Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

all three computers have a virus that has made user files and believe its running system files


  • This topic is locked This topic is locked
12 replies to this topic

#1 dakthur

dakthur

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:33 AM

Posted 15 April 2012 - 04:21 PM

The same virus from 2 weeks ago is back when i had it before i got worried because it was putting an unknown user into files with permissions so i restored all the computers, now again it spread thru the network now all 3 comps have a NTUSER.DAT file in the user folder and the system profiles folders that arent hidden and they update every minute. on this computer I checked the firewall activity and it said that one ofd my other computers tried to access this one with the service SSDP thru UDP port 1900. this comp is a laptop so its wireless conected and the desktop in my room is wired directly from the router but the computer that this post was about has a usb linksys wireless adapter to pick up our networks wireless signal. when I found the NTUSER.DAT files on one computer I went to the other two to run MBAM scans and when I clicked update it reinstalled it then updated and thats when the NTUSER.DAT files appeaered on the other two computers.As of right now on my laptop it has passworded some processes and my pctools is saying there are 4 registry files belonging to my antivirus but it cant repair them. please help.

This is the DDS log for the alienware laptop after i post this I will go run the logs on the two desktops and post them to this forum post. I didn't do the gamer log because all my computers have 64 bit operating systems.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.3.1
Run by vaughn1 at 16:51:37 on 2012-04-15
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4044.2333 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\AlienRespawn\sftservice.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\AlienRespawn\TOASTER.EXE
C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Alienware\Command Center\AlienFusionService.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://AlienwareArena.com
uDefault_Page_URL = hxxp://AlienwareArena.com
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120407093240.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [DelayShred] "c:\PROGRA~1\mcafee\mqs\ShrCL.EXE" /P1 /q "C:\Users\vaughn1\NTUSER.DAT" "C:\WINDOWS\SERVIC~2\NETWOR~1\NTUSER.DAT" "C:\WINDOWS\SERVIC~2\LOCALS~1\NTUSER.DAT"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
mRun: [Integrated Webcam Live! Central] "C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" /mode2
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
StartupFolder: C:\Users\vaughn1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
uPolicies-explorer: NoInstrumentation = 1
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E45E6B63-2677-4EAB-8426-DF52A6E7CE38} : DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120407093240.dll
BHO-X64: scriptproxy - No File
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
mRun-x64: [Integrated Webcam Live! Central] "C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" /mode2
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 EMSC;COMPAL Embedded System Control;C:\WINDOWS\System32\drivers\EMSC.sys [2009-6-26 13680]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 nvkflt;nvkflt;C:\Windows\system32\DRIVERS\nvkflt.sys --> C:\Windows\system32\DRIVERS\nvkflt.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-1-19 98208]
R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2011-3-22 15296]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-1-19 13336]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-4-7 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-4-7 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-4-7 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-4-7 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-4-2 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-4-2 208536]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-4-3 2348352]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-4-9 793056]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\AlienRespawn\SftService.exe [2012-1-19 1692480]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
S0 johci;JMicron 1394 Filter Driver;C:\Windows\system32\drivers\johci.sys --> C:\Windows\system32\drivers\johci.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-3 253088]
S3 cphs;Intel® Content Protection HECI Service;C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe [2012-2-14 276248]
S3 DMDefragService;PC Tools Performance Toolkit Defrag Service;C:\Program Files (x86)\PC Tools\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe [2012-4-9 1038304]
S3 DMRepairService;PC Tools Performance Toolkit Repair Service;C:\Program Files (x86)\PC Tools\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe [2012-4-9 1030112]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2012-4-2 220528]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
S3 netvsc;netvsc;C:\Windows\system32\DRIVERS\netvsc60.sys --> C:\Windows\system32\DRIVERS\netvsc60.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PCTDMDefrag;PCTDMDefrag;C:\WINDOWS\System32\drivers\PCTDMDefrag.sys [2012-4-1 108864]
S3 PCTDSMon;PCTDSMon;\??\C:\Windows\system32\drivers\PCTDSMon.sys --> C:\Windows\system32\drivers\PCTDSMon.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\system32\drivers\Synth3dVsc.sys --> C:\Windows\system32\drivers\Synth3dVsc.sys [?]
S3 SynthVid;SynthVid;C:\Windows\system32\DRIVERS\VMBusVideoM.sys --> C:\Windows\system32\DRIVERS\VMBusVideoM.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-4-7 249936]
.
=============== Created Last 30 ================
.
2012-04-15 20:22:12 16200 ----a-w- C:\Windows\stinger.sys
2012-04-15 20:13:51 -------- d-----w- C:\Program Files (x86)\stinger
2012-04-15 18:51:39 -------- d-----w- C:\Users\vaughn1\AppData\Roaming\McAfee
2012-04-13 21:32:05 8741536 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-10 18:55:23 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-10 18:55:23 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-10 18:55:23 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-10 18:55:23 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-10 18:55:23 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-10 18:55:23 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-10 18:55:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-10 18:42:34 -------- d-----w- C:\Users\vaughn1\AppData\Roaming\PC Tools Performance Toolkit
2012-04-10 00:08:17 14744 ----a-w- C:\Users\vaughn1\AppData\Roaming\Microsoft\IdentityCRL\Production\ppcrlconfig.dll
2012-04-10 00:05:19 -------- d-----w- C:\Program Files (x86)\MSECache
2012-04-09 21:17:32 191104 ----a-w- C:\Windows\System32\drivers\PCTDSMon.sys
2012-04-09 21:17:32 163440 ----a-w- C:\Windows\System32\drivers\PCTDMDefrag.sys
2012-04-09 21:17:29 880640 ----a-w- C:\Windows\SysWow64\UniBox10.ocx
2012-04-09 21:17:29 40416 ----a-w- C:\Windows\System32\CleanMFT64.exe
2012-04-09 21:17:29 212992 ----a-w- C:\Windows\SysWow64\UniBoxVB12.ocx
2012-04-09 21:17:29 1101824 ----a-w- C:\Windows\SysWow64\UniBox210.ocx
2012-04-09 21:17:28 658432 ----a-w- C:\Windows\SysWow64\MSCOMCT2.OCX
2012-04-09 21:17:28 512480 ----a-w- C:\Windows\SysWow64\msxml.dll
2012-04-09 21:17:21 -------- d-----w- C:\Program Files (x86)\PC Tools
2012-04-09 03:33:56 -------- d-----w- C:\ProgramData\Gogii
2012-04-08 20:39:56 -------- d-----w- C:\Users\vaughn1\AppData\Roaming\Malwarebytes
2012-04-08 20:39:46 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-08 16:58:29 -------- d-----w- C:\Program Files\Microsoft Mathematics
2012-04-05 22:53:17 -------- d-----w- C:\Users\vaughn1\AppData\Local\CrashDumps
2012-04-04 02:12:47 -------- d-----w- C:\Users\vaughn1\AppData\Roaming\Big Fish Games
2012-04-04 00:19:17 -------- d-----w- C:\Program Files (x86)\The Hidden Object Show Combo Pack
2012-04-04 00:17:35 -------- d-----w- C:\Program Files (x86)\Righteous Kill 2 - Revenge of the Poet Killer
2012-04-04 00:15:52 -------- d-----w- C:\Program Files (x86)\Hidden Expedition_DevilsTriangle
2012-04-03 22:05:29 -------- d-----w- C:\NVIDIA
2012-04-03 20:30:31 -------- d-----w- C:\Users\vaughn1\AppData\Local\namco
2012-04-03 20:08:09 -------- d-----w- C:\Program Files (x86)\Common Files\BioWare
2012-04-03 20:05:47 -------- d-----w- C:\Users\vaughn1\AppData\Roaming\Dell
2012-04-03 20:05:21 -------- d-----w- C:\Program Files\AlienAutopsy
2012-04-03 20:01:38 -------- d-----w- C:\Users\vaughn1\AppData\Roaming\PCDr
2012-04-03 20:00:15 -------- d-----w- C:\ProgramData\PCDr
2012-04-03 19:40:17 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-03 19:30:56 -------- d--h--w- C:\Windows\msdownld.tmp
2012-04-03 19:30:50 -------- d-----w- C:\Windows\SysWow64\directx
2012-04-03 19:28:43 -------- d-----w- C:\Program Files (x86)\Telltale Games
2012-04-03 19:08:37 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2012-04-03 19:08:13 -------- d-----w- C:\Windows\PCHEALTH
2012-04-03 19:08:13 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-04-03 19:06:41 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2012-04-03 19:06:02 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2012-04-03 19:05:33 -------- d-----w- C:\Users\vaughn1\AppData\Local\Microsoft Help
2012-04-02 22:37:52 -------- d-----w- C:\Windows\System32\appmgmt
2012-04-02 22:13:07 -------- d-----w- C:\Program Files (x86)\McAfee.com
2012-04-02 22:13:01 10248 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2012-04-02 22:13:01 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
2012-04-02 22:12:47 75808 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2012-04-02 22:12:47 65264 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2012-04-02 22:12:47 481768 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2012-04-02 22:12:47 284648 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2012-04-02 22:12:47 229528 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2012-04-02 22:12:47 100912 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2012-04-02 22:12:44 -------- d-----w- C:\Program Files\McAfee.com
2012-04-02 22:12:44 -------- d-----w- C:\Program Files\McAfee
2012-04-02 22:12:44 -------- d-----w- C:\Program Files\Common Files\McAfee
2012-04-02 22:12:42 -------- d-----w- C:\Program Files (x86)\McAfee
2012-04-02 22:12:16 161168 ----a-w- C:\Windows\System32\mfevtps.exe
2012-04-02 22:07:18 -------- d-----w- C:\Program Files (x86)\Oracle
2012-04-02 22:06:56 637848 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-04-02 22:05:33 -------- d-----w- C:\Users\vaughn1\AppData\Roaming\e-academy Inc
2012-04-02 22:05:33 -------- d-----w- C:\Users\vaughn1\AppData\Local\e-academy Inc
2012-04-02 02:07:51 -------- d-----w- C:\Users\vaughn1\AppData\Local\Adobe
2012-04-02 02:04:05 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-04-01 22:27:11 -------- d-----w- C:\Program Files (x86)\Pickers
2012-04-01 22:25:52 -------- d-----w- C:\Program Files (x86)\House MD
2012-04-01 22:17:45 -------- d-----w- C:\ProgramData\Big Fish Games
2012-04-01 22:17:44 -------- d-----w- C:\Program Files (x86)\bfgclient
2012-04-01 22:16:57 -------- d-----w- C:\BigFishGamesCache
2012-04-01 22:11:31 -------- d-----w- C:\Users\vaughn1\My Backup Files
2012-04-01 22:07:46 -------- d-----w- C:\Windows\SysWow64\Wat
2012-04-01 22:07:46 -------- d-----w- C:\Windows\System32\Wat
2012-04-01 21:42:28 82432 ----a-w- C:\Windows\SysWow64\msxml4r.dll
2012-04-01 21:42:28 44544 ----a-w- C:\Windows\SysWow64\msxml4a.dll
2012-04-01 21:42:28 108864 ----a-w- C:\Windows\SysWow64\drivers\PCTDMDefrag.sys
2012-04-01 21:42:26 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-04-01 21:31:05 -------- d-----w- C:\ProgramData\PC Tools
2012-04-01 21:31:04 -------- d-----w- C:\Users\vaughn1\AppData\Roaming\Product_PT
2012-04-01 21:13:59 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2012-04-01 21:13:59 723456 ----a-w- C:\Windows\System32\EncDec.dll
2012-04-01 21:13:59 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-04-01 21:13:59 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-04-01 21:13:58 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2012-04-01 21:13:58 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-04-01 21:13:58 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-04-01 21:13:58 -------- d-----w- C:\ProgramData\Norton
2012-04-01 21:13:51 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-04-01 21:13:51 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-04-01 21:13:48 -------- d-----w- C:\ProgramData\NortonInstaller
2012-04-01 21:12:48 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-04-01 21:12:44 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{27AE948C-9BC8-4132-9B97-D5294B4F1E03}\mpengine.dll
2012-04-01 21:12:23 77312 ----a-w- C:\Windows\System32\packager.dll
2012-04-01 21:12:23 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-04-01 21:11:46 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-01 21:11:46 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-04-01 21:11:46 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-01 21:11:46 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-04-01 21:11:46 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-01 21:11:46 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-01 21:11:46 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-04-01 21:11:46 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-04-01 05:30:40 -------- d-----w- C:\Windows\SMINST
2012-04-01 03:54:58 -------- d-----w- C:\Users\vaughn1\AppData\Roaming\Intel Corporation
2012-04-01 03:54:39 -------- d-sh--w- C:\$RECYCLE.BIN
2012-04-01 03:54:38 -------- d-----w- C:\Users\vaughn1\AppData\Local\VirtualStore
.
==================== Find3M ====================
.
2012-04-13 22:32:14 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-02-29 21:00:22 3089728 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-02-29 21:00:09 6074176 ----a-w- C:\Windows\System32\nvcpl.dll
2012-02-29 20:59:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-02-29 20:59:47 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-02-29 20:59:47 55616 ----a-w- C:\Windows\System32\nv3dappshextr.dll
2012-02-29 20:59:47 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-02-29 20:59:47 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-02-29 20:59:46 849728 ----a-w- C:\Windows\System32\nv3dappshext.dll
2012-02-29 20:59:29 2515790 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-02-29 17:26:56 416064 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 13:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-14 22:55:04 276248 ----a-w- C:\Windows\SysWow64\IntelCpHeciSvc.exe
2012-02-14 22:55:02 5886232 ----a-w- C:\Windows\System32\GfxUI.exe
2012-02-14 22:55:02 511768 ----a-w- C:\Windows\System32\igfxsrvc.exe
2012-02-14 22:55:02 440600 ----a-w- C:\Windows\System32\igfxpers.exe
2012-02-14 22:55:02 398616 ----a-w- C:\Windows\System32\hkcmd.exe
2012-02-14 22:55:02 250136 ----a-w- C:\Windows\System32\igfxext.exe
2012-02-14 22:55:02 184600 ----a-w- C:\Windows\System32\difx64.exe
2012-02-14 22:55:02 170264 ----a-w- C:\Windows\System32\igfxtray.exe
2012-02-14 22:53:26 90112 ----a-w- C:\Windows\System32\igfxCoIn_v2653.dll
2012-02-14 22:47:40 8086528 ----a-w- C:\Windows\System32\igdumd64.dll
2012-02-14 22:47:38 14692224 ----a-w- C:\Windows\System32\drivers\igdkmd64.sys
2012-02-14 22:47:06 963912 ----a-w- C:\Windows\SysWow64\igkrng600.bin
2012-02-14 22:47:06 963912 ----a-w- C:\Windows\System32\igkrng600.bin
2012-02-14 22:47:06 79360 ----a-w- C:\Windows\System32\igdde64.dll
2012-02-14 22:47:06 261208 ----a-w- C:\Windows\SysWow64\igfcg600m.bin
2012-02-14 22:47:06 261208 ----a-w- C:\Windows\System32\igfcg600m.bin
2012-02-14 22:44:54 6120960 ----a-w- C:\Windows\SysWow64\igdumd32.dll
2012-02-14 22:44:24 58880 ----a-w- C:\Windows\SysWow64\igdde32.dll
2012-02-14 22:42:58 9605632 ----a-w- C:\Windows\System32\igd10umd64.dll
2012-02-14 22:35:26 7794688 ----a-w- C:\Windows\SysWow64\igd10umd32.dll
2012-02-14 22:07:18 18125312 ----a-w- C:\Windows\System32\ig4icd64.dll
2012-02-14 21:59:56 13209600 ----a-w- C:\Windows\SysWow64\ig4icd32.dll
2012-02-14 21:56:42 110592 ----a-w- C:\Windows\System32\hccutils.dll
2012-02-14 21:56:34 9216 ----a-w- C:\Windows\System32\IGFXDEVLib.dll
2012-02-14 21:56:34 430080 ----a-w- C:\Windows\System32\igfxdev.dll
2012-02-14 21:56:34 172032 ----a-w- C:\Windows\System32\gfxSrvc.dll
2012-02-14 21:56:06 286208 ----a-w- C:\Windows\System32\igfxrenu.lrc
2012-02-14 21:56:04 142336 ----a-w- C:\Windows\System32\igfxdo.dll
2012-02-14 21:56:02 9007616 ----a-w- C:\Windows\System32\igfxress.dll
2012-02-14 21:55:06 25088 ----a-w- C:\Windows\SysWow64\igfxexps32.dll
2012-02-14 21:54:36 321024 ----a-w- C:\Windows\SysWow64\igfxdv32.dll
2012-02-14 21:53:08 524800 ----a-w- C:\Windows\System32\iglhsip64.dll
2012-02-14 21:53:08 519680 ----a-w- C:\Windows\SysWow64\iglhsip32.dll
2012-02-14 21:53:08 2967040 ----a-w- C:\Windows\System32\igfxcmjit64.dll
2012-02-14 21:53:08 237056 ----a-w- C:\Windows\SysWow64\igfxcmrt32.dll
2012-02-14 21:53:08 2321408 ----a-w- C:\Windows\SysWow64\igfxcmjit32.dll
2012-02-14 21:53:08 213504 ----a-w- C:\Windows\System32\iglhcp64.dll
2012-02-14 21:53:08 193024 ----a-w- C:\Windows\System32\igfxcmrt64.dll
2012-02-14 21:53:08 177152 ----a-w- C:\Windows\SysWow64\iglhcp32.dll
2012-02-14 16:09:44 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-01-19 16:07:58 951680 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-01-19 15:47:56 91648 ----a-w- C:\Windows\System32\SetIEInstalledDate.exe
2012-01-19 14:51:58 627600 ----a-w- C:\Windows\System32\deployJava1.dll
.
============= FINISH: 16:52:35.07 ===============

Attached File  Attach.txt   9.41KB   0 downloads


will post first desktop logs in a few minutes

Edited by dakthur, 15 April 2012 - 06:35 PM.


BC AdBot (Login to Remove)

 


#2 dakthur

dakthur
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:33 AM

Posted 15 April 2012 - 06:50 PM

Attached File  Attach.txt   11.66KB   0 downloadsHeres the DDS logs for my newer desktop which also has a 64bit windows os before going on this computer I shut off network discovery on the sharing options hoping the other computers wont have access to this one.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.3.1
Run by vaughn at 19:16:29 on 2012-04-15
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6143.4933 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k NetworkService
c:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Windows\SysWOW64\WinMsgBalloonClient.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?ilc=14
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120406170801.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
StartupFolder: C:\Users\vaughn\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
uPolicies-explorer: NoInstrumentation = 1
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0D4059F4-B252-49F6-BE2D-AD693801165D} : DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120406170801.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mRun-x64: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-3-9 361984]
R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-3-16 122880]
R2 AMDFusionSVC;AMD Fusion Utility Service;C:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe [2009-9-8 383544]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-1-3 55936]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-4-4 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-4-4 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-4-4 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-4-4 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-6-3 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-6-3 208536]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-4-4 793056]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-6-3 1692480]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AmdLLD64;AMD Low Level Device Driver;C:\Windows\system32\DRIVERS\AmdLLD64.sys --> C:\Windows\system32\DRIVERS\AmdLLD64.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-4 253088]
S3 ahcix64s;ahcix64s;C:\Windows\system32\drivers\ahcix64s.sys --> C:\Windows\system32\drivers\ahcix64s.sys [?]
S3 DMDefragService;PC Tools Performance Toolkit Defrag Service;C:\Program Files (x86)\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe [2012-4-4 1038304]
S3 DMRepairService;PC Tools Performance Toolkit Repair Service;C:\Program Files (x86)\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe [2012-4-4 1030112]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-6-3 220528]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-3-22 25072]
S3 PCTDMDefrag;PCTDMDefrag;C:\WINDOWS\System32\drivers\PCTDMDefrag.sys [2012-4-4 108864]
S3 PCTDSMon;PCTDSMon;\??\C:\Windows\system32\drivers\PCTDSMon.sys --> C:\Windows\system32\drivers\PCTDSMon.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-4-4 249936]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-04-14 21:01:00 -------- d--h--w- C:\Windows\msdownld.tmp
2012-04-14 21:01:00 -------- d-----w- C:\Windows\SysWow64\directx
2012-04-14 21:00:42 -------- d-----w- C:\Users\vaughn\AppData\Roaming\RIFT
2012-04-14 21:00:40 -------- d-----w- C:\Program Files (x86)\RIFT Game
2012-04-14 20:53:46 -------- d-----w- C:\Program Files\Microsoft Mathematics
2012-04-14 15:42:10 -------- d-----w- C:\Users\vaughn\AppData\Local\Facebook
2012-04-13 17:57:19 8766112 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-10 18:55:55 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-10 18:55:55 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-10 18:55:55 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-10 18:55:55 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-10 18:55:55 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-10 18:55:55 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-10 18:55:55 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-10 18:27:36 -------- d-----w- C:\Users\vaughn\AppData\Roaming\PC Tools Performance Toolkit
2012-04-10 01:57:43 14744 ----a-w- C:\Users\vaughn\AppData\Roaming\Microsoft\IdentityCRL\Production\ppcrlconfig.dll
2012-04-10 01:55:44 -------- d-----w- C:\Program Files (x86)\MSECache
2012-04-08 21:50:23 -------- d-----w- C:\Users\vaughn\AppData\Roaming\Malwarebytes
2012-04-08 21:50:20 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-08 06:13:33 -------- d-----w- C:\Users\vaughn\AppData\Roaming\SUPERAntiSpyware.com
2012-04-08 05:40:09 -------- d-----w- C:\Windows\System32\appmgmt
2012-04-08 05:37:10 -------- d-----w- C:\Program Files (x86)\Oracle
2012-04-08 05:35:43 637848 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-04-08 05:35:43 567696 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-04-07 19:45:43 -------- d-----w- C:\Windows\System32\AGEIA
2012-04-06 21:01:55 -------- d-----w- C:\Windows\RemotePackages
2012-04-06 18:04:38 -------- d-----w- C:\Program Files\Dell Support Center
2012-04-06 17:07:18 -------- d-----w- C:\Users\vaughn\AppData\Local\SWTOR
2012-04-06 01:26:57 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-04-06 01:26:40 -------- d-----w- C:\Users\vaughn\AppData\Local\PunkBuster
2012-04-06 01:26:04 -------- d-----w- C:\Program Files (x86)\Battlelog Web Plugins
2012-04-06 01:25:07 -------- d-----w- C:\ProgramData\EA Core
2012-04-06 01:25:03 -------- d-----w- C:\ProgramData\EA Logs
2012-04-05 20:50:23 -------- d-----w- C:\Program Files\Ventrilo
2012-04-05 20:50:05 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-04-05 20:48:48 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-04-05 20:48:48 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-04-05 20:48:46 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-04-04 21:11:32 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-04-04 20:50:45 -------- d-----w- C:\Users\vaughn\AppData\Local\Adobe
2012-04-04 20:47:04 96768 ----a-w- C:\Windows\System32\fsutil.exe
2012-04-04 20:47:04 2565632 ----a-w- C:\Windows\System32\esent.dll
2012-04-04 20:47:03 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2012-04-04 20:47:03 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2012-04-04 20:47:03 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-04-04 20:47:02 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2012-04-04 20:47:02 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2012-04-04 20:47:02 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2012-04-04 20:47:02 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2012-04-04 20:46:30 99328 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2012-04-04 20:46:30 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2012-04-04 20:46:30 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2012-04-04 20:46:29 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2012-04-04 20:46:29 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2012-04-04 20:46:29 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2012-04-04 20:46:29 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2012-04-04 20:28:02 -------- d-----w- C:\Windows\SysWow64\Wat
2012-04-04 20:28:02 -------- d-----w- C:\Windows\System32\Wat
2012-04-04 19:53:33 -------- d-----w- C:\ProgramData\Trymedia
2012-04-04 19:44:49 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2012-04-04 19:43:57 142336 ----a-w- C:\Windows\System32\poqexec.exe
2012-04-04 19:42:58 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-04-04 19:42:58 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-04-04 19:42:21 723456 ----a-w- C:\Windows\System32\EncDec.dll
2012-04-04 19:42:19 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2012-04-04 19:41:49 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2012-04-04 19:41:49 331776 ----a-w- C:\Windows\System32\oleacc.dll
2012-04-04 19:41:49 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2012-04-04 19:41:48 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2012-04-04 19:40:00 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-04-04 19:40:00 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-04-04 19:39:56 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2012-04-04 19:39:56 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2012-04-04 19:39:50 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-04-04 19:39:50 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-04-04 19:39:46 77312 ----a-w- C:\Windows\System32\packager.dll
2012-04-04 19:39:46 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-04-04 18:35:47 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 18:35:47 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-04 17:46:42 -------- d-----w- C:\Windows\SysWow64\SL-SL
2012-04-04 17:42:41 -------- d-----w- C:\ProgramData\Citrix
2012-04-04 17:41:49 -------- d-----w- C:\Users\vaughn\AppData\Local\Citrix
2012-04-04 17:41:16 -------- d-----w- C:\Users\vaughn\AppData\Local\Deployment
2012-04-04 17:41:16 -------- d-----w- C:\Users\vaughn\AppData\Local\Apps
2012-04-04 17:06:56 -------- d-----w- C:\Users\vaughn\AppData\Local\Origin
2012-04-04 17:05:15 -------- d-----w- C:\ProgramData\Electronic Arts
2012-04-04 17:05:07 -------- d-----w- C:\Program Files (x86)\Origin
2012-04-04 16:54:05 -------- d-----w- C:\Program Files (x86)\Steam
2012-04-04 16:45:27 56448 ----a-w- C:\Windows\System32\drivers\usbfilter.sys
2012-04-04 16:41:18 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-04-04 16:41:12 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2012-04-04 16:41:12 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2012-04-04 16:37:53 -------- d-----w- C:\Program Files\ATI
2012-04-04 16:24:33 -------- d-----w- C:\Program Files (x86)\Telltale Games
2012-04-04 16:24:09 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2012-04-04 16:24:08 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2012-04-04 16:24:08 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2012-04-04 16:24:08 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2012-04-04 16:24:08 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2012-04-04 16:24:08 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2012-04-04 16:24:07 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2012-04-04 16:24:06 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2012-04-04 16:19:43 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys
2012-04-04 16:00:14 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2012-04-04 15:57:23 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2012-04-04 15:56:18 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2012-04-04 15:55:17 -------- d-----w- C:\Users\vaughn\AppData\Local\Microsoft Help
2012-04-04 15:50:23 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller
2012-04-04 15:50:23 -------- d-----w- C:\Program Files (x86)\Common Files\BioWare
2012-04-04 15:47:59 81768 ----a-w- C:\Windows\SysWow64\xinput1_3.dll
2012-04-04 15:43:31 -------- d-----w- C:\Users\vaughn\AppData\Roaming\Origin
2012-04-04 15:40:16 -------- d-----w- C:\Users\vaughn\AppData\Roaming\e-academy Inc
2012-04-04 15:40:16 -------- d-----w- C:\Users\vaughn\AppData\Local\e-academy Inc
2012-04-04 15:38:06 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2012-04-04 15:34:33 -------- d-----w- C:\Emergency
2012-04-04 15:23:07 -------- d-----w- C:\Windows\SMINST
2012-04-04 15:22:31 82432 ----a-w- C:\Windows\SysWow64\msxml4r.dll
2012-04-04 15:22:31 44544 ----a-w- C:\Windows\SysWow64\msxml4a.dll
2012-04-04 15:22:27 191104 ----a-w- C:\Windows\System32\drivers\PCTDSMon.sys
2012-04-04 15:22:27 163440 ----a-w- C:\Windows\System32\drivers\PCTDMDefrag.sys
2012-04-04 15:22:27 108864 ----a-w- C:\Windows\SysWow64\drivers\PCTDMDefrag.sys
2012-04-04 15:22:25 40416 ----a-w- C:\Windows\System32\CleanMFT64.exe
2012-04-04 15:22:24 880640 ----a-w- C:\Windows\SysWow64\UniBox10.ocx
2012-04-04 15:22:24 658432 ----a-w- C:\Windows\SysWow64\MSCOMCT2.OCX
2012-04-04 15:22:24 506368 ----a-w- C:\Windows\SysWow64\msxml.dll
2012-04-04 15:22:24 212992 ----a-w- C:\Windows\SysWow64\UniBoxVB12.ocx
2012-04-04 15:22:24 1101824 ----a-w- C:\Windows\SysWow64\UniBox210.ocx
2012-04-04 15:22:19 -------- d-----w- C:\ProgramData\PC Tools
2012-04-04 15:08:50 -------- d-----w- C:\Users\vaughn\My Backup Files
2012-04-04 15:02:44 -------- d-----w- C:\Windows\SysWow64\oem
2012-04-04 15:01:59 -------- d-sh--w- C:\Windows\BitLockerDiscoveryVolumeContents
2012-04-04 15:01:59 -------- d-----w- C:\Users\vaughn\AppData\Roaming\Registry Mechanic
2012-04-04 15:01:59 -------- d-----w- C:\Users\vaughn\AppData\Roaming\Product_PT
2012-04-04 15:01:59 -------- d-----w- C:\Users\vaughn\AppData\Roaming\PCDr
2012-04-04 15:01:39 -------- d-----w- C:\Users\vaughn\AppData\Local\AMD
2012-04-04 15:01:31 -------- d-----w- C:\ProgramData\PCDr
2012-04-04 15:01:31 -------- d-----w- C:\ProgramData\Origin
2012-04-04 15:01:27 -------- d-----w- C:\ProgramData\AMD
2012-04-04 15:00:22 -------- d-----w- C:\Program Files\ATI Technologies
2012-04-04 14:59:26 -------- d-----w- C:\Firefox
2012-04-04 14:53:56 -------- d-----w- C:\Program Files (x86)\PC Tools Utilities
2012-04-04 14:53:03 -------- d-----w- C:\Program Files (x86)\Origin Games
2012-04-04 14:51:50 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-04-04 14:51:31 -------- d-----w- C:\AMD
2012-04-04 14:48:53 -------- d-----w- C:\ProgramData\Ask
2012-04-04 14:46:40 -------- d-----w- C:\Users\vaughn\AppData\Roaming\Fingertapps
2012-04-04 14:46:27 -------- d-----w- C:\Program Files (x86)\Dell Touch Software Suite
2012-04-04 14:44:07 -------- d-----w- C:\Users\vaughn\AppData\Local\Dell
2012-04-04 14:43:13 -------- d-----w- C:\Users\vaughn\AppData\Roaming\Dell
2012-04-04 14:43:04 -------- d-----w- C:\Users\vaughn\AppData\Roaming\Dell Touch Zone
2012-04-04 14:42:56 -------- d-----w- C:\Users\vaughn\AppData\Local\ATI
2012-04-04 14:42:21 -------- d-sh--w- C:\$RECYCLE.BIN
2012-04-04 14:42:20 -------- d-----w- C:\Users\vaughn\AppData\Local\VirtualStore
2012-04-04 14:39:59 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-04 14:39:59 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-04-04 14:39:59 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-04 14:39:59 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-04-04 14:39:59 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-04 14:39:59 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-04 14:39:59 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-04-04 14:39:59 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
.
==================== Find3M ====================
.
2012-03-09 06:28:08 10857984 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-03-09 05:26:42 74752 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-03-09 05:26:32 64512 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-03-09 05:26:24 61952 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-03-09 05:26:20 54784 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-03-09 05:26:10 16507392 ----a-w- C:\Windows\System32\amdocl64.dll
2012-03-09 05:25:16 13238272 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-03-09 05:24:22 54272 ----a-w- C:\Windows\System32\OpenCL.dll
2012-03-09 05:24:14 48128 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-03-09 05:16:44 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-03-09 05:16:28 791552 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-03-09 05:14:42 958464 ----a-w- C:\Windows\System32\aticfx64.dll
2012-03-09 05:11:24 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-03-09 05:11:16 496128 ----a-w- C:\Windows\System32\atieclxx.exe
2012-03-09 05:10:20 235520 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-03-09 05:08:50 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-03-09 05:08:02 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-03-09 05:07:56 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-03-09 05:07:50 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-03-09 05:04:18 6200320 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-03-09 05:03:40 26166784 ----a-w- C:\Windows\System32\atio6axx.dll
2012-03-09 04:45:00 7646208 ----a-w- C:\Windows\System32\atidxx64.dll
2012-03-09 04:39:20 19739136 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-03-09 04:36:40 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2012-03-09 04:36:10 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2012-03-09 04:35:54 4958208 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-03-09 04:23:44 5062656 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-03-09 04:23:16 5954048 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-03-09 04:18:30 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-03-09 04:18:26 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-03-09 04:18:14 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-03-09 04:18:12 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-03-09 04:17:54 16069632 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-03-09 04:12:38 13715968 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-03-09 04:11:52 7552000 ----a-w- C:\Windows\System32\atiumd64.dll
2012-03-09 04:05:20 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2012-03-09 04:05:20 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-03-09 04:05:12 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-03-09 04:05:12 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-03-09 03:58:54 512000 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-03-09 03:58:44 356352 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-03-09 03:58:30 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-03-09 03:58:26 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-03-09 03:58:26 14336 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-03-09 03:58:20 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2012-03-09 03:58:10 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-03-09 03:58:02 328704 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-03-09 03:57:04 43008 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-03-09 03:56:56 33280 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-03-09 03:56:48 39936 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-03-09 03:56:38 30208 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-03-09 03:55:58 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-03-09 03:47:22 58880 ----a-w- C:\Windows\System32\coinst.dll
2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-14 16:09:44 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 19:17:03.19 ===============
Attached File  Attach.txt   11.66KB   0 downloads


and i'll post the last computers logs in a few minutes which i'm pretty sure thats where this originated from.Just noticed that things like the user folders have the unknown user *s-1-5-2-1 with a whole bunch of other numbers after it in the security settings with full access to the files.

#3 dakthur

dakthur
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:33 AM

Posted 16 April 2012 - 06:27 AM

and here is the DDS logs from the last computer and I'm sure its a mess my wireless network has ten users on it all with random names now and I found files with dollar bill signs as first character hidden with copies of OS and program files in them.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.3.1
Run by amanda at 7:12:01 on 2012-04-16
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.5119.3579 [GMT -4:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\spool\DRIVERS\x64\3\lxeaserv.exe
C:\Windows\system32\lxeacoms.exe
C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\ccSvcHst.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\ccSvcHst.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\MHotKey.exe
C:\Windows\RAVCpl64.exe
C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\ChiFuncExt.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\CNYHKey.exe
C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\ModLedKey.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files\Lexmark Toolbar\toolband.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\IPS\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files\Lexmark Toolbar\toolband.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\coIEPlg.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized
uRun: [Facebook Update] "C:\Users\amanda\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun: [LchDrvKey] LchDrvKey.exe
mRun: [LedKey] CNYHKey.exe
mRun: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [Smart Copy] "C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe" -A
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre7\bin\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A85CF396-51E8-4B61-B421-D4B7BCF3FBE7} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B5B34C48-F56A-4C5B-8EBE-8C447722FB6B} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F55B13D6-488C-4C69-8A80-AAA96FAC446A} : DhcpNameServer = 192.168.1.1
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll
TB-X64: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\coIEPlg.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun-x64: [LchDrvKey] LchDrvKey.exe
mRun-x64: [LedKey] CNYHKey.exe
mRun-x64: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [Smart Copy] "C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe" -A
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre7\bin\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\amanda\AppData\Roaming\Mozilla\Firefox\Profiles\lnj6lz85.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=1
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Users\amanda\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Windows\system32\npdeployJava1.dll
FF - plugin: C:\Windows\system32\npmproxy.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SMR250;Symantec SMR Utility Service 2.5.0;C:\Windows\system32\drivers\SMR250.SYS --> C:\Windows\system32\drivers\SMR250.SYS [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0601020.00A\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0601020.00A\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0601020.00A\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0601020.00A\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20120402.001\BHDrvx64.sys [2012-4-2 1160824]
R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\system32\drivers\N360x64\0601020.00A\ccSetx64.sys --> C:\Windows\system32\drivers\N360x64\0601020.00A\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20120413.001\IDSviA64.sys [2012-4-13 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0601020.00A\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0601020.00A\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\drivers\N360x64\0601020.00A\SYMNETS.SYS --> C:\Windows\system32\drivers\N360x64\0601020.00A\SYMNETS.SYS [?]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 lxea_device;lxea_device;C:\Windows\system32\lxeacoms.exe -service --> C:\Windows\system32\lxeacoms.exe -service [?]
R2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\lxeaserv.exe [2012-4-3 45736]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\ccSvcHst.exe [2012-4-1 138232]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-4-1 2214504]
R3 AE1000;Linksys AE1000 Driver;C:\Windows\system32\DRIVERS\ae1000va.sys --> C:\Windows\system32\DRIVERS\ae1000va.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-4-1 138360]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 gupdate;Google Update Service (gupdate);"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-1 253088]
S3 gupdatem;Google Update Service (gupdatem);"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe --> C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [?]
.
=============== Created Last 30 ================
.
2012-04-16 07:16:42 -------- d-----w- C:\Users\amanda\AppData\Local\Adobe
2012-04-16 05:28:06 -------- d-----w- C:\Users\amanda\AppData\Local\ElevatedDiagnostics
2012-04-16 02:29:06 96376 ----a-w- C:\Windows\System32\drivers\SMR250.SYS
2012-04-16 02:29:01 -------- d-----w- C:\Users\amanda\AppData\Local\NPE
2012-04-16 01:44:02 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2012-04-16 01:18:54 -------- d-----w- C:\Users\amanda\AppData\Local\Diagnostics
2012-04-16 00:47:30 43640 ----a-r- C:\Windows\System32\drivers\SymIMV.sys
2012-04-14 18:39:24 8741536 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-14 03:23:04 -------- d-----w- C:\Windows\SysWow64\Wat
2012-04-14 03:23:04 -------- d-----w- C:\Windows\System32\Wat
2012-04-14 03:11:17 162664 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-04-14 03:09:08 -------- d-----w- C:\Users\amanda\AppData\Roaming\Malwarebytes
2012-04-14 03:09:03 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2012-04-14 03:09:03 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2012-04-14 03:08:58 -------- d-----w- C:\Windows\Panther
2012-04-14 02:59:32 -------- d--h--w- C:\$WINDOWS.~Q
2012-04-14 02:55:38 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2012-04-14 02:55:38 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2012-04-14 02:54:27 -------- d--h--w- C:\$INPLACE.~TR
2012-04-14 02:36:28 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2012-04-14 02:36:28 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2012-04-14 02:36:28 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2012-04-14 02:36:28 444752 ----a-w- C:\Windows\System32\mscoree.dll
2012-04-14 02:36:28 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2012-04-14 02:36:28 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2012-04-14 02:36:28 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2012-04-14 02:36:28 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2012-04-14 02:36:28 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2012-04-14 02:36:28 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2012-04-14 02:07:57 80896 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-14 02:07:57 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-14 02:07:57 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-14 02:07:57 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-14 02:07:56 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-14 02:07:56 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-14 02:07:56 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-14 02:03:11 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2012-04-14 02:03:11 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2012-04-14 02:01:52 1975296 ----a-w- C:\Windows\System32\CertEnroll.dll
2012-04-14 02:00:51 552960 ----a-w- C:\Windows\System32\msdri.dll
2012-04-14 01:59:59 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2012-04-14 01:58:44 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2012-04-14 01:57:59 3957120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-14 01:57:59 3902336 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-14 01:55:52 1739160 ----a-w- C:\Windows\System32\ntdll.dll
2012-04-14 01:55:52 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-04-14 01:55:39 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-04-14 01:55:39 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-04-14 01:50:03 77312 ----a-w- C:\Windows\System32\packager.dll
2012-04-14 01:50:03 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-04-14 01:49:51 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-14 01:49:51 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-14 01:49:51 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-14 01:49:37 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-04-14 01:49:37 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-04-14 01:49:37 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-14 01:49:37 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-04-14 01:49:34 139264 ----a-w- C:\Windows\System32\cabview.dll
2012-04-14 01:49:34 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2012-04-14 00:39:54 -------- d-----w- C:\Users\amanda\AppData\Roaming\e-academy Inc
2012-04-14 00:39:54 -------- d-----w- C:\Users\amanda\AppData\Local\e-academy Inc
2012-04-14 00:37:02 -------- d-----w- C:\Program Files (x86)\Oracle
2012-04-14 00:36:24 637848 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-04-14 00:36:24 567696 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-04-14 00:25:57 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2012-04-14 00:20:09 -------- d-----w- C:\Windows\System32\appmgmt
2012-04-13 23:49:51 -------- d-sh--w- C:\Recovery
2012-04-13 23:14:06 -------- d-----w- C:\Windows\SysWow64\RTCOM
2012-04-13 23:13:55 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-04-13 23:13:55 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-04-13 23:13:55 6074176 ----a-w- C:\Windows\System32\nvcpl.dll
2012-04-13 23:13:55 3089728 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-04-13 23:13:55 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-04-13 23:13:55 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-04-13 23:13:31 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2012-04-13 23:13:25 -------- d-----w- C:\Program Files\NVIDIA Corporation
2012-04-10 23:47:56 -------- d-----w- C:\Windows\System32\EventProviders
2012-04-10 00:34:55 -------- d-----w- C:\Users\amanda\AppData\Local\CrashDumps
2012-04-05 20:01:37 -------- d-----w- C:\Users\amanda\AppData\Local\Facebook
2012-04-04 01:04:06 -------- d-----w- C:\ProgramData\Ezprint
2012-04-04 01:03:47 -------- d-----w- C:\ProgramData\Lx_cats
2012-04-04 01:01:10 189440 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\lxeadrpp.dll
2012-04-04 00:57:32 109056 ----a-w- C:\Windows\System32\lxeavs.dll
2012-04-04 00:57:31 836608 ----a-w- C:\Windows\System32\lxeacoin.dll
2012-04-04 00:57:31 1462272 ----a-w- C:\Windows\System32\lxk_g.dll
2012-04-04 00:57:26 983121 ----a-w- C:\Windows\System32\lxk_gf.dll
2012-04-04 00:57:26 65536 ----a-w- C:\Windows\System32\lxeagcfg.dll
2012-04-04 00:57:25 399360 ----a-w- C:\Windows\System32\lxeacui.dll
2012-04-04 00:57:25 148480 ----a-w- C:\Windows\System32\lxeacuir.dll
2012-04-04 00:56:26 -------- d-----w- C:\Program Files (x86)\Abbyy FineReader 6.0 Sprint
2012-04-04 00:56:08 -------- d-----w- C:\Program Files\Lexmark Toolbar
2012-04-04 00:56:06 510464 ----a-w- C:\Windows\System32\LXEAwupd.dll
2012-04-04 00:56:06 295592 ----a-w- C:\Windows\System32\LXEAwupd.exe
2012-04-04 00:54:48 557568 ----a-w- C:\Windows\System32\lxeainpa.dll
2012-04-04 00:53:22 -------- d-----w- C:\Users\amanda\AppData\Local\IOI
2012-04-02 04:30:17 -------- d-----w- C:\Users\amanda\AppData\Local\Microsoft Games
2012-04-02 03:10:03 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-02 03:10:03 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-01 23:30:52 -------- d-----w- C:\Users\amanda\AppData\Local\Mozilla
2012-04-01 23:11:21 -------- d-----w- C:\Users\amanda\AppData\Roaming\ooVoo Details
2012-04-01 22:48:19 -------- d-----w- C:\Program Files (x86)\ooVoo
2012-04-01 22:33:58 -------- d-----w- C:\Program Files\ATI
2012-04-01 20:07:14 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2012-04-01 20:07:04 739432 ----a-w- C:\Windows\System32\easyupdatusapiu64.dll
2012-04-01 19:59:55 311072 ----a-w- C:\Windows\System32\RaCoInstx.dll
2012-04-01 19:59:55 1020192 ----a-w- C:\Windows\System32\drivers\ae1000va.sys
2012-04-01 19:50:18 -------- d-----w- C:\ProgramData\Cisco Systems
2012-04-01 19:47:00 -------- d-----w- C:\Program Files (x86)\IOI
2012-04-01 19:45:15 66048 ----a-w- C:\Windows\System32\drivers\RTSTOR64.sys
2012-04-01 19:45:14 6416928 ----a-w- C:\Windows\system\DriveIcon.dll
2012-04-01 19:44:53 581120 ----a-w- C:\Windows\mHotkey.exe
2012-04-01 19:44:53 57344 ----a-w- C:\Windows\ChiFuncExt.exe
2012-04-01 19:44:53 53248 ----a-w- C:\Windows\ModLEDKey.exe
2012-04-01 19:44:53 36864 ----a-w- C:\Windows\LchDrvKey.exe
2012-04-01 19:44:53 339968 ----a-w- C:\Windows\CNYHKey.exe
2012-04-01 19:44:53 294912 ----a-w- C:\Windows\PIC.dll
2012-04-01 19:44:38 -------- d-----w- C:\Users\amanda\AppData\Roaming\Symantec
2012-04-01 19:44:11 -------- d-----w- C:\Users\amanda\AppData\Local\VirtualStore
2012-04-01 19:43:07 -------- d-----w- C:\Program Files\eBay
2012-04-01 19:32:00 -------- d-----w- C:\Users\amanda\AppData\Local\Microsoft Help
2012-04-01 19:17:54 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-04-01 19:17:03 738936 ----a-r- C:\Windows\System32\drivers\N360x64\0601020.00A\srtsp64.sys
2012-04-01 19:17:03 451192 ----a-r- C:\Windows\System32\drivers\N360x64\0601020.00A\SymDS64.sys
2012-04-01 19:17:03 445560 ----a-r- C:\Windows\System32\drivers\N360x64\0601020.00A\symtdiv.sys
2012-04-01 19:17:03 405624 ----a-r- C:\Windows\System32\drivers\N360x64\0601020.00A\symnets.sys
2012-04-01 19:17:03 37496 ----a-r- C:\Windows\System32\drivers\N360x64\0601020.00A\srtspx64.sys
2012-04-01 19:17:03 190072 ----a-r- C:\Windows\System32\drivers\N360x64\0601020.00A\Ironx64.sys
2012-04-01 19:17:03 167048 ----a-r- C:\Windows\System32\drivers\N360x64\0601020.00A\ccSetx64.sys
2012-04-01 19:17:03 1092728 ----a-r- C:\Windows\System32\drivers\N360x64\0601020.00A\SymEFA64.sys
2012-04-01 19:16:41 -------- d-----w- C:\Windows\System32\drivers\N360x64\0601020.00A
2012-04-01 19:16:41 -------- d-----w- C:\Windows\System32\drivers\N360x64
2012-04-01 19:16:34 -------- d-----w- C:\Program Files (x86)\Norton 360
2012-04-01 19:13:34 -------- d-----w- C:\ProgramData\PCSettings
2012-04-01 19:13:26 -------- d-----w- C:\ProgramData\NortonInstaller
2012-04-01 19:13:26 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2012-04-01 19:09:00 -------- d-----w- C:\ProgramData\Norton
2012-04-01 19:06:31 -------- d-----w- C:\Users\amanda\AppData\Local\Google
.
==================== Find3M ====================
.
2012-04-14 00:25:57 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2012-04-14 00:25:57 229888 ----a-w- C:\Windows\System32\XpsRasterService.dll
2012-04-14 00:25:57 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2012-04-14 00:25:57 1863680 ----a-w- C:\Windows\System32\ExplorerFrame.dll
2012-04-14 00:25:57 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2012-04-14 00:25:57 1495040 ----a-w- C:\Windows\SysWow64\ExplorerFrame.dll
2012-04-14 00:25:57 144384 ----a-w- C:\Windows\System32\cdd.dll
2012-04-14 00:25:57 135168 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll
2012-04-14 00:25:56 4068864 ----a-w- C:\Windows\System32\mf.dll
2012-04-14 00:25:56 3181568 ----a-w- C:\Windows\SysWow64\mf.dll
2012-04-14 00:25:56 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll
2012-04-14 00:25:56 206848 ----a-w- C:\Windows\System32\mfps.dll
2012-04-14 00:25:56 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
2012-04-01 22:34:57 525792 ----a-w- C:\Windows\DIFxAPI.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-10 06:18:10 1541120 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 06:17:55 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-02-10 06:17:54 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-02-10 06:17:54 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-02-10 06:17:54 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-02-10 05:41:38 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-10 05:41:20 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-02-10 05:41:20 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-02-10 05:41:20 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-02-10 05:41:19 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-02-07 15:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:16:03 3143168 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 7:12:55.97 ===============


Attached File  Attach.txt   13.17KB   0 downloads

again thank you in advance its getting really bad on the computers.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:33 PM

Posted 16 April 2012 - 07:31 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

Pick the most infected machine, disconnect all the others and avoid using flashdrives to transfer data between them.

Now run aswMBR on the one you have chosen. We will call this PC1 and we will clean this before we deal with the others to avoid confusion.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#5 dakthur

dakthur
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:33 AM

Posted 16 April 2012 - 07:52 PM

yes im here running the scan now i'll post it in a minute have bothe other machines off and disconected from the network.

Ok all done heres the log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-16 20:53:37
-----------------------------
20:53:37.590 OS Version: Windows x64 6.1.7600
20:53:37.590 Number of processors: 4 586 0x203
20:53:37.590 ComputerName: AMANDA-PC UserName: amanda
20:53:39.337 Initialize success
20:53:48.728 AVAST engine defs: 12041600
20:54:00.687 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:54:00.687 Disk 0 Vendor: WDC_WD6400AAKS-22A7B2 01.03B01 Size: 610480MB BusType: 3
20:54:00.702 Disk 0 MBR read successfully
20:54:00.702 Disk 0 MBR scan
20:54:00.702 Disk 0 Windows 7 default MBR code
20:54:00.718 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10001 MB offset 63
20:54:00.718 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 600477 MB offset 20484096
20:54:00.749 Disk 0 scanning C:\Windows\system32\drivers
20:54:07.566 Service scanning
20:54:25.709 Modules scanning
20:54:25.709 Disk 0 trace - called modules:
20:54:25.725 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
20:54:25.740 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800564d060]
20:54:25.740 3 CLASSPNP.SYS[fffff8800103b43f] -> nt!IofCallDriver -> [0xfffffa8004fc5600]
20:54:25.740 5 ACPI.sys[fffff88000f88781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80055c7060]
20:54:28.080 AVAST engine scan C:\Windows
20:54:31.356 AVAST engine scan C:\Windows\system32
20:57:14.938 AVAST engine scan C:\Windows\system32\drivers
20:57:30.273 AVAST engine scan C:\Users\amanda
20:59:36.307 AVAST engine scan C:\ProgramData
21:00:07.070 Scan finished successfully
21:02:38.032 Disk 0 MBR has been saved successfully to "C:\Users\amanda\Desktop\MBR.dat"
21:02:38.047 The log file has been saved successfully to "C:\Users\amanda\Desktop\aswMBR.txt"



I also just noticed this morning in device manager that there are 2 PCI IDE controller drivers and also 2 of each ATA channel drivers. Im pretty sure thats not normal. Hope to hear from you soon will be watching this comp and have notifications set on my cell also so I will immediately reply back and run any scans or fixes as needed.

Edited by dakthur, 17 April 2012 - 09:47 AM.


#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:33 PM

Posted 17 April 2012 - 04:26 PM

Okay, nothing untoward there.

Please run Combofix next

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#7 dakthur

dakthur
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:33 AM

Posted 17 April 2012 - 04:52 PM

ok going to download and run it now

heres the log had too reinstall it the first time i ran it it went thru its thing rebooted said it was preparing log then icon on desktop disappeared and there was no log so dont know if it deleted anything or not.running to store quick but still have phone alerts on be back in about 20 minutes.

ComboFix 12-04-17.01 - amanda 04/17/2012 19:16:07.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.5119.3882 [GMT -4:00]
Running from: c:\users\amanda\Desktop\Comfix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-17 to 2012-04-17 )))))))))))))))))))))))))))))))
.
.
2012-04-17 23:21 . 2012-04-17 23:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-17 23:05 . 2012-04-17 23:06 -------- d-----w- C:\comfix
2012-04-17 22:59 . 2012-04-17 22:59 -------- d-----w- c:\users\TEMP
2012-04-17 21:17 . 2012-04-17 21:17 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2012-04-17 16:18 . 2012-04-17 16:18 -------- d-----w- c:\program files (x86)\Citrix
2012-04-17 16:17 . 2012-04-17 16:17 -------- d-----w- c:\windows\Sun
2012-04-17 14:00 . 2012-03-20 07:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{42F15EC5-B488-46EE-9CC7-33100BFB0DD7}\mpengine.dll
2012-04-17 14:00 . 2012-02-23 14:18 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-04-17 13:18 . 2012-04-17 13:20 -------- d-----w- C:\NVIDIA
2012-04-16 12:55 . 2012-04-16 12:55 -------- d-----w- c:\windows\system32\RaLanguages
2012-04-16 12:41 . 2010-03-23 06:53 1101600 ----a-w- c:\windows\system32\drivers\ae1000w7.sys
2012-04-16 01:44 . 2012-04-16 01:44 -------- d-s---w- c:\windows\SysWow64\Microsoft
2012-04-16 00:47 . 2012-01-17 22:46 43640 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2012-04-14 18:39 . 2012-04-14 18:39 -------- d-----w- c:\windows\system32\Macromed
2012-04-14 18:39 . 2012-04-14 18:39 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-14 03:23 . 2012-04-14 22:24 -------- d-----w- c:\windows\SysWow64\Wat
2012-04-14 03:23 . 2012-04-14 22:24 -------- d-----w- c:\windows\system32\Wat
2012-04-14 03:11 . 2012-04-14 03:11 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-04-14 03:09 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2012-04-14 03:09 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2012-04-14 02:55 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll
2012-04-14 02:55 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll
2012-04-14 02:36 . 2009-11-25 16:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2012-04-14 02:36 . 2009-11-25 16:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2012-04-14 02:36 . 2009-11-25 16:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2012-04-14 02:36 . 2009-11-25 16:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2012-04-14 02:36 . 2009-11-25 16:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2012-04-14 02:36 . 2009-11-25 16:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2012-04-14 02:36 . 2009-11-25 16:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-04-14 02:36 . 2009-11-25 16:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2012-04-14 02:36 . 2009-11-25 16:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2012-04-14 02:36 . 2009-11-25 16:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-04-14 02:07 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-14 02:07 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-14 02:07 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-14 02:07 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-14 02:07 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-14 02:07 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-14 02:07 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-14 02:03 . 2010-03-04 04:40 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2012-04-14 02:03 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2012-04-14 02:01 . 2009-09-03 07:36 1975296 ----a-w- c:\windows\system32\CertEnroll.dll
2012-04-14 02:00 . 2010-08-04 07:07 552960 ----a-w- c:\windows\system32\msdri.dll
2012-04-14 01:59 . 2011-08-27 05:40 861184 ----a-w- c:\windows\system32\oleaut32.dll
2012-04-14 01:58 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
2012-04-14 01:57 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-14 01:57 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-14 01:55 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll
2012-04-14 01:55 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-04-14 01:55 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll
2012-04-14 01:55 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-04-14 01:50 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-04-14 01:50 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-04-14 01:49 . 2012-01-25 06:27 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-14 01:49 . 2012-01-25 06:27 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-14 01:49 . 2012-01-25 06:20 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-14 01:49 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-04-14 01:49 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-04-14 01:49 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-14 01:49 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-04-14 01:49 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll
2012-04-14 01:49 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll
2012-04-14 00:37 . 2012-04-14 00:37 -------- d-----w- c:\program files (x86)\Oracle
2012-04-14 00:36 . 2012-01-10 17:57 637848 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-04-14 00:36 . 2012-01-10 17:57 567696 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-14 00:25 . 2012-04-14 00:25 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-04-14 00:20 . 2012-04-14 00:20 -------- d-----w- c:\windows\system32\appmgmt
2012-04-13 23:49 . 2012-04-13 23:49 -------- d-----w- C:\Recovery
2012-04-13 23:33 . 2012-04-13 23:33 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-04-13 23:15 . 2012-04-17 22:02 -------- d-----w- c:\users\amanda
2012-04-13 23:15 . 2012-04-14 18:31 -------- d-----w- c:\users\UpdatusUser
2012-04-13 23:14 . 2012-04-13 23:14 -------- d-----w- c:\windows\SysWow64\RTCOM
2012-04-13 23:14 . 2012-04-17 23:23 -------- d-----w- c:\programdata\NVIDIA
2012-04-13 23:13 . 2012-02-29 21:00 3089728 ----a-w- c:\windows\system32\nvsvc64.dll
2012-04-13 23:13 . 2012-02-29 21:00 6074176 ----a-w- c:\windows\system32\nvcpl.dll
2012-04-13 23:13 . 2012-02-29 20:59 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-04-13 23:13 . 2012-02-29 20:59 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-04-13 23:13 . 2012-02-29 20:59 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-04-13 23:13 . 2012-02-10 03:07 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-04-13 23:13 . 2012-04-13 23:13 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-04-13 23:13 . 2012-04-17 13:20 -------- d-----w- c:\program files\NVIDIA Corporation
2012-04-10 23:47 . 2012-04-14 22:24 -------- d-----w- c:\windows\system32\EventProviders
2012-04-10 00:35 . 2012-04-13 23:23 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-04-04 01:04 . 2012-04-13 23:23 -------- d-----w- c:\programdata\Ezprint
2012-04-04 01:03 . 2012-04-13 23:23 -------- d-----w- c:\programdata\Lx_cats
2012-04-04 01:01 . 2009-11-04 13:17 189440 ----a-w- c:\windows\system32\Spool\prtprocs\x64\lxeadrpp.dll
2012-04-04 00:57 . 2008-03-05 02:55 109056 ----a-w- c:\windows\system32\lxeavs.dll
2012-04-04 00:57 . 2010-04-13 19:41 836608 ----a-w- c:\windows\system32\lxeacoin.dll
2012-04-04 00:57 . 2008-04-30 06:32 1462272 ----a-w- c:\windows\system32\lxk_g.dll
2012-04-04 00:57 . 2009-11-09 08:06 65536 ----a-w- c:\windows\system32\lxeagcfg.dll
2012-04-04 00:57 . 2008-04-30 06:32 983121 ----a-w- c:\windows\system32\lxk_gf.dll
2012-04-04 00:57 . 2009-10-21 10:06 148480 ----a-w- c:\windows\system32\lxeacuir.dll
2012-04-04 00:57 . 2009-10-21 10:06 399360 ----a-w- c:\windows\system32\lxeacui.dll
2012-04-04 00:56 . 2012-04-13 23:18 -------- d-----w- c:\program files (x86)\Abbyy FineReader 6.0 Sprint
2012-04-04 00:56 . 2012-04-13 23:18 -------- d-----w- c:\program files\Lexmark Toolbar
2012-04-04 00:56 . 2010-04-14 20:45 295592 ----a-w- c:\windows\system32\LXEAwupd.exe
2012-04-04 00:56 . 2010-02-22 10:09 510464 ----a-w- c:\windows\system32\LXEAwupd.dll
2012-04-04 00:54 . 2009-12-09 20:25 547840 ----a-w- c:\windows\system32\LXEAhcp.dll
2012-04-02 03:10 . 2012-04-15 13:03 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-02 03:10 . 2012-04-15 13:03 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-01 22:48 . 2012-04-13 23:23 -------- d-----w- c:\program files (x86)\ooVoo
2012-04-01 22:33 . 2012-04-13 23:18 -------- d-----w- c:\program files\ATI
2012-04-01 20:07 . 2012-04-17 13:21 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-04-01 19:59 . 2010-03-23 06:53 1020192 ----a-w- c:\windows\system32\drivers\ae1000va.sys
2012-04-01 19:50 . 2012-04-13 23:23 -------- d-----w- c:\programdata\Cisco Systems
2012-04-01 19:49 . 2012-04-13 23:23 -------- d-----w- c:\programdata\CyberLink
2012-04-01 19:47 . 2012-04-13 23:22 -------- d-----w- c:\program files (x86)\IOI
2012-04-01 19:45 . 2008-06-05 23:21 66048 ----a-w- c:\windows\system32\drivers\RTSTOR64.sys
2012-04-01 19:45 . 2008-05-06 21:41 6416928 ----a-w- c:\windows\system\DriveIcon.dll
2012-04-01 19:44 . 2008-05-30 14:50 581120 ----a-w- c:\windows\mHotkey.exe
2012-04-01 19:44 . 2008-04-23 21:05 339968 ----a-w- c:\windows\CNYHKey.exe
2012-04-01 19:44 . 2008-02-01 15:04 57344 ----a-w- c:\windows\ChiFuncExt.exe
2012-04-01 19:44 . 2007-03-28 21:55 36864 ----a-w- c:\windows\LchDrvKey.exe
2012-04-01 19:44 . 2007-01-08 18:51 53248 ----a-w- c:\windows\ModLEDKey.exe
2012-04-01 19:44 . 2003-07-03 18:21 294912 ----a-w- c:\windows\PIC.dll
2012-04-01 19:43 . 2012-04-13 23:18 -------- d-----w- c:\program files\eBay
2012-04-01 19:17 . 2012-04-01 19:17 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-04-01 19:16 . 2012-04-13 23:24 -------- d-----w- c:\windows\system32\drivers\N360x64
2012-04-01 19:16 . 2012-04-13 23:23 -------- d-----w- c:\program files (x86)\Norton 360
2012-04-01 19:13 . 2012-04-13 23:23 -------- d-----w- c:\programdata\PCSettings
2012-04-01 19:13 . 2012-04-13 23:23 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-04-01 19:09 . 2012-04-15 17:34 -------- d-----w- c:\program files\Google
2012-04-01 19:09 . 2012-04-16 02:29 -------- d-----w- c:\programdata\Norton
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-01 22:34 . 2008-11-03 21:17 525792 ----a-w- c:\windows\DIFxAPI.dll
2012-03-01 00:02 . 2012-02-10 02:43 9717568 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-03-01 00:02 . 2012-02-10 02:43 2660160 ----a-w- c:\windows\system32\nvapi64.dll
2012-03-01 00:02 . 2012-02-10 02:43 1737536 ----a-w- c:\windows\system32\nvdispco64.dll
2012-03-01 00:02 . 2012-02-10 02:43 1466176 ----a-w- c:\windows\system32\nvgenco64.dll
2012-02-29 17:26 . 2012-02-29 17:26 416064 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"LchDrvKey"="LchDrvKey.exe" [2007-03-28 36864]
"LedKey"="CNYHKey.exe" [2008-04-23 339968]
"P2Go_Menu"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"Smart Copy"="c:\program files (x86)\IOI\Smart Copy\ButtonMonitor.exe" [2008-05-21 53248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 253088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0601020.00A\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0601020.00A\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20120402.001\BHDrvx64.sys [2012-04-02 1160824]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0601020.00A\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20120416.001\IDSvia64.sys [2012-03-30 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0601020.00A\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\N360x64\0601020.00A\SYMNETS.SYS [x]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe [2010-04-14 1052328]
S2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [2010-04-14 45736]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\6.1.2.10\ccSvcHst.exe [2012-01-17 138232]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S3 AE1000;Linksys AE1000 Driver;c:\windows\system32\DRIVERS\ae1000w7.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-03-31 138360]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 13:03]
.
2012-04-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1265570652-1417869796-3098041197-1000Core.job
- c:\users\amanda\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-06 17:03]
.
2012-04-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1265570652-1417869796-3098041197-1000UA.job
- c:\users\amanda\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-06 17:03]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-09-18 6495264]
"Skytel"="Skytel.exe" [2008-09-18 1833504]
"EzPrint"="c:\program files (x86)\Lexmark S300-S400 Series\ezprint.exe" [2010-05-05 148280]
"lxeamon.exe"="c:\program files (x86)\Lexmark S300-S400 Series\lxeamon.exe" [2010-05-05 770728]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/?ilc=1
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\amanda\AppData\Roaming\Mozilla\Firefox\Profiles\lnj6lz85.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=1
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.1.2.10\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.1.2.10\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1265570652-1417869796-3098041197-1000\Software\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC]
@Denied: (C D) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Channels]
@Denied: (C D) (Everyone)
"ccSvcHst_UserSession2_2400"="{DFD5DF7F-607B-4569-9A54-A049856A8BFD}"
"ccSvcHst_UserSession2_2452"="{EA4FB5BE-D320-4915-BCD6-D948ADEFE752}"
"ccSvcHst_UserSession2_2268"="{14F10D00-577D-4907-B03C-346A28E4F50F}"
"ccSvcHst_N360"="{A4EB1E82-8C79-40FD-B149-98FC8FA7B65B}"
"DING_{4467AB8F-68C8-4ab5-9B48-B3E6EB65F6A1}"="{A4EB1E82-8C79-40FD-B149-98FC8FA7B65B}"
"ccSvcHst_UserSession2_2312"="{DB605C86-77D5-4AFB-80A2-D1C2B12E717C}"
"{B44E7D73-F081-414B-ADD2-CD66675A190D}1"="{DB605C86-77D5-4AFB-80A2-D1C2B12E717C}"
"ccGenericEvent_Global_EM"="{A4EB1E82-8C79-40FD-B149-98FC8FA7B65B}"
"ccGenericEvent_Global_LM"="{A4EB1E82-8C79-40FD-B149-98FC8FA7B65B}"
"ccGenericLog_Manager"="{A4EB1E82-8C79-40FD-B149-98FC8FA7B65B}"
"ccJobMgr_general_{ABD582DE-8F75-412d-81CF-6A180F1203DD}"="{A4EB1E82-8C79-40FD-B149-98FC8FA7B65B}"
"ccJobMgr_session_{ABD582DE-8F75-412d-81CF-6A180F1203DD}"="{A4EB1E82-8C79-40FD-B149-98FC8FA7B65B}"
"{3F11C6A7-CEA8-40c9-88EE-E5461341AE97}_ccSubmissionEngineIPC"="{A4EB1E82-8C79-40FD-B149-98FC8FA7B65B}"
"SymRedirSvcRequestChannel"="{A4EB1E82-8C79-40FD-B149-98FC8FA7B65B}"
"g_coVistaProxyChannel"="{A4EB1E82-8C79-40FD-B149-98FC8FA7B65B}"
"SNDServiceRequestChannel"="{A4EB1E82-8C79-40FD-B149-98FC8FA7B65B}"
"ipcChannel_ShastaServer"="{A4EB1E82-8C79-40FD-B149-98FC8FA7B65B}"
"{A2DE0E79-877C-485b-B604-78B170313E9E}_IronIPC"="{A4EB1E82-8C79-40FD-B149-98FC8FA7B65B}"
"SNDLocationChannel"="{A4EB1E82-8C79-40FD-B149-98FC8FA7B65B}"
"NortonNetServiceIPC"="{A4EB1E82-8C79-40FD-B149-98FC8FA7B65B}"
"NetMapServiceIPC"="{A4EB1E82-8C79-40FD-B149-98FC8FA7B65B}"
"ncw_performance_IPC"="{A4EB1E82-8C79-40FD-B149-98FC8FA7B65B}"
"_NCWSvcComm_NortonCommunityWatchConfiguration"="{A4EB1E82-8C79-40FD-B149-98FC8FA7B65B}"
"_isDataPrComm_"="{A4EB1E82-8C79-40FD-B149-98FC8FA7B65B}"
"_ProcessDetection_"="{A4EB1E82-8C79-40FD-B149-98FC8FA7B65B}"
"_AvProdSvcComm_"="{A4EB1E82-8C79-40FD-B149-98FC8FA7B65B}"
"isError_Service_IPC"="{A4EB1E82-8C79-40FD-B149-98FC8FA7B65B}"
"QuickStart{4302D82E-BA29-4be2-A0EF-72589D61BCD3}"="{A4EB1E82-8C79-40FD-B149-98FC8FA7B65B}"
"BashIPCChannel"="{A4EB1E82-8C79-40FD-B149-98FC8FA7B65B}"
"Tuneup_Context_Switch_Channel"="{A4EB1E82-8C79-40FD-B149-98FC8FA7B65B}"
"_buSvcComm_"="{A4EB1E82-8C79-40FD-B149-98FC8FA7B65B}"
"_ISPOCClient_"="{A4EB1E82-8C79-40FD-B149-98FC8FA7B65B}"
"_IDataStoreMgr_"="{A4EB1E82-8C79-40FD-B149-98FC8FA7B65B}"
"_NortonOnlineCommFeatureRequest_"="{A4EB1E82-8C79-40FD-B149-98FC8FA7B65B}"
"_HSPlayerCommand_"="{A4EB1E82-8C79-40FD-B149-98FC8FA7B65B}"
"{C4A09495-F6BC-4166-B717-F3F3250462BB}"="{A4EB1E82-8C79-40FD-B149-98FC8FA7B65B}"
"IPS_COMMAND_CHANNEL"="{A4EB1E82-8C79-40FD-B149-98FC8FA7B65B}"
"_buVssComm_"="{A4EB1E82-8C79-40FD-B149-98FC8FA7B65B}"
"{9BBA000F-092F-432f-B9DF-9D64FD1C2978}"="{DB605C86-77D5-4AFB-80A2-D1C2B12E717C}"
"FWAlert"="{A4EB1E82-8C79-40FD-B149-98FC8FA7B65B}"
"_buUIComm_S-1-5-21-1265570652-1417869796-3098041197-1000"="{DB605C86-77D5-4AFB-80A2-D1C2B12E717C}"
"{A1B48937-0778-4e7c-885B-271F65B485D2}"="{A4EB1E82-8C79-40FD-B149-98FC8FA7B65B}"
"AvProdSession_01"="{DB605C86-77D5-4AFB-80A2-D1C2B12E717C}"
"AvProdSession_Options_01"="{DB605C86-77D5-4AFB-80A2-D1C2B12E717C}"
"AvProdSession_MessageCenter_01"="{DB605C86-77D5-4AFB-80A2-D1C2B12E717C}"
"AvProdSession_Scanless_01"="{DB605C86-77D5-4AFB-80A2-D1C2B12E717C}"
"AvProdSession_IPUA_01"="{DB605C86-77D5-4AFB-80A2-D1C2B12E717C}"
"AvProdSession_CanIRun_01"="{DB605C86-77D5-4AFB-80A2-D1C2B12E717C}"
"clt::AlertChannel2_01"="{DB605C86-77D5-4AFB-80A2-D1C2B12E717C}"
"CO_PS_{55DBA8A2-CF13-4600-8FC8-C7B989ABF841}_1"="{DB605C86-77D5-4AFB-80A2-D1C2B12E717C}"
"QuickStart{4A16DDA3-2513-41ea-90C8-E34A67781129}1"="{DB605C86-77D5-4AFB-80A2-D1C2B12E717C}"
"TRUSTCHANNEL"="{DB605C86-77D5-4AFB-80A2-D1C2B12E717C}"
"SDKCHANNEL1"="{DB605C86-77D5-4AFB-80A2-D1C2B12E717C}"
"g_coUserCommandChannel_S-1-5-21-1265570652-1417869796-3098041197-1000"="{DB605C86-77D5-4AFB-80A2-D1C2B12E717C}"
"ToasterNotify\\SessionID_1"="{DB605C86-77D5-4AFB-80A2-D1C2B12E717C}"
"_IPCChannel_PerformAutoLogin_1_"="{DB605C86-77D5-4AFB-80A2-D1C2B12E717C}"
"{436E95FE-192E-469f-8F34-5038FBA89BF4}1"="{DB605C86-77D5-4AFB-80A2-D1C2B12E717C}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Endpoints]
@Denied: (C D) (Everyone)
"{1E9BDF73-A3D1-4CDF-AEBC-874FC3B44583}"=""
"{DFD5DF7F-607B-4569-9A54-A049856A8BFD}"=""
"{9D14DF19-8BB1-4630-B9FF-042FDA490B3A}"=""
"{1083859F-C9E7-45AA-8E1B-44FB5197C823}"=""
"{867632EC-2975-4134-AEAA-D163B23ADF83}"=""
"{00BCDA76-F386-412B-9CE4-E2666B189EAD}"=""
"{42A07E6B-A190-4BC0-A18E-398728D6DB3D}"=""
"{ED9392F7-FAEF-4791-BA78-46BD322857E3}"=""
"{C10CBB74-8F5B-41AB-8358-039FBC7F4354}"=""
"{40D0DCA3-7FA2-411C-A576-9C3821D95EB0}"=""
"{0D62CBCB-9976-429B-BF62-3A42B297E2CA}"=""
"{FF9CD776-45FF-4F5F-951F-424B991DEA24}"=""
"{2B25F866-F8EB-43C7-8CBD-0641EED90988}"=""
"{CDA2ED07-101C-41ED-8A48-6001F3305CCA}"=""
"{63F5F52F-37BA-4B25-9FB9-AC2EFA78F5AB}"=""
"{F8B5EA22-0785-4B45-8B48-5C5E7694B3B8}"=""
"{B74C6F77-E30F-47E0-BC33-AAD40BEBB1BF}"=""
"{E82E1F1B-9DAB-49D5-AB5B-0491845DAA26}"=""
"{9738080F-416A-43C7-9E30-345D53D8A52A}"=""
"{1285B4DF-EB39-4C0E-A216-BEAD81258025}"=""
"{369A2BD8-3BD7-43CC-A01B-7413BC8096D4}"=""
"{C5549887-00DD-41DA-8E4D-369E1CFB9C95}"=""
"{7F1DAB70-A394-4D45-A1A3-24A61B146E6F}"=""
"{CE89D6BC-381A-4D11-A72D-2C38F83E4E76}"=""
"{F276C7DB-F997-4DE4-8A1B-B10C31EC493A}"=""
"{38463F95-18C2-4E58-855B-5FA478A042AC}"=""
"{35405FA2-C3C7-4891-876A-7AB0D1CBF05E}"=""
"{E4C6416E-2376-42FD-945F-A66F0779E5D1}"=""
"{A9232D53-7960-4A3B-8EBA-F9FD7AA4B426}"=""
"{73A619A0-802D-49D2-A5AE-5D356B86D095}"=""
"{9B84C558-72A6-48CF-A787-397720B246ED}"=""
"{4114BAA8-B3D7-4B61-BC41-D5CB3F5BEBFE}"=""
"{23971592-CC5B-49B0-B982-C4A8F5F33C32}"=""
"{ACEC42CA-5A2F-4585-ABD6-CA4CFF09CD7F}"=""
"{10964F0C-09C2-491A-B913-8F703257855B}"=""
"{5CAD4B86-6C50-4A92-A623-4AB7A744F2EB}"=""
"{1EF2743A-17F8-4BFA-9606-0A00078B9089}"=""
"{0D8ABBA6-ED50-47E9-B77D-126B48E5B7BC}"=""
"{84D66831-DC90-4274-BC05-E2379EF0587F}"=""
"{3000722A-094A-4F6C-9942-9375D005772D}"=""
"{01F7A830-8EF0-4667-B599-5A69E1FA0776}"=""
"{424E71F3-4596-41BD-89FA-A358D0E3A0D1}"=""
"{CBA9F0DB-EAD4-4311-AF7C-95CF5B48A692}"=""
"{B5CA15A6-8104-40B4-A0C5-D10DBDC7D893}"=""
"{D7CA47D1-28E5-4DBA-A545-64558C134F4E}"=""
"{571D4B4A-AB1E-4B4E-8C56-202F35A25DFD}"=""
"{31216BC6-1B6E-4ADC-AFB9-9DD2ABFB55F9}"=""
"{EA4FB5BE-D320-4915-BCD6-D948ADEFE752}"=""
"{798A379F-2CA2-4934-92D7-BD4C40A3D9B2}"=""
"{14F10D00-577D-4907-B03C-346A28E4F50F}"=""
"{135A6BB3-4EE7-4C7D-A21F-2A0EE951582A}"=""
"{91E7D91F-417F-4CC3-A14C-2842E9A7FA57}"=""
"{A4EB1E82-8C79-40FD-B149-98FC8FA7B65B}"=""
"{DB605C86-77D5-4AFB-80A2-D1C2B12E717C}"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\MHotKey.exe
c:\windows\ChiFuncExt.exe
c:\windows\CNYHKey.exe
.
**************************************************************************
.
Completion time: 2012-04-17 19:28:02 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-17 23:28
.
Pre-Run: 595,530,551,296 bytes free
Post-Run: 595,317,903,360 bytes free
.
- - End Of File - - B9B1D5D55C8F06BA87C556A3D2BEE687

Edited by dakthur, 17 April 2012 - 06:43 PM.


#8 dakthur

dakthur
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:33 AM

Posted 17 April 2012 - 06:45 PM

Be back in a few.

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:33 PM

Posted 17 April 2012 - 07:14 PM

The Combofix log looks clean also.

I see you downloaded Symantec's ZeroAccess removal tool on the 17th. Why did you suspect that rootkit?
Posted Image
m0le is a proud member of UNITE

#10 dakthur

dakthur
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:33 AM

Posted 17 April 2012 - 08:14 PM

read discriptions of it and thought it may be that one there is something there are three weird names on the wireless connection list and since realizing it files and folders have been being made and little lock icons placed on them and in security the user S-1-5-2-1...... the numbers in the combofix log appeared and is listed as unknown account. when i go to change certain settings they change right back. i checked the tasks scheduler and there are tasks constantly running that I can't access. also there is constant traffic by programs thuru something called a teredo tunnel adapter which i checked and believe there shouldn't be that much traffic a lot of it gets blocked but not much we just recently realized that our router was only secured by WEP security and we haven't been using wireless device MAC filtering so the wireless adapter on this computer is probably not secure. I've wanted to change the security on the router for a few days now but afraid it would be useless if i'm being keylogged and because a hacker needs to have a program on my computer to continue accessing it so if i changed it then it would just gain access to my router again. the other day i tried making a regular user account to try using that to run scans as opposed to being on this account which is my admin one and when I went to password it a warning came up saying I would lose my entire profile and all encrypted files and such. preety sure theres something just want my computers and network back.

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:33 PM

Posted 18 April 2012 - 05:39 PM

Okay, let's see if we have something like this on this machine.

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:33 PM

Posted 22 April 2012 - 07:25 PM

Hi,

I have not had a reply from you for 5 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:33 PM

Posted 23 April 2012 - 06:18 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users