCP: Interfaces\{3811AAEE-67D8-41AC-9C15-B4C275EB3573} : DhcpNameServer = 192.168.1.1 71.243.0.12
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO-X64: Search Helper - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110920200611.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun-x64: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVEWU4tWE5JTFItNFpISlAtUU9GUFctSlVBTE4tUlJBNkk"&"inst=NzctNzI0ODIxMzI4LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ"&"prod=90"&"ver=2012.0.1796"&"mid=145f7bd8d02947d1a044a9628d64350a-46ceeeea51e7458d2e1b269da8614e662280c03d
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Da Jules\AppData\Roaming\Mozilla\Firefox\Profiles\361qqsg9.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Reader 2\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Da Jules\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Users\Da Jules\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Da Jules\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-18 140672]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-5-24 92160]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-7-6 375176]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-1-11 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-20 355440]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-20 355440]
R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-9-20 200056]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-9-20 245352]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2011-6-21 341296]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-9-20 366152]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 B-Service;B-Service;C:\Users\Da Jules\AppData\Roaming\Mikogo\B-Service.exe [2011-9-14 185640]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-09-23 00:04:09 39192 ----a-w- C:\Windows\System32\Partizan.exe
2011-09-23 00:01:42 24416 ----a-w- C:\Windows\SysWow64\drivers\regguard.sys
2011-09-22 23:48:59 39192 ----a-w- C:\Windows\SysWow64\Partizan.exe
2011-09-22 23:48:59 35816 ----a-w- C:\Windows\SysWow64\drivers\Partizan.sys
2011-09-22 23:48:55 2 --shatr- C:\Windows\winstart.bat
2011-09-22 23:48:52 11040 ----a-w- C:\Windows\SysWow64\drivers\UnHackMeDrv.sys
2011-09-22 23:48:50 -------- d-----w- C:\Program Files (x86)\UnHackMe
2011-09-22 23:40:31 -------- d-----w- C:\Users\Da Jules\AppData\Roaming\SUPERAntiSpyware.com
2011-09-22 23:40:06 -------- d-----w- C:\ProgramData\!SASCORE
2011-09-22 23:40:04 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-09-22 23:40:04 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-09-22 23:34:13 -------- d-----w- C:\Program Files\CCleaner
2011-09-22 19:37:25 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-09-22 19:37:25 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-09-22 19:37:25 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2011-09-22 19:37:25 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2011-09-22 19:37:25 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-09-21 13:04:47 -------- d-----w- C:\Program Files\Microsoft IntelliType Pro
2011-09-21 00:06:23 -------- d-----w- C:\Program Files\McAfee.com
2011-09-21 00:06:11 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2011-09-21 00:06:11 24376 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\Scriptff.dll
2011-09-21 00:05:41 149032 ----a-w- C:\Windows\System32\mfevtps.exe
2011-09-21 00:05:37 94992 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2011-09-21 00:05:37 75160 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2011-09-21 00:05:37 63056 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2011-09-21 00:05:37 530304 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2011-09-21 00:05:37 441840 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2011-09-21 00:05:37 283744 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2011-09-21 00:05:37 190520 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2011-09-21 00:05:37 121376 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2011-09-20 18:35:13 -------- d-----w- C:\Users\Da Jules\AppData\Roaming\Malwarebytes
2011-09-20 18:35:00 -------- d-----w- C:\ProgramData\Malwarebytes
2011-09-20 18:34:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-09-20 09:44:34 8862544 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FF3610D7-9B6E-4862-8FE6-7ED9AEC45E98}\mpengine.dll
2011-09-19 18:58:34 -------- d-----w- C:\Users\Da Jules\AppData\Roaming\webex
2011-09-19 18:30:31 -------- d-----w- C:\ProgramData\WebEx
2011-09-14 04:25:19 -------- d-----w- C:\47b34d1cad9030aa0d9c3107ca13d68f
2011-09-14 04:23:11 -------- d-----w- C:\1201e169ab7080ef7bf786
2011-09-13 22:46:20 -------- d-----w- C:\Windows\System32\SPReview
2011-09-13 22:46:11 -------- d-----w- C:\Windows\System32\EventProviders
2011-09-13 22:39:56 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-09-13 22:36:48 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-09-13 22:36:47 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-09-13 22:36:47 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-09-13 21:51:37 -------- d-----w- C:\$AVG
2011-09-13 18:26:30 -------- d-----w- C:\Users\Da Jules\AppData\Roaming\AVG2012
2011-09-13 15:33:47 -------- d-----w- C:\Users\Da Jules\AppData\Roaming\Mozenda
2011-09-13 15:12:09 -------- d-----w- C:\ProgramData\Common Files
2011-09-13 15:11:39 -------- d-----w- C:\ProgramData\AVG2012
2011-09-13 15:11:33 -------- d-----w- C:\Program Files (x86)\AVG
2011-09-13 15:02:31 -------- d-----w- C:\ProgramData\MFAData
2011-09-12 23:13:26 -------- d-----w- C:\Users\Da Jules\AppData\Roaming\Anix Software
2011-09-12 23:13:20 -------- d-----w- C:\Program Files (x86)\PicViewer 3
2011-09-12 19:56:07 -------- d-----w- C:\Users\Da Jules\AppData\Local\AOL
2011-09-12 19:56:07 -------- d-----w- C:\Users\Da Jules\AppData\Local\AIM
2011-09-12 19:56:02 -------- d-----w- C:\ProgramData\AIM
2011-09-12 19:56:00 -------- d-----w- C:\Program Files (x86)\Common Files\Software Update Utility
2011-09-12 19:56:00 -------- d-----w- C:\Program Files (x86)\AIM
2011-09-12 19:55:59 -------- d-----w- C:\Program Files (x86)\Common Files\AOL
2011-09-06 22:10:07 -------- d-----w- C:\Users\Da Jules\AppData\Local\Microsoft Games
2011-09-01 18:22:49 -------- d-----w- C:\Program Files\Microsoft IntelliPoint
2011-08-31 17:51:02 -------- d-----w- C:\Program Files (x86)\MSECache
2011-08-31 17:24:15 -------- d-----w- C:\ProgramData\McAfee Security Scan
2011-08-31 17:24:14 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan
2011-08-30 13:08:09 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-08-30 13:08:09 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-08-25 13:52:39 -------- d-----w- C:\Users\Da Jules\AppData\Local\LogMeIn
2011-08-25 13:52:10 60800 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\LMIproc.dll
2011-08-25 13:52:09 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2011-08-25 13:52:09 72216 ----a-w- C:\Windows\System32\drivers\LMIRfsDriver.sys
2011-08-25 13:52:09 33152 ----a-w- C:\Windows\System32\LMIport.dll
2011-08-25 13:52:08 80768 ----a-w- C:\Windows\System32\LMIinit.dll
2011-08-25 13:52:05 -------- d-----w- C:\ProgramData\LogMeIn
2011-08-25 13:51:58 -------- d-----w- C:\Program Files (x86)\LogMeIn
2011-08-25 01:44:06 -------- d-----w- C:\Users\Da Jules\AppData\Roaming\PrimoPDF
2011-08-25 01:42:23 28976 ----a-w- C:\Windows\System32\nitrolocalmon2.dll
2011-08-25 01:42:23 17200 ----a-w- C:\Windows\System32\nitrolocalui2.dll
2011-08-25 01:42:18 -------- d-----w- C:\Program Files\Common Files\Nitro PDF
2011-08-25 01:42:17 -------- d-----w- C:\Program Files (x86)\Common Files\Nitro PDF
2011-08-25 01:41:21 95008 ----a-w- C:\Windows\System32\Primomonnt.dll
2011-08-25 01:41:21 -------- d-----w- C:\Users\Da Jules\AppData\Local\OpenCandy
2011-08-25 01:41:20 -------- d-----w- C:\Users\Da Jules\AppData\Roaming\OpenCandy
2011-08-25 01:41:19 -------- d-----w- C:\Program Files (x86)\Nitro PDF
2011-08-25 01:22:57 -------- d-----w- C:\Program Files (x86)\Market Samurai
.
==================== Find3M ====================
.
2011-09-14 04:28:56 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-09-14 04:28:56 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-08-31 17:45:46 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-19 18:02:03 72080 ----a-w- C:\Users\Da Jules\g2mdlhlpx.exe
2011-08-01 19:59:06 52584 ----a-w- C:\Windows\System32\drivers\dc3d.sys
2011-08-01 19:59:06 470376 ----a-w- C:\Windows\System32\ipcoin82.dll
2011-08-01 19:59:06 45416 ----a-w- C:\Windows\System32\drivers\point64.sys
2011-08-01 19:59:06 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
2011-07-22 05:22:26 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 04:54:18 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 05:26:20 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-07-09 04:29:46 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
.
============= FINISH: 9:39:33.72 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 thanksforhelping

thanksforhelping
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 23 September 2011 - 10:18 AM

Also, whenever I use a browser now, I usually have to enter the URL in twice or hit stop and reenter the URL again.

#3 thanksforhelping

thanksforhelping
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 24 September 2011 - 04:43 PM

My computer is now shutting down randomly.
her is the message from Windows 7 when I boot up:

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: 76
BCP1: 0000000000000000
BCP2: FFFFFA800B3A0930
BCP3: 00000000000007D1
BCP4: 0000000000000000
OS Version: 6_1_7601
Service Pack: 1_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\092411-19110-01.dmp
C:\Users\Da Jules\AppData\Local\Temp\WER-4527648-0.sysdata.xml

#4 thanksforhelping

thanksforhelping
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 25 September 2011 - 04:02 PM

Another BSOD.
It doesn't like Gmail either. Alot of hang ups when going there.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:54 PM

Posted 25 September 2011 - 05:36 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 thanksforhelping

thanksforhelping
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 25 September 2011 - 08:13 PM

Ran Combofix.
Had lots of problems.
It stalled for 5-10 minutes.
Then I started up firefox to download it again...
Then I go a blue screen in the app box see below
Posted Image

Then I got this error:
Posted Image

Then McAfee turned on by it self ( I had disabled it I thought) and I got this error:
Posted Image

Then Combofix seemed to run but at every step I had to say okay to the error that it could not find "NIRKMD". I clicked okay close to 65 times - as at the end of each completed stage
it required me to click "ok" - Process took 2 hours.

Finally it ended with:
Posted Image

------
WHAT SHOULD I DO WITH THIS? REMOVE? ALLOW? OR JUST CLOSE?
Posted Image
------

Google redirect is still happening in Chrome and Firefox.
Redirect went here: http://www.blinkx.com/ce/D4I4A6yVzUfMGLKZyqjP-CYM35qynI392evDzFpnsEmU7zGlslYgkS1K6J8zKTSP6NqTRw16ueo?adid=02-100-201-300-404-25&affiliate=77635-569-direc32

------

HERE IS THE LOG FROM COMBOFIX

ComboFix 11-09-26.01 - Da Jules 09/25/2011 19:38:04.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7991.5972 [GMT -4:00]
Running from: c:\users\Da Jules\Downloads\ComboFix2.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Da Jules\Desktop\Data Recovery.lnk
c:\users\Da Jules\g2mdlhlpx.exe
c:\windows\SysWow64\comct332.ocx
.
.
((((((((((((((((((((((((( Files Created from 2011-08-26 to 2011-09-26 )))))))))))))))))))))))))))))))
.
.
2011-09-26 00:33 . 2011-09-26 00:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-25 21:09 . 2011-09-25 21:09 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-09-25 21:09 . 2011-08-31 21:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-24 18:05 . 2011-06-21 04:09 200976 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2011-09-23 14:31 . 2011-09-23 14:31 -------- d-----w- c:\users\Da Jules\AppData\Local\Safe mirror
2011-09-23 14:30 . 2011-09-23 14:30 -------- d-----w- c:\program files (x86)\Cobian Backup 10
2011-09-23 00:04 . 2011-09-23 00:04 39192 ----a-w- c:\windows\system32\Partizan.exe
2011-09-23 00:01 . 2011-09-23 00:06 24416 ----a-w- c:\windows\SysWow64\drivers\regguard.sys
2011-09-22 23:48 . 2011-09-22 23:48 39192 ----a-w- c:\windows\SysWow64\Partizan.exe
2011-09-22 23:48 . 2011-09-22 23:48 35816 ----a-w- c:\windows\SysWow64\drivers\Partizan.sys
2011-09-22 23:48 . 2011-09-22 23:48 2 --shatr- c:\windows\winstart.bat
2011-09-22 23:48 . 2011-07-27 17:59 11040 ----a-w- c:\windows\SysWow64\drivers\UnHackMeDrv.sys
2011-09-22 23:48 . 2011-09-25 20:57 -------- d-----w- c:\program files (x86)\UnHackMe
2011-09-22 23:40 . 2011-09-22 23:40 -------- d-----w- c:\users\Da Jules\AppData\Roaming\SUPERAntiSpyware.com
2011-09-22 23:40 . 2011-09-22 23:40 -------- d-----w- c:\programdata\!SASCORE
2011-09-22 23:40 . 2011-09-23 00:05 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-09-22 23:40 . 2011-09-22 23:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-09-22 23:34 . 2011-09-22 23:34 -------- d-----w- c:\program files\CCleaner
2011-09-22 19:37 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-09-22 19:37 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-09-22 19:37 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-09-22 19:37 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-09-22 19:37 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-09-21 13:04 . 2011-09-21 13:04 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2011-09-21 00:06 . 2011-09-21 00:06 -------- d-----w- c:\program files\McAfee.com
2011-09-21 00:06 . 2011-04-14 18:01 9984 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-09-21 00:06 . 2011-04-14 18:01 24376 ----a-w- c:\program files (x86)\Mozilla Firefox\components\Scriptff.dll
2011-09-21 00:05 . 2011-04-14 18:01 149032 ----a-w- c:\windows\system32\mfevtps.exe
2011-09-21 00:05 . 2011-04-14 18:01 94992 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-09-21 00:05 . 2011-04-14 18:01 75160 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-09-21 00:05 . 2011-04-14 18:01 63056 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-09-21 00:05 . 2011-04-14 18:01 530304 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-09-21 00:05 . 2011-04-14 18:01 441840 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-09-21 00:05 . 2011-04-14 18:01 283744 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-09-21 00:05 . 2011-04-14 18:01 190520 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-09-21 00:05 . 2011-04-14 18:01 121376 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-09-20 18:35 . 2011-09-20 18:35 -------- d-----w- c:\users\Da Jules\AppData\Roaming\Malwarebytes
2011-09-20 18:35 . 2011-09-20 18:35 -------- d-----w- c:\programdata\Malwarebytes
2011-09-20 09:44 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FF3610D7-9B6E-4862-8FE6-7ED9AEC45E98}\mpengine.dll
2011-09-19 18:58 . 2011-09-19 18:58 -------- d-----w- c:\users\Da Jules\AppData\Roaming\webex
2011-09-19 18:30 . 2011-09-19 18:30 -------- d-----w- c:\programdata\WebEx
2011-09-14 04:25 . 2011-09-14 04:31 -------- d-----w- C:\47b34d1cad9030aa0d9c3107ca13d68f
2011-09-14 04:23 . 2011-09-14 04:23 -------- d-----w- C:\1201e169ab7080ef7bf786
2011-09-13 22:46 . 2011-09-13 22:49 -------- d-----w- c:\windows\system32\SPReview
2011-09-13 22:46 . 2011-09-13 22:46 -------- d-----w- c:\windows\system32\EventProviders
2011-09-13 22:39 . 2011-06-21 06:34 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-13 22:36 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-09-13 22:36 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-09-13 22:36 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-09-13 21:51 . 2011-09-13 21:51 -------- d-----w- C:\$AVG
2011-09-13 18:26 . 2011-09-13 18:26 -------- d-----w- c:\users\Da Jules\AppData\Roaming\AVG2012
2011-09-13 15:33 . 2011-09-13 20:37 -------- d-----w- c:\users\Da Jules\AppData\Roaming\Mozenda
2011-09-13 15:12 . 2011-09-13 15:12 -------- d-----w- c:\programdata\Common Files
2011-09-13 15:11 . 2011-09-20 16:55 -------- d-----w- c:\programdata\AVG2012
2011-09-13 15:11 . 2011-09-13 15:11 -------- d-----w- c:\program files (x86)\AVG
2011-09-13 15:02 . 2011-09-14 14:28 -------- d-----w- c:\programdata\MFAData
2011-09-12 23:13 . 2011-09-12 23:13 -------- d-----w- c:\users\Da Jules\AppData\Roaming\Anix Software
2011-09-12 23:13 . 2011-09-12 23:13 -------- d-----w- c:\program files (x86)\PicViewer 3
2011-09-12 19:56 . 2011-09-12 19:56 -------- d-----w- c:\users\Da Jules\AppData\Roaming\acccore
2011-09-12 19:56 . 2011-09-12 19:56 -------- d-----w- c:\users\Da Jules\AppData\Local\AIM
2011-09-12 19:56 . 2011-09-12 19:56 -------- d-----w- c:\users\Da Jules\AppData\Local\AOL
2011-09-12 19:56 . 2011-09-12 19:56 -------- d-----w- c:\programdata\AIM
2011-09-12 19:56 . 2011-09-12 19:56 -------- d-----w- c:\program files (x86)\AIM
2011-09-12 19:56 . 2011-09-12 19:56 -------- d-----w- c:\program files (x86)\Common Files\Software Update Utility
2011-09-12 19:55 . 2011-09-12 19:55 -------- d-----w- c:\program files (x86)\Common Files\AOL
2011-09-06 22:10 . 2011-09-19 18:53 -------- d-----w- c:\users\Da Jules\AppData\Local\Microsoft Games
2011-09-01 18:22 . 2011-09-01 18:22 -------- d-----w- c:\program files\Microsoft IntelliPoint
2011-08-31 17:51 . 2011-08-31 17:51 -------- d-----w- c:\program files (x86)\MSECache
2011-08-31 17:24 . 2011-08-31 17:24 -------- d-----w- c:\programdata\McAfee Security Scan
2011-08-31 17:24 . 2011-09-05 17:12 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2011-08-30 13:08 . 2011-08-30 13:08 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-08-30 13:08 . 2011-08-30 13:08 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-14 04:28 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-09-14 04:28 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-08-31 17:45 . 2011-08-08 14:44 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-24 06:14 . 2011-08-24 06:14 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-08-24 06:14 . 2011-08-24 06:14 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-08-24 06:14 . 2011-08-24 06:14 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-08-24 06:13 . 2011-08-24 06:13 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-08-01 19:59 . 2011-08-01 19:59 52584 ----a-w- c:\windows\system32\drivers\dc3d.sys
2011-08-01 19:59 . 2011-08-01 19:59 470376 ----a-w- c:\windows\system32\ipcoin82.dll
2011-08-01 19:59 . 2011-08-01 19:59 45416 ----a-w- c:\windows\system32\drivers\point64.sys
2011-08-01 19:59 . 2011-08-01 19:59 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2011-07-16 04:26 . 2011-09-13 22:40 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-06 20:33 . 2011-08-25 13:52 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-07-06 20:33 . 2011-08-25 13:52 33152 ----a-w- c:\windows\system32\LMIport.dll
2011-07-06 20:33 . 2011-08-25 13:52 80768 ----a-w- c:\windows\system32\LMIinit.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mikogo"="c:\users\Da Jules\AppData\Roaming\Mikogo\Mikogo-Host.exe" [2011-09-14 2748416]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-09-22 5471104]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-17 50472]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-28 1486392]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVEWU4tWE5JTFItNFpISlAtUU9GUFctSlVBTE4tUlJBNkk&inst=NzctNzI0ODIxMzI4LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ&prod=90&ver=2012.0.1796&mid=145f7bd8d02947d1a044a9628d64350a-46ceeeea51e7458d2e1b269da8614e662280c03d" [?]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\Da Jules\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Mozenda.lnk - c:\users\Da Jules\AppData\Roaming\Mozenda\Programs\Mozenda.ClientConnector.exe [2011-7-1 892928]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe [2011-3-14 2125472]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-01-11 15928]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 B-Service;B-Service;c:\users\Da Jules\AppData\Roaming\Mikogo\B-Service.exe [2011-09-14 185640]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0;PCDSRVC{67F2314B-25F2B3C0-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\gencotst\pcdsrvc_x64.pkms [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-09-22 140672]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]
S2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files (x86)\Cobian Backup 10\cbVSCService.exe [2010-09-23 67584]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-07-06 375176]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 245352]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2011-06-21 341296]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-03 483688]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-03 209768]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMPROTECTOR
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3461175346-224215554-2319799231-1002Core.job
- c:\users\Da Jules\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-17 08:14]
.
2011-09-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3461175346-224215554-2319799231-1002UA.job
- c:\users\Da Jules\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-17 08:14]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-19 8067616]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-01-11 57928]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 71.243.0.12
FF - ProfilePath - c:\users\Da Jules\AppData\Roaming\Mozilla\Firefox\Profiles\361qqsg9.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{67F2314B-25F2B3C0-06020101}_0]
"ImagePath"="\??\c:\gencotst\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-09-25 20:53:11
ComboFix-quarantined-files.txt 2011-09-26 00:53
.
Pre-Run: 901,495,275,520 bytes free
Post-Run: 901,437,267,968 bytes free
.
- - End Of File - - E027EC2B15702FBACF1E0367C469E2DC




Thanks for your help!!

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:54 PM

Posted 25 September 2011 - 09:32 PM

Hello

That was combofix and allow next time

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 thanksforhelping

thanksforhelping
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 25 September 2011 - 10:33 PM

Ran it. No Threats found.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:54 PM

Posted 25 September 2011 - 10:38 PM

Hello


how are things running now

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 thanksforhelping

thanksforhelping
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 25 September 2011 - 10:55 PM

OTL logfile created on: 9/25/2011 11:52:42 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Da Jules\Desktop\Special
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.80 Gb Total Physical Memory | 5.31 Gb Available Physical Memory | 68.01% Memory free
15.61 Gb Paging File | 12.78 Gb Available in Paging File | 81.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.84 Gb Total Space | 839.94 Gb Free Space | 91.51% Space Free | Partition Type: NTFS
Drive D: | 13.67 Gb Total Space | 6.69 Gb Free Space | 48.91% Space Free | Partition Type: NTFS

Computer Name: MAKETHATMONEY | User Name: Da Jules | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Da Jules\Desktop\Special\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Da Jules\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (Google)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\TechSmith\Jing\Jing.exe (TechSmith Corporation)
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7f94f6b13f92f1e093716d3e15bf86d1\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c60906a715473ceccf93f0559527e84d\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\4a63fb97b3c648a28b8047697869ee7d\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\5566b57732d9edea236f54d06149835a\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6124dbbfd45927c4a6226d6e6bca6253\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\b614f2d2f13857c09c98b02944fc1c41\Accessibility.ni.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\TechSmith\Jing\Recorder.dll ()
MOD - C:\Program Files (x86)\TechSmith\Jing\PushSource.dll ()
MOD - C:\Program Files (x86)\TechSmith\Jing\Mp4Parsing.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (NitroReaderDriverReadSpool2) -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (Nitro PDF Software)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV - (B-Service) -- C:\Users\Da Jules\AppData\Roaming\Mikogo\B-Service.exe ()
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (LMIMaint) -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (LogMeIn) -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (LogMeIn, Inc.)
SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (cbVSCService) -- C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe (CobianSoft, Luis Cobian)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (MpfService) -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (LMIRfsClientNP) -- C:\Windows\SysNative\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (LMIRfsDriver) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV:64bit: - (lmimirr) -- C:\Windows\SysNative\drivers\lmimirr.sys (LogMeIn, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (IntcDAud) Intel® -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (k57nd60a) Broadcom NetLink ™ -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (HECIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (RegGuard) -- C:\Windows\SysWOW64\drivers\regguard.sys (Greatis Software)
DRV - (Partizan) -- C:\Windows\system32\drivers\Partizan.sys (Greatis Software)
DRV - (LMIInfo) -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys (LogMeIn, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3461175346-224215554-2319799231-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3461175346-224215554-2319799231-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Da Jules\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Da Jules\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Da Jules\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Da Jules\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/20 20:06:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/12 15:56:00 | 000,000,000 | ---D | M]

[2011/09/08 12:21:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Da Jules\AppData\Roaming\Mozilla\Extensions
[2011/09/08 12:21:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Da Jules\AppData\Roaming\Mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
[2011/09/14 13:39:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Da Jules\AppData\Roaming\Mozilla\Firefox\Profiles\361qqsg9.default\extensions
[2011/09/22 16:47:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/07/25 14:16:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/09/14 09:55:47 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Da Jules\AppData\Local\Google\Chrome\Application\14.0.835.186\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Da Jules\AppData\Local\Google\Chrome\Application\14.0.835.186\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Da Jules\AppData\Local\Google\Chrome\Application\14.0.835.186\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Da Jules\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\Da Jules\AppData\Local\Google\Chrome\Application\plugins\npatgpc.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Da Jules\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Da Jules\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Da Jules\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/09/25 20:33:25 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\MSKAPB~1.DLL File not found
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110920200611.dll (McAfee, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110920200611.dll (McAfee, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKU\S-1-5-21-3461175346-224215554-2319799231-1002..\Run: [Mikogo] C:\Users\Da Jules\AppData\Roaming\Mikogo\Mikogo-Host.exe (Mikogo)
O4 - HKU\S-1-5-21-3461175346-224215554-2319799231-1002..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Da Jules\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozenda.lnk = C:\Users\Da Jules\AppData\Roaming\Mozenda\Programs\Mozenda.ClientConnector.exe (Mozenda, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3461175346-224215554-2319799231-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3461175346-224215554-2319799231-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.243.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3811AAEE-67D8-41AC-9C15-B4C275EB3573}: DhcpNameServer = 192.168.1.1 71.243.0.12
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (Partizan)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/25 23:32:53 | 001,547,056 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Da Jules\Desktop\tdsskiller.exe
[2011/09/25 20:53:51 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/09/25 19:27:09 | 000,000,000 | ---D | C] -- C:\ComboFix2
[2011/09/25 19:24:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/09/25 19:24:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/09/25 19:24:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/09/25 19:21:13 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/09/25 19:19:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/25 17:09:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/25 17:09:09 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/09/25 17:09:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/09/25 16:59:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/09/24 14:05:08 | 000,200,976 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys
[2011/09/23 10:31:06 | 000,000,000 | ---D | C] -- C:\Users\Da Jules\AppData\Local\Safe mirror
[2011/09/23 10:30:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 10
[2011/09/23 10:30:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cobian Backup 10
[2011/09/22 20:46:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reanimator
[2011/09/22 20:04:09 | 000,039,192 | ---- | C] (Greatis Software) -- C:\Windows\SysNative\Partizan.exe
[2011/09/22 20:01:42 | 000,024,416 | ---- | C] (Greatis Software) -- C:\Windows\SysWow64\drivers\regguard.sys
[2011/09/22 19:48:59 | 000,039,192 | ---- | C] (Greatis Software) -- C:\Windows\SysWow64\Partizan.exe
[2011/09/22 19:48:59 | 000,035,816 | ---- | C] (Greatis Software) -- C:\Windows\SysWow64\drivers\Partizan.sys
[2011/09/22 19:48:54 | 000,000,000 | ---D | C] -- C:\Users\Da Jules\Documents\RegRun2
[2011/09/22 19:48:52 | 000,011,040 | ---- | C] (Greatis Software, LLC.) -- C:\Windows\SysWow64\drivers\UnHackMeDrv.sys
[2011/09/22 19:48:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
[2011/09/22 19:48:52 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\regruninfo
[2011/09/22 19:48:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UnHackMe
[2011/09/22 19:40:31 | 000,000,000 | ---D | C] -- C:\Users\Da Jules\AppData\Roaming\SUPERAntiSpyware.com
[2011/09/22 19:40:06 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011/09/22 19:40:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/09/22 19:40:04 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/09/22 19:40:04 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/09/22 19:34:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/09/22 19:34:13 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/09/22 19:06:44 | 000,000,000 | ---D | C] -- C:\Users\Da Jules\Desktop\Special
[2011/09/22 17:26:12 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/09/22 15:37:25 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/09/22 15:37:25 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011/09/22 12:58:46 | 000,000,000 | ---D | C] -- C:\Users\Da Jules\Desktop\banner work for sample
[2011/09/21 09:04:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Keyboard
[2011/09/21 09:04:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
[2011/09/20 20:06:23 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2011/09/20 20:06:11 | 000,009,984 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeclnk.sys
[2011/09/20 20:05:41 | 000,149,032 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe
[2011/09/20 20:05:37 | 000,530,304 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfehidk.sys
[2011/09/20 20:05:37 | 000,441,840 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfefirek.sys
[2011/09/20 20:05:37 | 000,283,744 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfewfpk.sys
[2011/09/20 20:05:37 | 000,190,520 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeavfk.sys
[2011/09/20 20:05:37 | 000,121,376 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeapfk.sys
[2011/09/20 20:05:37 | 000,094,992 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mferkdet.sys
[2011/09/20 20:05:37 | 000,075,160 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfenlfk.sys
[2011/09/20 20:05:37 | 000,063,056 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\cfwids.sys
[2011/09/20 14:35:13 | 000,000,000 | ---D | C] -- C:\Users\Da Jules\AppData\Roaming\Malwarebytes
[2011/09/20 14:35:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/09/20 14:24:05 | 009,851,496 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Da Jules\Desktop\mbam-setup.exe
[2011/09/20 12:24:26 | 000,000,000 | ---D | C] -- C:\Users\Da Jules\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery
[2011/09/19 14:58:34 | 000,000,000 | ---D | C] -- C:\Users\Da Jules\AppData\Roaming\webex
[2011/09/19 14:30:31 | 000,000,000 | ---D | C] -- C:\ProgramData\WebEx
[2011/09/14 00:25:19 | 000,000,000 | ---D | C] -- C:\47b34d1cad9030aa0d9c3107ca13d68f
[2011/09/14 00:23:11 | 000,000,000 | ---D | C] -- C:\1201e169ab7080ef7bf786
[2011/09/13 18:46:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011/09/13 18:46:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2011/09/13 18:40:48 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2011/09/13 18:40:40 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2011/09/13 18:40:40 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2011/09/13 18:40:40 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2011/09/13 18:40:40 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2011/09/13 18:40:40 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2011/09/13 18:40:39 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2011/09/13 18:40:39 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2011/09/13 18:40:39 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2011/09/13 18:40:39 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2011/09/13 18:40:16 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/09/13 18:40:16 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011/09/13 18:40:16 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011/09/13 18:40:16 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/09/13 18:40:15 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011/09/13 18:40:15 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011/09/13 18:40:15 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011/09/13 18:40:15 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011/09/13 18:40:15 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011/09/13 18:40:15 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011/09/13 18:40:15 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/09/13 18:40:15 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011/09/13 18:40:14 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011/09/13 18:40:14 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011/09/13 18:40:14 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011/09/13 18:40:14 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011/09/13 18:40:14 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011/09/13 18:40:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/09/13 18:40:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/09/13 18:40:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/09/13 18:40:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011/09/13 18:40:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/09/13 18:40:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/09/13 18:40:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011/09/13 18:40:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/09/13 18:40:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/09/13 18:40:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/09/13 18:40:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/09/13 18:40:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011/09/13 18:40:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011/09/13 18:40:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011/09/13 18:40:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/09/13 18:40:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011/09/13 18:40:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/09/13 18:40:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/09/13 18:40:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011/09/13 18:40:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/09/13 18:40:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/09/13 18:40:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011/09/13 18:40:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011/09/13 18:40:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/09/13 18:40:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/09/13 18:40:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/09/13 18:40:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/09/13 18:40:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/09/13 18:40:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011/09/13 18:40:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/09/13 18:40:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011/09/13 18:40:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011/09/13 18:40:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/09/13 18:40:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011/09/13 18:40:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/09/13 18:40:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011/09/13 18:40:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/09/13 18:40:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/09/13 18:40:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011/09/13 18:40:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/09/13 18:40:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011/09/13 18:40:12 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/09/13 18:40:12 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/09/13 18:40:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/09/13 18:40:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/09/13 18:40:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/09/13 18:40:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011/09/13 18:40:11 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011/09/13 18:40:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011/09/13 18:40:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/09/13 18:40:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011/09/13 18:40:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011/09/13 18:38:09 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/09/13 18:38:08 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/09/13 18:38:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/09/13 18:38:08 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/09/13 18:38:08 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/09/13 18:38:08 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/09/13 18:38:08 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/09/13 18:36:48 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/09/13 18:36:47 | 005,561,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/09/13 18:36:47 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/09/13 17:51:37 | 000,000,000 | ---D | C] -- C:\$AVG
[2011/09/13 14:26:30 | 000,000,000 | ---D | C] -- C:\Users\Da Jules\AppData\Roaming\AVG2012
[2011/09/13 11:33:47 | 000,000,000 | ---D | C] -- C:\Users\Da Jules\AppData\Roaming\Mozenda
[2011/09/13 11:33:47 | 000,000,000 | ---D | C] -- C:\Users\Da Jules\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozenda
[2011/09/13 11:12:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Files
[2011/09/13 11:11:39 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/09/13 11:11:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2011/09/13 11:02:31 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/09/12 19:13:26 | 000,000,000 | ---D | C] -- C:\Users\Da Jules\AppData\Roaming\Anix Software
[2011/09/12 19:13:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PicViewer 3
[2011/09/12 19:13:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PicViewer 3
[2011/09/12 15:56:20 | 000,000,000 | ---D | C] -- C:\Users\Da Jules\AppData\Roaming\acccore
[2011/09/12 15:56:07 | 000,000,000 | ---D | C] -- C:\Users\Da Jules\AppData\Local\AOL
[2011/09/12 15:56:07 | 000,000,000 | ---D | C] -- C:\Users\Da Jules\AppData\Local\AIM
[2011/09/12 15:56:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIM
[2011/09/12 15:56:02 | 000,000,000 | ---D | C] -- C:\ProgramData\AIM
[2011/09/12 15:56:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Software Update Utility
[2011/09/12 15:56:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AIM
[2011/09/12 15:55:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AOL
[2011/09/08 12:21:33 | 000,000,000 | ---D | C] -- C:\Users\Da Jules\AppData\Roaming\Google
[2011/09/08 12:21:21 | 000,000,000 | ---D | C] -- C:\Users\Da Jules\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google AdWords Editor
[2011/09/06 18:10:07 | 000,000,000 | ---D | C] -- C:\Users\Da Jules\AppData\Local\Microsoft Games
[2011/09/05 20:11:39 | 000,000,000 | ---D | C] -- C:\Users\Da Jules\Documents\~Chinaccelerator
[2011/09/05 13:12:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2011/09/01 16:36:05 | 000,000,000 | ---D | C] -- C:\Users\Da Jules\Documents\WebSite Auditor Reports
[2011/09/01 14:23:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse
[2011/09/01 14:22:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2011/08/31 13:51:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2011/08/31 13:24:15 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2011/08/31 13:24:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2011/08/30 09:39:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

========== Files - Modified Within 30 Days ==========

[2011/09/25 23:32:53 | 001,547,056 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Da Jules\Desktop\tdsskiller.exe
[2011/09/25 23:29:01 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3461175346-224215554-2319799231-1002UA.job
[2011/09/25 20:33:25 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/09/25 17:09:13 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/25 17:04:36 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/25 17:04:36 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/25 17:01:35 | 000,727,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/25 17:01:35 | 000,624,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/25 17:01:35 | 000,106,502 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/25 16:57:19 | 1989,500,927 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/25 16:57:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/25 16:57:18 | 619,269,035 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/09/25 07:29:01 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3461175346-224215554-2319799231-1002Core.job
[2011/09/24 14:08:16 | 000,185,924 | ---- | M] () -- C:\Users\Da Jules\AppData\Local\census.cache
[2011/09/24 14:08:12 | 000,128,698 | ---- | M] () -- C:\Users\Da Jules\AppData\Local\ars.cache
[2011/09/24 14:04:36 | 000,000,036 | ---- | M] () -- C:\Users\Da Jules\AppData\Local\housecall.guid.cache
[2011/09/23 09:29:33 | 000,000,000 | ---- | M] () -- C:\Users\Da Jules\defogger_reenable
[2011/09/22 20:46:26 | 000,000,959 | ---- | M] () -- C:\Users\Da Jules\Desktop\Reanimator.lnk
[2011/09/22 20:06:55 | 000,024,416 | ---- | M] (Greatis Software) -- C:\Windows\SysWow64\drivers\regguard.sys
[2011/09/22 20:04:09 | 000,039,192 | ---- | M] (Greatis Software) -- C:\Windows\SysNative\Partizan.exe
[2011/09/22 19:48:59 | 000,039,192 | ---- | M] (Greatis Software) -- C:\Windows\SysWow64\Partizan.exe
[2011/09/22 19:48:59 | 000,035,816 | ---- | M] (Greatis Software) -- C:\Windows\SysWow64\drivers\Partizan.sys
[2011/09/22 19:48:55 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2011/09/22 19:48:55 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\CONFIG.NT
[2011/09/22 19:48:55 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2011/09/22 19:48:53 | 000,000,949 | ---- | M] () -- C:\Users\Da Jules\Desktop\UnHackMe.lnk
[2011/09/22 19:40:06 | 000,001,814 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/09/22 15:16:44 | 000,409,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/09/22 13:30:56 | 000,359,736 | ---- | M] () -- C:\Users\Da Jules\.ranktracker.properties
[2011/09/22 12:58:28 | 000,905,789 | ---- | M] () -- C:\Users\Da Jules\Desktop\banner work for sample.zip
[2011/09/22 09:09:25 | 002,864,994 | ---- | M] () -- C:\Users\Da Jules\Desktop\cover.pdf
[2011/09/20 20:29:33 | 000,002,426 | ---- | M] () -- C:\Users\Da Jules\Desktop\Google Chrome.lnk
[2011/09/20 12:59:32 | 009,851,496 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Da Jules\Desktop\mbam-setup.exe
[2011/09/20 12:55:12 | 001,008,092 | ---- | M] () -- C:\Users\Da Jules\Desktop\iExplore.exe
[2011/09/20 12:24:26 | 000,000,685 | ---- | M] () -- C:\Users\Da Jules\Application Data\Microsoft\Internet Explorer\Quick Launch\Data Recovery.lnk
[2011/09/14 11:36:27 | 000,001,870 | ---- | M] () -- C:\Users\Da Jules\Desktop\Mikogo.lnk
[2011/09/14 11:36:27 | 000,001,850 | ---- | M] () -- C:\Users\Da Jules\Application Data\Microsoft\Internet Explorer\Quick Launch\Mikogo.lnk
[2011/09/14 09:46:40 | 000,036,179 | ---- | M] () -- C:\Users\Da Jules\Documents\AVG_Mikogo_issue2.png
[2011/09/14 09:45:52 | 000,072,018 | ---- | M] () -- C:\Users\Da Jules\Documents\AVG_Mikogo_issue1.png
[2011/09/14 00:28:56 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll
[2011/09/14 00:28:56 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll
[2011/09/13 18:33:43 | 002,754,150 | ---- | M] () -- C:\Users\Da Jules\.websiteauditor.properties
[2011/09/13 18:11:45 | 000,031,033 | ---- | M] () -- C:\Users\Da Jules\Documents\AVG_Mikogo_issue.png
[2011/09/13 16:00:44 | 000,000,389 | ---- | M] () -- C:\Users\Da Jules\Documents\ChatLog Meet Now 2011_09_13 16_00.rtf
[2011/09/13 11:33:47 | 000,002,158 | ---- | M] () -- C:\Users\Da Jules\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozenda.lnk
[2011/09/13 11:33:47 | 000,002,150 | ---- | M] () -- C:\Users\Da Jules\Desktop\Mozenda.lnk
[2011/09/12 23:33:30 | 000,002,934 | ---- | M] () -- C:\Users\Da Jules\Desktop\S0210278_1_ban.jpg
[2011/09/12 15:56:07 | 000,000,698 | ---- | M] () -- C:\IPH.PH
[2011/09/12 15:56:02 | 000,001,941 | ---- | M] () -- C:\Users\Da Jules\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2011/09/12 15:56:02 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\AIM.lnk
[2011/09/10 18:24:20 | 000,073,327 | ---- | M] () -- C:\Users\Da Jules\Desktop\voucher-5240944107-9108.pdf
[2011/09/10 18:22:49 | 000,073,148 | ---- | M] () -- C:\Users\Da Jules\Desktop\voucher-8588545535-9108.pdf
[2011/09/05 13:12:17 | 000,001,866 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2011/09/05 13:12:17 | 000,001,864 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/09/01 23:48:54 | 000,501,157 | ---- | M] () -- C:\Users\Da Jules\.spyglass.properties
[2011/09/01 14:23:07 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2011/09/01 14:23:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/08/31 13:45:46 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/08/30 09:39:46 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

========== Files Created - No Company Name ==========

[2011/09/25 19:24:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/25 19:24:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/25 19:24:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/25 19:24:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/25 19:24:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/25 17:09:13 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/24 14:08:16 | 000,185,924 | ---- | C] () -- C:\Users\Da Jules\AppData\Local\census.cache
[2011/09/24 14:08:12 | 000,128,698 | ---- | C] () -- C:\Users\Da Jules\AppData\Local\ars.cache
[2011/09/24 14:04:36 | 000,000,036 | ---- | C] () -- C:\Users\Da Jules\AppData\Local\housecall.guid.cache
[2011/09/23 09:29:33 | 000,000,000 | ---- | C] () -- C:\Users\Da Jules\defogger_reenable
[2011/09/22 20:46:26 | 000,000,959 | ---- | C] () -- C:\Users\Da Jules\Desktop\Reanimator.lnk
[2011/09/22 19:48:55 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2011/09/22 19:48:55 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\CONFIG.NT
[2011/09/22 19:48:55 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2011/09/22 19:48:53 | 000,000,949 | ---- | C] () -- C:\Users\Da Jules\Desktop\UnHackMe.lnk
[2011/09/22 19:40:06 | 000,001,814 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/09/22 17:25:59 | 619,269,035 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/09/22 12:58:37 | 000,905,789 | ---- | C] () -- C:\Users\Da Jules\Desktop\banner work for sample.zip
[2011/09/22 09:09:28 | 002,864,994 | ---- | C] () -- C:\Users\Da Jules\Desktop\cover.pdf
[2011/09/20 15:20:05 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/09/20 15:20:05 | 000,002,168 | ---- | C] () -- C:\Users\Public\Desktop\Roxio Creator Starter.lnk
[2011/09/20 15:20:05 | 000,002,041 | ---- | C] () -- C:\Users\Public\Desktop\Nitro PDF Reader.lnk
[2011/09/20 15:20:05 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\AIM.lnk
[2011/09/20 15:20:05 | 000,001,866 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2011/09/20 15:20:05 | 000,001,157 | ---- | C] () -- C:\Users\Public\Desktop\PrimoPDF - Drop Files Here to Convert!.lnk
[2011/09/20 15:20:05 | 000,001,144 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/09/20 15:20:05 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\Market Samurai.lnk
[2011/09/20 15:20:01 | 000,002,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
[2011/09/20 15:20:01 | 000,001,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/09/20 15:19:59 | 000,002,507 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro PDF Reader 2.lnk
[2011/09/20 15:19:59 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/09/20 15:19:59 | 000,002,435 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
[2011/09/20 15:19:59 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/09/20 15:19:59 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2011/09/20 15:19:59 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/09/20 15:19:59 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2011/09/20 15:19:59 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/09/20 15:19:59 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2011/09/20 15:19:59 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2011/09/20 15:19:59 | 000,001,156 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/09/20 15:19:59 | 000,000,994 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn.lnk
[2011/09/20 15:19:59 | 000,000,949 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Market Samurai.lnk
[2011/09/20 14:23:53 | 001,008,092 | ---- | C] () -- C:\Users\Da Jules\Desktop\iExplore.exe
[2011/09/20 12:24:26 | 000,000,685 | ---- | C] () -- C:\Users\Da Jules\Application Data\Microsoft\Internet Explorer\Quick Launch\Data Recovery.lnk
[2011/09/14 09:46:40 | 000,036,179 | ---- | C] () -- C:\Users\Da Jules\Documents\AVG_Mikogo_issue2.png
[2011/09/14 09:45:52 | 000,072,018 | ---- | C] () -- C:\Users\Da Jules\Documents\AVG_Mikogo_issue1.png
[2011/09/13 18:08:39 | 000,031,033 | ---- | C] () -- C:\Users\Da Jules\Documents\AVG_Mikogo_issue.png
[2011/09/13 16:00:44 | 000,000,389 | ---- | C] () -- C:\Users\Da Jules\Documents\ChatLog Meet Now 2011_09_13 16_00.rtf
[2011/09/13 11:33:47 | 000,002,158 | ---- | C] () -- C:\Users\Da Jules\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozenda.lnk
[2011/09/13 11:33:47 | 000,002,150 | ---- | C] () -- C:\Users\Da Jules\Desktop\Mozenda.lnk
[2011/09/12 23:33:36 | 000,002,934 | ---- | C] () -- C:\Users\Da Jules\Desktop\S0210278_1_ban.jpg
[2011/09/12 15:56:02 | 000,001,941 | ---- | C] () -- C:\Users\Da Jules\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2011/09/10 18:24:27 | 000,073,327 | ---- | C] () -- C:\Users\Da Jules\Desktop\voucher-5240944107-9108.pdf
[2011/09/10 18:22:56 | 000,073,148 | ---- | C] () -- C:\Users\Da Jules\Desktop\voucher-8588545535-9108.pdf
[2011/09/01 14:23:07 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2011/09/01 14:23:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2011/08/30 10:31:56 | 000,000,698 | ---- | C] () -- C:\IPH.PH
[2011/07/29 12:06:09 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/07/12 22:59:31 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/24 11:39:58 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011/05/24 11:39:58 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011/05/24 09:43:06 | 000,000,051 | ---- | C] () -- C:\Windows\smsts.ini
[2011/02/11 19:15:08 | 000,874,048 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/02/10 00:03:48 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini
[2010/08/25 19:34:30 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/08/25 19:34:30 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

< End of report >

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:54 PM

Posted 25 September 2011 - 11:33 PM

How are things running now?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 thanksforhelping

thanksforhelping
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 25 September 2011 - 11:41 PM

Still have Google redirect.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:54 PM

Posted 26 September 2011 - 05:29 AM

Hello

I want you to run this custem OTL script for me and then let me know how things are after you finish.

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    
    :otl
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\MSKAPB~1.DLL File not found
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found:Files
    ipconfig /flushdns /c
    :Commands
    [PURITY] 
    [EMPTYTEMP]
    [EMPTYFLASH]
    [RESETHOSTS] 
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 thanksforhelping

thanksforhelping
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 26 September 2011 - 06:00 AM

not sure what you meant by the word "code"

Ran it.

here is the log.

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\0x00000001\ not found.
File Protocol\Handler\msdaipp\0x00000001 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\oledb\ not found.
File Protocol\Handler\msdaipp\oledb - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\mso-offdap\ deleted successfully.
File Protocol\Handler\mso-offdap - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\mso-offdap11\ deleted successfully.
File Protocol\Handler\mso-offdap11 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
File Protocol\Handler\skype-ie-addon-data - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Da Jules
->Temp folder emptied: 24956732 bytes
->Temporary Internet Files folder emptied: 10619889 bytes
->Java cache emptied: 324408 bytes
->FireFox cache emptied: 92631824 bytes
->Google Chrome cache emptied: 11967489 bytes
->Flash cache emptied: 102634 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6295 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 134.00 mb


[EMPTYFLASH]

User: All Users

User: Da Jules
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.29.1 log created on 09262011_064851

Files\Folders moved on Reboot...
File\Folder C:\Users\Da Jules\AppData\Local\Temp\CVHLauncher(20110926000844F10).log not found!
C:\Users\Da Jules\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Da Jules\AppData\Local\Temp\Z@R32CB.tmp moved successfully.
File\Folder C:\Users\Da Jules\AppData\Local\Temp\~DF04677508D66990A3.TMP not found!
File\Folder C:\Users\Da Jules\AppData\Local\Temp\~DF10AB7B11C47EE79D.TMP not found!
File\Folder C:\Users\Da Jules\AppData\Local\Temp\~DF12995B9FD029EC60.TMP not found!
File\Folder C:\Users\Da Jules\AppData\Local\Temp\~DF2E1B78E2A7BD457C.TMP not found!
File\Folder C:\Users\Da Jules\AppData\Local\Temp\~DF9CE944C801C866C5.TMP not found!
File\Folder C:\Users\Da Jules\AppData\Local\Temp\~DFD97624096A0DE921.TMP not found!
File\Folder C:\Users\Da Jules\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HMLUBGSF\ac3[4].htm not found!
File move failed. C:\Users\Da Jules\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:54 PM

Posted 26 September 2011 - 08:10 AM

how are things now


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users