Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect Virus


  • This topic is locked This topic is locked
57 replies to this topic

#1 ButterButterJam

ButterButterJam

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 12 August 2012 - 12:43 AM

I appear to have the dreaded redirect virus on my machine and can't seem to get rid of it. Also this may or may not be related but Windows Firewall is off and when I try to "Use Recommended Settings" to turn it back on, I get the following message: "Windows Firewall can't change some of your settings. Error code 0x80070424". DDS log is below, and thanks in advance.

Josh


DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Josh at 0:36:07 on 2012-08-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8175.3675 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dleacoms.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files (x86)\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWoW64\svchost.exe
C:\Windows\SysWoW64\svchost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.google.com/
uInternet Settings,ProxyOverride = *.local;<local>
mWinlogon: Userinit=userinit.exe
BHO: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - C:\Program Files\Dell Printable Web\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120622055256.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - C:\Program Files\Dell Printable Web\toolband.dll
uRun: [Akamai NetSession Interface] "C:\Users\Josh\AppData\Local\Akamai\netsession_win.exe"
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [Dell V310-V510 Series] "C:\Program Files (x86)\Dell V310-V510 Series\fm3032.exe" /s
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDQUIC~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\WDDMStatus.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{0E241FFA-CD15-4F4C-82F7-E5CEEB7579E4} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{D9291419-CC78-46CE-B017-0CE1DFBCF768} : DhcpNameServer = 192.168.1.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Dell Toolbar: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120622055256.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: Dell Toolbar: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun-x64: [Dell V310-V510 Series] "C:\Program Files (x86)\Dell V310-V510 Series\fm3032.exe" /s
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
IE-X64: {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk
.
============= SERVICES / DRIVERS ===============
.
R0 FixTDSS;TDSS Fixtool driver;C:\Windows\system32\drivers\FixTDSS.sys --> C:\Windows\system32\drivers\FixTDSS.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 dlea_device;dlea_device;C:\Windows\system32\dleacoms.exe -service --> C:\Windows\system32\dleacoms.exe -service [?]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-9-2 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-9-2 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-7-12 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-7-12 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-5-4 81408]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-7-12 1692480]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-3-19 2666880]
R2 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe [2011-8-1 317328]
R2 WDFMEService;WDFMEService;C:\Program Files\Western Digital\WD SmartWare\WDFME.exe [2011-8-1 1978256]
R2 WDRulesService;WDRulesService;C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-8-1 1338256]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 dleaCATSCustConnectService;dleaCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\dleaserv.exe [2011-8-11 45224]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-9-2 249936]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [2009-12-10 65536]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-11 250056]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-7-12 220528]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\DRIVERS\TsUsbGD.sys --> C:\Windows\system32\DRIVERS\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-9-2 249936]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-08-12 02:30:16 -------- d-----w- C:\Program Files (x86)\Oracle
2012-08-12 02:29:37 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-08-11 23:17:17 -------- d-----w- C:\Program Files (x86)\ESET
2012-08-11 22:41:24 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-08-11 22:01:26 -------- d-----w- C:\Windows\pss
2012-08-11 21:53:52 -------- d-----w- C:\Users\Josh\AppData\Roaming\FixTDSS
2012-08-11 21:53:51 27256 ----a-w- C:\Windows\System32\drivers\FixTDSS.sys
2012-08-07 01:56:56 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
2012-08-07 01:38:39 -------- d-----w- C:\Windows\SysWow64\AGEIA
2012-08-07 01:38:19 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-07-27 19:19:26 -------- d-----w- C:\Users\Josh\AppData\Local\Akamai
2012-07-21 12:47:20 -------- d-----w- C:\Users\Josh\AppData\Roaming\TeamViewer
.
==================== Find3M ====================
.
2012-08-04 03:08:11 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-04 03:08:11 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-03 18:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-25 21:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll
2012-06-12 03:08:36 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 0:36:42.93 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:08 PM

Posted 12 August 2012 - 03:13 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 ButterButterJam

ButterButterJam
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 12 August 2012 - 09:59 AM

Hi Gringo,

Thanks for the quick reply. I've posted the logs from Security Check and Combo Fix Below. The only changes I can see is that Windows asked me if I wanted to make IE my default brower when I opened it, when it already was prior to running Combo Fix.

Thanks,

Josh

Security Check Log:

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
JavaFX 2.1.1
Java™ 6 Update 31
Java™ 7 Update 5
Adobe Reader X (10.1.3)
````````Process Check: objlist.exe by Laurent````````
mcafee VIRUSS~1 mcvsshld.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


ComboFix Log-

ComboFix 12-08-10.02 - Josh 08/12/2012 9:38.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8175.4205 [GMT -5:00]
Running from: c:\users\Josh\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{5b0aac7a-9fe2-be7a-97c6-30208ce6c228}\@
c:\windows\Installer\{5b0aac7a-9fe2-be7a-97c6-30208ce6c228}\L\00000004.@
c:\windows\Installer\{5b0aac7a-9fe2-be7a-97c6-30208ce6c228}\L\201d3dde
c:\windows\Installer\{5b0aac7a-9fe2-be7a-97c6-30208ce6c228}\U\00000004.@
c:\windows\Installer\{5b0aac7a-9fe2-be7a-97c6-30208ce6c228}\U\00000008.@
c:\windows\Installer\{5b0aac7a-9fe2-be7a-97c6-30208ce6c228}\U\000000cb.@
c:\windows\Installer\{5b0aac7a-9fe2-be7a-97c6-30208ce6c228}\U\80000000.@
c:\windows\Installer\{5b0aac7a-9fe2-be7a-97c6-30208ce6c228}\U\80000032.@
c:\windows\Installer\{5b0aac7a-9fe2-be7a-97c6-30208ce6c228}\U\80000064.@
.
.
((((((((((((((((((((((((( Files Created from 2012-07-12 to 2012-08-12 )))))))))))))))))))))))))))))))
.
.
2012-08-12 14:43 . 2012-08-12 14:43 -------- d-----w- c:\users\postgres\AppData\Local\temp
2012-08-12 14:43 . 2012-08-12 14:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-12 02:30 . 2012-08-12 02:30 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-08-12 02:30 . 2012-08-12 02:30 -------- d-----w- c:\program files (x86)\Oracle
2012-08-12 02:29 . 2012-07-06 03:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-11 23:17 . 2012-08-11 23:17 -------- d-----w- c:\program files (x86)\ESET
2012-08-11 22:41 . 2012-08-12 00:12 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-08-11 21:53 . 2012-08-11 21:53 -------- d-----w- c:\users\Josh\AppData\Roaming\FixTDSS
2012-08-11 21:53 . 2012-08-11 21:53 27256 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
2012-08-07 01:56 . 2012-08-07 01:56 -------- d--h--r- c:\users\Josh\AppData\Roaming\SecuROM
2012-08-07 01:56 . 2012-08-07 01:56 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2012-08-07 01:39 . 2012-08-07 01:39 -------- d-----w- c:\program files (x86)\Electronic Arts
2012-08-07 01:38 . 2012-08-07 01:38 -------- d-----w- c:\windows\SysWow64\AGEIA
2012-08-07 01:38 . 2012-08-07 01:38 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2012-08-07 01:38 . 2012-08-07 01:38 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-07-27 19:19 . 2012-08-11 22:52 -------- d-----w- c:\users\Josh\AppData\Local\Akamai
2012-07-21 12:47 . 2012-07-21 12:47 -------- d-----w- c:\users\Josh\AppData\Roaming\TeamViewer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-04 03:08 . 2012-04-11 22:24 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-04 03:08 . 2011-08-19 00:16 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 08:02 . 2011-08-14 16:56 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 18:46 . 2011-12-18 22:49 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-25 21:04 . 2012-06-25 21:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-06-12 03:08 . 2012-07-12 08:05 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-11 09:55 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 09:56 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 09:56 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 09:55 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 09:56 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 09:55 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 09:55 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-26 07:59 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-26 08:00 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-26 08:00 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-26 08:00 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-26 07:59 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-26 08:00 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-26 07:59 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-26 07:59 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-26 07:59 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 12:49 . 2012-07-12 08:01 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-12 08:01 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-12 08:01 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-12 08:01 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-12 08:01 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-12 08:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-12 08:01 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-12 08:01 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-12 08:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-12 08:01 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-12 08:01 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-12 08:01 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-12 08:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-12 08:01 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-12 08:01 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-12 08:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-12 08:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-12 08:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-12 08:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50 . 2012-07-11 09:55 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 09:55 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48 . 2012-07-11 09:55 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45 . 2012-07-11 09:55 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 09:55 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 09:55 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 09:55 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 09:55 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 09:55 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-21 . 57300E71DFBB58D8ED0D7B9813E55795 . 857600 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Josh\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-05-30 885760]
"Dell V310-V510 Series"="c:\program files (x86)\Dell V310-V510 Series\fm3032.exe" [2011-01-24 316072]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WD Quick View.lnk - c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe [2011-8-1 4221840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 dleaCATSCustConnectService;dleaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [2010-05-21 45224]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-04 250056]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2010-08-30 220528]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\DRIVERS\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-13 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 FixTDSS;TDSS Fixtool driver;c:\windows\system32\drivers\FixTDSS.sys [2012-08-11 27256]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe [2010-05-21 1052328]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-05-04 81408]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [2009-12-10 65536]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [2011-08-01 317328]
S2 WDFMEService;WDFMEService;c:\program files\Western Digital\WD SmartWare\WDFME.exe [2011-08-01 1978256]
S2 WDRulesService;WDRulesService;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-08-01 1338256]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-06-21 131688]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-14 413800]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 03:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-05-30 2055816]
"dleamon.exe"="c:\program files (x86)\Dell V310-V510 Series\dleamon.exe" [2011-01-24 770728]
"EzPrint"="c:\program files (x86)\Dell V310-V510 Series\ezprint.exe" [2011-01-24 139944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{09B71986-2AC5-482D-B6CB-42EA34F4F85B}"=hex:51,66,7a,6c,4c,1d,38,12,e8,1a,a4,
0d,f7,64,43,0d,c9,dd,01,aa,31,aa,bc,4f
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{27B4851A-3207-45A2-B947-BE8AFE6163AB}"=hex:51,66,7a,6c,4c,1d,38,12,74,86,a7,
23,35,7c,cc,00,c6,51,fd,ca,fb,3f,27,bf
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,38,12,ce,d6,a1,
79,73,3c,17,0b,c9,9b,20,49,f5,42,16,25
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:e6,d0,4f,0b,f7,77,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0b,a6,cf,bf,2e,a6,19,4d,b7,df,f0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0b,a6,cf,bf,2e,a6,19,4d,b7,df,f0,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
.
**************************************************************************
.
Completion time: 2012-08-12 09:52:34 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-12 14:52
.
Pre-Run: 892,294,021,120 bytes free
Post-Run: 892,061,929,472 bytes free
.
- - End Of File - - 91B9586B910B0CC535BE2E7CF826582F

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:08 PM

Posted 12 August 2012 - 11:35 AM

Greetings

Thank you for getting me the report I want to do some deeper digging so I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 ButterButterJam

ButterButterJam
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 12 August 2012 - 11:58 AM

Hi Gringo,

No issues running either program that I could tell. Here are their log files:

TDSS Killer Log:

11:38:53.0402 7072 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
11:38:55.0414 7072 ============================================================
11:38:55.0414 7072 Current date / time: 2012/08/12 11:38:55.0414
11:38:55.0414 7072 SystemInfo:
11:38:55.0414 7072
11:38:55.0414 7072 OS Version: 6.1.7601 ServicePack: 1.0
11:38:55.0414 7072 Product type: Workstation
11:38:55.0414 7072 ComputerName: JOSH-PC
11:38:55.0414 7072 UserName: Josh
11:38:55.0414 7072 Windows directory: C:\Windows
11:38:55.0414 7072 System windows directory: C:\Windows
11:38:55.0414 7072 Running under WOW64
11:38:55.0414 7072 Processor architecture: Intel x64
11:38:55.0414 7072 Number of processors: 4
11:38:55.0414 7072 Page size: 0x1000
11:38:55.0414 7072 Boot type: Normal boot
11:38:55.0414 7072 ============================================================
11:38:56.0163 7072 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:38:56.0257 7072 ============================================================
11:38:56.0257 7072 \Device\Harddisk0\DR0:
11:38:56.0257 7072 MBR partitions:
11:38:56.0257 7072 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D9F000
11:38:56.0257 7072 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1DB3000, BlocksNum 0x72953000
11:38:56.0257 7072 ============================================================
11:38:56.0272 7072 C: <-> \Device\Harddisk0\DR0\Partition1
11:38:56.0272 7072 ============================================================
11:38:56.0272 7072 Initialize success
11:38:56.0272 7072 ============================================================
11:38:59.0190 6332 ============================================================
11:38:59.0190 6332 Scan started
11:38:59.0190 6332 Mode: Manual;
11:38:59.0190 6332 ============================================================
11:39:03.0012 6332 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:39:03.0012 6332 1394ohci - ok
11:39:03.0043 6332 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:39:03.0043 6332 ACPI - ok
11:39:03.0043 6332 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:39:03.0043 6332 AcpiPmi - ok
11:39:03.0136 6332 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:39:03.0136 6332 AdobeARMservice - ok
11:39:03.0261 6332 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:39:03.0261 6332 AdobeFlashPlayerUpdateSvc - ok
11:39:03.0292 6332 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
11:39:03.0308 6332 adp94xx - ok
11:39:03.0339 6332 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
11:39:03.0339 6332 adpahci - ok
11:39:03.0355 6332 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
11:39:03.0355 6332 adpu320 - ok
11:39:03.0386 6332 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
11:39:03.0386 6332 AeLookupSvc - ok
11:39:03.0448 6332 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
11:39:03.0448 6332 AFD - ok
11:39:03.0464 6332 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:39:03.0464 6332 agp440 - ok
11:39:03.0480 6332 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
11:39:03.0480 6332 ALG - ok
11:39:03.0480 6332 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:39:03.0480 6332 aliide - ok
11:39:03.0495 6332 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:39:03.0495 6332 amdide - ok
11:39:03.0495 6332 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
11:39:03.0495 6332 AmdK8 - ok
11:39:03.0526 6332 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
11:39:03.0526 6332 AmdPPM - ok
11:39:03.0558 6332 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:39:03.0558 6332 amdsata - ok
11:39:03.0573 6332 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
11:39:03.0573 6332 amdsbs - ok
11:39:03.0589 6332 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:39:03.0589 6332 amdxata - ok
11:39:03.0589 6332 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:39:03.0604 6332 AppID - ok
11:39:03.0604 6332 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
11:39:03.0604 6332 AppIDSvc - ok
11:39:03.0636 6332 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
11:39:03.0651 6332 Appinfo - ok
11:39:03.0776 6332 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:39:03.0776 6332 Apple Mobile Device - ok
11:39:03.0807 6332 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
11:39:03.0807 6332 arc - ok
11:39:03.0823 6332 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
11:39:03.0823 6332 arcsas - ok
11:39:03.0901 6332 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:39:03.0901 6332 aspnet_state - ok
11:39:03.0916 6332 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:39:03.0932 6332 AsyncMac - ok
11:39:03.0948 6332 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:39:03.0948 6332 atapi - ok
11:39:04.0057 6332 athr (96abf88241f90ff647e55c934c55c2f1) C:\Windows\system32\DRIVERS\athrx.sys
11:39:04.0088 6332 athr - ok
11:39:04.0197 6332 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:39:04.0244 6332 AudioEndpointBuilder - ok
11:39:04.0260 6332 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:39:04.0260 6332 AudioSrv - ok
11:39:04.0291 6332 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
11:39:04.0291 6332 AxInstSV - ok
11:39:04.0338 6332 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
11:39:04.0353 6332 b06bdrv - ok
11:39:04.0369 6332 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:39:04.0369 6332 b57nd60a - ok
11:39:04.0400 6332 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
11:39:04.0400 6332 BDESVC - ok
11:39:04.0400 6332 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:39:04.0400 6332 Beep - ok
11:39:04.0462 6332 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
11:39:04.0494 6332 BFE - ok
11:39:04.0525 6332 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:39:04.0525 6332 blbdrive - ok
11:39:04.0618 6332 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
11:39:04.0618 6332 Bonjour Service - ok
11:39:04.0665 6332 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:39:04.0665 6332 bowser - ok
11:39:04.0681 6332 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
11:39:04.0681 6332 BrFiltLo - ok
11:39:04.0681 6332 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
11:39:04.0681 6332 BrFiltUp - ok
11:39:04.0696 6332 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
11:39:04.0696 6332 BridgeMP - ok
11:39:04.0712 6332 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
11:39:04.0712 6332 Browser - ok
11:39:04.0728 6332 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:39:04.0728 6332 Brserid - ok
11:39:04.0743 6332 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:39:04.0743 6332 BrSerWdm - ok
11:39:04.0743 6332 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:39:04.0743 6332 BrUsbMdm - ok
11:39:04.0743 6332 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:39:04.0743 6332 BrUsbSer - ok
11:39:04.0759 6332 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
11:39:04.0759 6332 BTHMODEM - ok
11:39:04.0759 6332 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
11:39:04.0774 6332 bthserv - ok
11:39:04.0774 6332 catchme - ok
11:39:04.0806 6332 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:39:04.0806 6332 cdfs - ok
11:39:04.0837 6332 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
11:39:04.0837 6332 cdrom - ok
11:39:04.0868 6332 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:39:04.0868 6332 CertPropSvc - ok
11:39:04.0899 6332 cfwids (274ce03459896006f7a5069266e0469e) C:\Windows\system32\drivers\cfwids.sys
11:39:04.0899 6332 cfwids - ok
11:39:04.0915 6332 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
11:39:04.0915 6332 circlass - ok
11:39:04.0962 6332 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:39:04.0962 6332 CLFS - ok
11:39:05.0024 6332 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:39:05.0024 6332 clr_optimization_v2.0.50727_32 - ok
11:39:05.0055 6332 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:39:05.0055 6332 clr_optimization_v2.0.50727_64 - ok
11:39:05.0086 6332 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:39:05.0086 6332 clr_optimization_v4.0.30319_32 - ok
11:39:05.0118 6332 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:39:05.0118 6332 clr_optimization_v4.0.30319_64 - ok
11:39:05.0149 6332 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
11:39:05.0149 6332 CmBatt - ok
11:39:05.0149 6332 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:39:05.0149 6332 cmdide - ok
11:39:05.0196 6332 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
11:39:05.0196 6332 CNG - ok
11:39:05.0305 6332 CnxtHdAudService (5c855932e4df00b1b6f5f6f57e82b6c5) C:\Windows\system32\drivers\CHDRT64.sys
11:39:05.0352 6332 CnxtHdAudService - ok
11:39:05.0430 6332 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
11:39:05.0430 6332 Compbatt - ok
11:39:05.0445 6332 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
11:39:05.0445 6332 CompositeBus - ok
11:39:05.0461 6332 COMSysApp - ok
11:39:05.0492 6332 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
11:39:05.0492 6332 crcdisk - ok
11:39:05.0539 6332 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
11:39:05.0539 6332 CryptSvc - ok
11:39:05.0601 6332 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:39:05.0601 6332 DcomLaunch - ok
11:39:05.0664 6332 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
11:39:05.0664 6332 defragsvc - ok
11:39:05.0679 6332 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:39:05.0679 6332 DfsC - ok
11:39:05.0726 6332 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
11:39:05.0757 6332 Dhcp - ok
11:39:05.0773 6332 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:39:05.0773 6332 discache - ok
11:39:05.0788 6332 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
11:39:05.0788 6332 Disk - ok
11:39:05.0866 6332 dleaCATSCustConnectService (1017d70abe5483f40c10b7774397d120) C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe
11:39:05.0913 6332 dleaCATSCustConnectService - ok
11:39:05.0929 6332 dlea_device - ok
11:39:05.0960 6332 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
11:39:05.0991 6332 Dnscache - ok
11:39:06.0007 6332 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
11:39:06.0038 6332 dot3svc - ok
11:39:06.0100 6332 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
11:39:06.0100 6332 DPS - ok
11:39:06.0132 6332 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:39:06.0132 6332 drmkaud - ok
11:39:06.0178 6332 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:39:06.0194 6332 DXGKrnl - ok
11:39:06.0210 6332 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
11:39:06.0210 6332 EapHost - ok
11:39:06.0334 6332 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
11:39:06.0381 6332 ebdrv - ok
11:39:06.0490 6332 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
11:39:06.0490 6332 EFS - ok
11:39:06.0568 6332 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
11:39:06.0568 6332 ehRecvr - ok
11:39:06.0600 6332 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
11:39:06.0600 6332 ehSched - ok
11:39:06.0646 6332 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
11:39:06.0662 6332 elxstor - ok
11:39:06.0662 6332 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:39:06.0662 6332 ErrDev - ok
11:39:06.0709 6332 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
11:39:06.0709 6332 EventSystem - ok
11:39:06.0724 6332 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:39:06.0724 6332 exfat - ok
11:39:06.0756 6332 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:39:06.0756 6332 fastfat - ok
11:39:06.0802 6332 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
11:39:06.0802 6332 Fax - ok
11:39:06.0818 6332 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
11:39:06.0818 6332 fdc - ok
11:39:06.0834 6332 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
11:39:06.0834 6332 fdPHost - ok
11:39:06.0849 6332 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
11:39:06.0849 6332 FDResPub - ok
11:39:06.0865 6332 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:39:06.0865 6332 FileInfo - ok
11:39:06.0880 6332 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:39:06.0880 6332 Filetrace - ok
11:39:06.0912 6332 FixTDSS (00940c5e43282206994659d16b4ac412) C:\Windows\system32\drivers\FixTDSS.sys
11:39:06.0912 6332 FixTDSS - ok
11:39:06.0927 6332 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
11:39:06.0927 6332 flpydisk - ok
11:39:06.0958 6332 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:39:06.0958 6332 FltMgr - ok
11:39:07.0036 6332 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
11:39:07.0068 6332 FontCache - ok
11:39:07.0130 6332 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:39:07.0130 6332 FontCache3.0.0.0 - ok
11:39:07.0161 6332 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:39:07.0161 6332 FsDepends - ok
11:39:07.0192 6332 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
11:39:07.0192 6332 Fs_Rec - ok
11:39:07.0224 6332 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:39:07.0224 6332 fvevol - ok
11:39:07.0255 6332 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
11:39:07.0255 6332 gagp30kx - ok
11:39:07.0286 6332 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:39:07.0286 6332 GEARAspiWDM - ok
11:39:07.0333 6332 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
11:39:07.0380 6332 gpsvc - ok
11:39:07.0411 6332 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:39:07.0411 6332 hcw85cir - ok
11:39:07.0442 6332 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:39:07.0442 6332 HDAudBus - ok
11:39:07.0458 6332 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
11:39:07.0458 6332 HidBatt - ok
11:39:07.0458 6332 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
11:39:07.0458 6332 HidBth - ok
11:39:07.0473 6332 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
11:39:07.0473 6332 HidIr - ok
11:39:07.0489 6332 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
11:39:07.0489 6332 hidserv - ok
11:39:07.0504 6332 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:39:07.0551 6332 HidUsb - ok
11:39:07.0567 6332 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
11:39:07.0582 6332 hkmsvc - ok
11:39:07.0598 6332 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
11:39:07.0598 6332 HomeGroupListener - ok
11:39:07.0629 6332 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
11:39:07.0629 6332 HomeGroupProvider - ok
11:39:07.0629 6332 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:39:07.0629 6332 HpSAMD - ok
11:39:07.0676 6332 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
11:39:07.0676 6332 HTCAND64 - ok
11:39:07.0723 6332 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
11:39:07.0723 6332 htcnprot - ok
11:39:07.0770 6332 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:39:07.0770 6332 HTTP - ok
11:39:07.0785 6332 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:39:07.0785 6332 hwpolicy - ok
11:39:07.0816 6332 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:39:07.0816 6332 i8042prt - ok
11:39:07.0863 6332 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:39:07.0879 6332 iaStorV - ok
11:39:08.0113 6332 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:39:08.0128 6332 idsvc - ok
11:39:08.0160 6332 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
11:39:08.0160 6332 iirsp - ok
11:39:08.0206 6332 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
11:39:08.0222 6332 IKEEXT - ok
11:39:08.0238 6332 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:39:08.0238 6332 intelide - ok
11:39:08.0253 6332 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:39:08.0253 6332 intelppm - ok
11:39:08.0269 6332 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
11:39:08.0269 6332 IPBusEnum - ok
11:39:08.0284 6332 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:39:08.0284 6332 IpFilterDriver - ok
11:39:08.0331 6332 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
11:39:08.0331 6332 iphlpsvc - ok
11:39:08.0362 6332 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:39:08.0362 6332 IPMIDRV - ok
11:39:08.0362 6332 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:39:08.0362 6332 IPNAT - ok
11:39:08.0472 6332 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
11:39:08.0472 6332 iPod Service - ok
11:39:08.0487 6332 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:39:08.0487 6332 IRENUM - ok
11:39:08.0487 6332 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:39:08.0503 6332 isapnp - ok
11:39:08.0518 6332 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:39:08.0518 6332 iScsiPrt - ok
11:39:08.0534 6332 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
11:39:08.0534 6332 kbdclass - ok
11:39:08.0550 6332 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
11:39:08.0550 6332 kbdhid - ok
11:39:08.0581 6332 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:39:08.0581 6332 KeyIso - ok
11:39:08.0628 6332 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
11:39:08.0628 6332 KSecDD - ok
11:39:08.0643 6332 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
11:39:08.0643 6332 KSecPkg - ok
11:39:08.0659 6332 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:39:08.0659 6332 ksthunk - ok
11:39:08.0690 6332 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
11:39:08.0706 6332 KtmRm - ok
11:39:08.0737 6332 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
11:39:08.0784 6332 LanmanServer - ok
11:39:08.0799 6332 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
11:39:08.0815 6332 LanmanWorkstation - ok
11:39:08.0846 6332 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:39:08.0846 6332 lltdio - ok
11:39:08.0877 6332 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
11:39:08.0893 6332 lltdsvc - ok
11:39:08.0908 6332 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
11:39:08.0908 6332 lmhosts - ok
11:39:08.0940 6332 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
11:39:08.0940 6332 LSI_FC - ok
11:39:08.0955 6332 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
11:39:08.0955 6332 LSI_SAS - ok
11:39:08.0955 6332 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
11:39:08.0955 6332 LSI_SAS2 - ok
11:39:08.0971 6332 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
11:39:08.0971 6332 LSI_SCSI - ok
11:39:08.0986 6332 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:39:08.0986 6332 luafv - ok
11:39:09.0064 6332 McAWFwk (b6bd99c3e23507a732c474caa620c0d7) c:\PROGRA~1\mcafee\msc\mcawfwk.exe
11:39:09.0064 6332 McAWFwk - ok
11:39:09.0142 6332 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
11:39:09.0142 6332 McMPFSvc - ok
11:39:09.0142 6332 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
11:39:09.0158 6332 mcmscsvc - ok
11:39:09.0158 6332 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
11:39:09.0158 6332 McNaiAnn - ok
11:39:09.0174 6332 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
11:39:09.0174 6332 McNASvc - ok
11:39:09.0236 6332 McODS (dd2321925274f2902929d76ce2b0eb45) C:\Program Files\mcafee\VirusScan\mcods.exe
11:39:09.0236 6332 McODS - ok
11:39:09.0252 6332 McOobeSv (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
11:39:09.0252 6332 McOobeSv - ok
11:39:09.0252 6332 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
11:39:09.0252 6332 McProxy - ok
11:39:09.0298 6332 McShield (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
11:39:09.0298 6332 McShield - ok
11:39:09.0392 6332 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
11:39:09.0392 6332 Mcx2Svc - ok
11:39:09.0408 6332 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
11:39:09.0408 6332 megasas - ok
11:39:09.0439 6332 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
11:39:09.0454 6332 MegaSR - ok
11:39:09.0486 6332 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
11:39:09.0486 6332 MEIx64 - ok
11:39:09.0501 6332 mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\Windows\system32\drivers\mfeapfk.sys
11:39:09.0501 6332 mfeapfk - ok
11:39:09.0532 6332 mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\Windows\system32\drivers\mfeavfk.sys
11:39:09.0579 6332 mfeavfk - ok
11:39:09.0595 6332 mfeavfk01 - ok
11:39:09.0610 6332 mfefire (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
11:39:09.0610 6332 mfefire - ok
11:39:09.0642 6332 mfefirek (ce9a3680675c0907ade16404ca967b49) C:\Windows\system32\drivers\mfefirek.sys
11:39:09.0657 6332 mfefirek - ok
11:39:09.0688 6332 mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\Windows\system32\drivers\mfehidk.sys
11:39:09.0688 6332 mfehidk - ok
11:39:09.0720 6332 mfenlfk (a8129cfb919347f8533c934b365e9202) C:\Windows\system32\DRIVERS\mfenlfk.sys
11:39:09.0720 6332 mfenlfk - ok
11:39:09.0751 6332 mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\Windows\system32\drivers\mferkdet.sys
11:39:09.0751 6332 mferkdet - ok
11:39:09.0798 6332 mfevtp (723a5eb6cef7f408c3d0f15a82a6bff8) C:\Windows\system32\mfevtps.exe
11:39:09.0798 6332 mfevtp - ok
11:39:09.0813 6332 mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\Windows\system32\drivers\mfewfpk.sys
11:39:09.0813 6332 mfewfpk - ok
11:39:09.0844 6332 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:39:09.0844 6332 MMCSS - ok
11:39:09.0860 6332 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:39:09.0860 6332 Modem - ok
11:39:09.0907 6332 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:39:09.0907 6332 monitor - ok
11:39:09.0938 6332 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:39:09.0938 6332 mouclass - ok
11:39:09.0954 6332 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:39:09.0954 6332 mouhid - ok
11:39:09.0969 6332 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:39:09.0969 6332 mountmgr - ok
11:39:09.0985 6332 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:39:10.0016 6332 mpio - ok
11:39:10.0047 6332 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:39:10.0047 6332 mpsdrv - ok
11:39:10.0110 6332 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
11:39:10.0110 6332 MpsSvc - ok
11:39:10.0125 6332 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:39:10.0125 6332 MRxDAV - ok
11:39:10.0172 6332 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:39:10.0172 6332 mrxsmb - ok
11:39:10.0188 6332 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:39:10.0188 6332 mrxsmb10 - ok
11:39:10.0219 6332 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:39:10.0219 6332 mrxsmb20 - ok
11:39:10.0219 6332 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:39:10.0266 6332 msahci - ok
11:39:10.0281 6332 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:39:10.0281 6332 msdsm - ok
11:39:10.0297 6332 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
11:39:10.0297 6332 MSDTC - ok
11:39:10.0312 6332 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:39:10.0312 6332 Msfs - ok
11:39:10.0328 6332 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:39:10.0328 6332 mshidkmdf - ok
11:39:10.0344 6332 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:39:10.0344 6332 msisadrv - ok
11:39:10.0359 6332 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
11:39:10.0375 6332 MSiSCSI - ok
11:39:10.0375 6332 msiserver - ok
11:39:10.0468 6332 MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
11:39:10.0468 6332 MSK80Service - ok
11:39:10.0484 6332 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:39:10.0484 6332 MSKSSRV - ok
11:39:10.0484 6332 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:39:10.0484 6332 MSPCLOCK - ok
11:39:10.0500 6332 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:39:10.0500 6332 MSPQM - ok
11:39:10.0531 6332 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:39:10.0531 6332 MsRPC - ok
11:39:10.0546 6332 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
11:39:10.0546 6332 mssmbios - ok
11:39:10.0546 6332 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:39:10.0546 6332 MSTEE - ok
11:39:10.0562 6332 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
11:39:10.0562 6332 MTConfig - ok
11:39:10.0562 6332 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:39:10.0562 6332 Mup - ok
11:39:10.0593 6332 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
11:39:10.0593 6332 napagent - ok
11:39:10.0640 6332 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:39:10.0656 6332 NativeWifiP - ok
11:39:10.0718 6332 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
11:39:10.0734 6332 NDIS - ok
11:39:10.0749 6332 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:39:10.0749 6332 NdisCap - ok
11:39:10.0765 6332 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:39:10.0780 6332 NdisTapi - ok
11:39:10.0780 6332 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:39:10.0796 6332 Ndisuio - ok
11:39:10.0812 6332 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:39:10.0812 6332 NdisWan - ok
11:39:10.0827 6332 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:39:10.0858 6332 NDProxy - ok
11:39:10.0874 6332 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:39:10.0874 6332 NetBIOS - ok
11:39:10.0890 6332 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:39:10.0890 6332 NetBT - ok
11:39:10.0921 6332 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:39:10.0921 6332 Netlogon - ok
11:39:10.0952 6332 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
11:39:10.0968 6332 Netman - ok
11:39:11.0030 6332 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:39:11.0030 6332 NetMsmqActivator - ok
11:39:11.0030 6332 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:39:11.0030 6332 NetPipeActivator - ok
11:39:11.0046 6332 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
11:39:11.0061 6332 netprofm - ok
11:39:11.0061 6332 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:39:11.0061 6332 NetTcpActivator - ok
11:39:11.0061 6332 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:39:11.0061 6332 NetTcpPortSharing - ok
11:39:11.0108 6332 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
11:39:11.0108 6332 nfrd960 - ok
11:39:11.0139 6332 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
11:39:11.0139 6332 NlaSvc - ok
11:39:11.0326 6332 NOBU (b9b72faaaa41d59b73b88fe3dd737ed1) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
11:39:11.0342 6332 NOBU - ok
11:39:11.0404 6332 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:39:11.0404 6332 Npfs - ok
11:39:11.0420 6332 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
11:39:11.0420 6332 nsi - ok
11:39:11.0436 6332 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:39:11.0436 6332 nsiproxy - ok
11:39:11.0529 6332 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:39:11.0545 6332 Ntfs - ok
11:39:11.0592 6332 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:39:11.0592 6332 Null - ok
11:39:11.0638 6332 NVHDA (e20abd5b229760158f753ca90b97e090) C:\Windows\system32\drivers\nvhda64v.sys
11:39:11.0638 6332 NVHDA - ok
11:39:12.0013 6332 nvlddmkm (5aabb55ce67386bdc623e6c61f8c0970) C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:39:12.0247 6332 nvlddmkm - ok
11:39:12.0356 6332 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:39:12.0372 6332 nvraid - ok
11:39:12.0387 6332 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:39:12.0387 6332 nvstor - ok
11:39:12.0403 6332 nvsvc (361da0baa15e48349aeef0a3ba2ebeec) C:\Windows\system32\nvvsvc.exe
11:39:12.0418 6332 nvsvc - ok
11:39:12.0450 6332 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:39:12.0450 6332 nv_agp - ok
11:39:12.0465 6332 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:39:12.0465 6332 ohci1394 - ok
11:39:12.0543 6332 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:39:12.0590 6332 ose - ok
11:39:12.0808 6332 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:39:12.0871 6332 osppsvc - ok
11:39:12.0980 6332 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:39:12.0980 6332 p2pimsvc - ok
11:39:13.0011 6332 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
11:39:13.0011 6332 p2psvc - ok
11:39:13.0027 6332 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
11:39:13.0027 6332 Parport - ok
11:39:13.0058 6332 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
11:39:13.0058 6332 partmgr - ok
11:39:13.0136 6332 PassThru Service (8f873bd8188ed208922cae9b79dd6a35) C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
11:39:13.0136 6332 PassThru Service - ok
11:39:13.0308 6332 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
11:39:13.0323 6332 PcaSvc - ok
11:39:13.0339 6332 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:39:13.0339 6332 pci - ok
11:39:13.0354 6332 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:39:13.0354 6332 pciide - ok
11:39:13.0370 6332 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
11:39:13.0386 6332 pcmcia - ok
11:39:13.0386 6332 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:39:13.0401 6332 pcw - ok
11:39:13.0432 6332 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:39:13.0448 6332 PEAUTH - ok
11:39:13.0510 6332 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
11:39:13.0510 6332 PerfHost - ok
11:39:13.0620 6332 pgsql-8.3 (acc93675d78d1c07dad09d7837f2397a) C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
11:39:13.0620 6332 pgsql-8.3 - ok
11:39:13.0698 6332 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
11:39:13.0713 6332 pla - ok
11:39:13.0760 6332 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
11:39:13.0776 6332 PlugPlay - ok
11:39:13.0854 6332 PnkBstrA (c183b7e8c4dd96af66d7ace48d2d9b05) C:\Program Files (x86)\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
11:39:13.0854 6332 PnkBstrA - ok
11:39:13.0869 6332 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
11:39:13.0869 6332 PNRPAutoReg - ok
11:39:13.0900 6332 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:39:13.0900 6332 PNRPsvc - ok
11:39:13.0932 6332 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
11:39:13.0978 6332 PolicyAgent - ok
11:39:14.0010 6332 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
11:39:14.0010 6332 Power - ok
11:39:14.0056 6332 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:39:14.0056 6332 PptpMiniport - ok
11:39:14.0072 6332 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
11:39:14.0072 6332 Processor - ok
11:39:14.0103 6332 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
11:39:14.0134 6332 ProfSvc - ok
11:39:14.0181 6332 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:39:14.0181 6332 ProtectedStorage - ok
11:39:14.0212 6332 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:39:14.0212 6332 Psched - ok
11:39:14.0244 6332 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
11:39:14.0244 6332 PxHlpa64 - ok
11:39:14.0322 6332 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
11:39:14.0353 6332 ql2300 - ok
11:39:14.0431 6332 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
11:39:14.0431 6332 ql40xx - ok
11:39:14.0478 6332 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
11:39:14.0478 6332 QWAVE - ok
11:39:14.0493 6332 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:39:14.0493 6332 QWAVEdrv - ok
11:39:14.0493 6332 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:39:14.0493 6332 RasAcd - ok
11:39:14.0524 6332 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:39:14.0524 6332 RasAgileVpn - ok
11:39:14.0540 6332 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
11:39:14.0540 6332 RasAuto - ok
11:39:14.0556 6332 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:39:14.0571 6332 Rasl2tp - ok
11:39:14.0587 6332 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
11:39:14.0634 6332 RasMan - ok
11:39:14.0649 6332 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:39:14.0649 6332 RasPppoe - ok
11:39:14.0665 6332 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:39:14.0665 6332 RasSstp - ok
11:39:14.0696 6332 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:39:14.0696 6332 rdbss - ok
11:39:14.0712 6332 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
11:39:14.0712 6332 rdpbus - ok
11:39:14.0743 6332 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:39:14.0743 6332 RDPCDD - ok
11:39:14.0758 6332 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:39:14.0758 6332 RDPENCDD - ok
11:39:14.0774 6332 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:39:14.0774 6332 RDPREFMP - ok
11:39:14.0805 6332 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
11:39:14.0805 6332 RDPWD - ok
11:39:14.0836 6332 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:39:14.0836 6332 rdyboost - ok
11:39:14.0868 6332 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
11:39:14.0868 6332 RemoteAccess - ok
11:39:14.0883 6332 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
11:39:14.0899 6332 RemoteRegistry - ok
11:39:15.0024 6332 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
11:39:15.0024 6332 RoxMediaDB12OEM - ok
11:39:15.0070 6332 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
11:39:15.0070 6332 RoxWatch12 - ok
11:39:15.0133 6332 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
11:39:15.0148 6332 RpcEptMapper - ok
11:39:15.0164 6332 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
11:39:15.0164 6332 RpcLocator - ok
11:39:15.0211 6332 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:39:15.0226 6332 RpcSs - ok
11:39:15.0258 6332 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:39:15.0258 6332 rspndr - ok
11:39:15.0304 6332 RTL8167 (6d3c7e7d82d3dc92dc2a8b0df9f20f8a) C:\Windows\system32\DRIVERS\Rt64win7.sys
11:39:15.0304 6332 RTL8167 - ok
11:39:15.0351 6332 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:39:15.0351 6332 SamSs - ok
11:39:15.0367 6332 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:39:15.0367 6332 sbp2port - ok
11:39:15.0398 6332 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
11:39:15.0398 6332 SCardSvr - ok
11:39:15.0414 6332 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:39:15.0414 6332 scfilter - ok
11:39:15.0476 6332 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
11:39:15.0507 6332 Schedule - ok
11:39:15.0538 6332 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:39:15.0538 6332 SCPolicySvc - ok
11:39:15.0554 6332 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
11:39:15.0554 6332 SDRSVC - ok
11:39:15.0585 6332 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:39:15.0585 6332 secdrv - ok
11:39:15.0601 6332 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
11:39:15.0601 6332 seclogon - ok
11:39:15.0616 6332 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
11:39:15.0616 6332 SENS - ok
11:39:15.0632 6332 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
11:39:15.0632 6332 SensrSvc - ok
11:39:15.0648 6332 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
11:39:15.0648 6332 Serenum - ok
11:39:15.0663 6332 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
11:39:15.0663 6332 Serial - ok
11:39:15.0679 6332 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
11:39:15.0679 6332 sermouse - ok
11:39:15.0694 6332 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
11:39:15.0694 6332 SessionEnv - ok
11:39:15.0710 6332 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:39:15.0710 6332 sffdisk - ok
11:39:15.0710 6332 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:39:15.0710 6332 sffp_mmc - ok
11:39:15.0710 6332 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:39:15.0710 6332 sffp_sd - ok
11:39:15.0710 6332 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
11:39:15.0710 6332 sfloppy - ok
11:39:15.0991 6332 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
11:39:16.0038 6332 SftService - ok
11:39:16.0131 6332 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
11:39:16.0131 6332 SharedAccess - ok
11:39:16.0162 6332 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
11:39:16.0162 6332 ShellHWDetection - ok
11:39:16.0178 6332 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
11:39:16.0178 6332 SiSRaid2 - ok
11:39:16.0178 6332 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
11:39:16.0178 6332 SiSRaid4 - ok
11:39:16.0194 6332 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:39:16.0194 6332 Smb - ok
11:39:16.0209 6332 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
11:39:16.0209 6332 SNMPTRAP - ok
11:39:16.0225 6332 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:39:16.0225 6332 spldr - ok
11:39:16.0256 6332 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
11:39:16.0272 6332 Spooler - ok
11:39:16.0412 6332 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
11:39:16.0428 6332 sppsvc - ok
11:39:16.0459 6332 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
11:39:16.0459 6332 sppuinotify - ok
11:39:16.0521 6332 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:39:16.0521 6332 srv - ok
11:39:16.0552 6332 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:39:16.0568 6332 srv2 - ok
11:39:16.0584 6332 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:39:16.0584 6332 srvnet - ok
11:39:16.0615 6332 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
11:39:16.0615 6332 SSDPSRV - ok
11:39:16.0630 6332 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
11:39:16.0630 6332 SstpSvc - ok
11:39:16.0646 6332 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
11:39:16.0646 6332 stexstor - ok
11:39:16.0693 6332 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
11:39:16.0693 6332 stisvc - ok
11:39:16.0740 6332 stllssvr (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
11:39:16.0786 6332 stllssvr - ok
11:39:16.0802 6332 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
11:39:16.0802 6332 swenum - ok
11:39:16.0818 6332 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
11:39:16.0833 6332 swprv - ok
11:39:16.0896 6332 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
11:39:16.0911 6332 SysMain - ok
11:39:16.0989 6332 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
11:39:16.0989 6332 TabletInputService - ok
11:39:17.0020 6332 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
11:39:17.0020 6332 TapiSrv - ok
11:39:17.0036 6332 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
11:39:17.0036 6332 TBS - ok
11:39:17.0145 6332 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
11:39:17.0161 6332 Tcpip - ok
11:39:17.0301 6332 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
11:39:17.0317 6332 TCPIP6 - ok
11:39:17.0379 6332 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:39:17.0379 6332 tcpipreg - ok
11:39:17.0379 6332 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:39:17.0395 6332 TDPIPE - ok
11:39:17.0410 6332 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
11:39:17.0410 6332 TDTCP - ok
11:39:17.0442 6332 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:39:17.0442 6332 tdx - ok
11:39:17.0629 6332 TeamViewer7 (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
11:39:17.0644 6332 TeamViewer7 - ok
11:39:17.0691 6332 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
11:39:17.0691 6332 TermDD - ok
11:39:17.0722 6332 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
11:39:17.0738 6332 TermService - ok
11:39:17.0754 6332 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
11:39:17.0754 6332 Themes - ok
11:39:17.0785 6332 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:39:17.0785 6332 THREADORDER - ok
11:39:17.0800 6332 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
11:39:17.0800 6332 TrkWks - ok
11:39:17.0832 6332 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
11:39:17.0832 6332 TrustedInstaller - ok
11:39:17.0863 6332 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:39:17.0863 6332 tssecsrv - ok
11:39:17.0878 6332 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:39:17.0894 6332 TsUsbFlt - ok
11:39:17.0910 6332 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\DRIVERS\TsUsbGD.sys
11:39:17.0910 6332 TsUsbGD - ok
11:39:17.0941 6332 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:39:17.0941 6332 tunnel - ok
11:39:17.0941 6332 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
11:39:17.0941 6332 uagp35 - ok
11:39:17.0972 6332 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:39:17.0972 6332 udfs - ok
11:39:17.0988 6332 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
11:39:17.0988 6332 UI0Detect - ok
11:39:18.0003 6332 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:39:18.0019 6332 uliagpkx - ok
11:39:18.0034 6332 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
11:39:18.0034 6332 umbus - ok
11:39:18.0050 6332 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
11:39:18.0050 6332 UmPass - ok
11:39:18.0081 6332 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
11:39:18.0081 6332 upnphost - ok
11:39:18.0128 6332 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
11:39:18.0128 6332 USBAAPL64 - ok
11:39:18.0159 6332 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys
11:39:18.0159 6332 usbccgp - ok
11:39:18.0190 6332 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:39:18.0190 6332 usbcir - ok
11:39:18.0206 6332 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
11:39:18.0237 6332 usbehci - ok
11:39:18.0268 6332 usbhub (8b892002d7b79312821169a14317ab86) C:\Windows\system32\DRIVERS\usbhub.sys
11:39:18.0284 6332 usbhub - ok
11:39:18.0331 6332 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
11:39:18.0331 6332 usbohci - ok
11:39:18.0456 6332 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:39:18.0487 6332 usbprint - ok
11:39:18.0534 6332 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
11:39:18.0534 6332 usbscan - ok
11:39:18.0565 6332 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:39:18.0565 6332 USBSTOR - ok
11:39:18.0596 6332 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
11:39:18.0596 6332 usbuhci - ok
11:39:18.0596 6332 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
11:39:18.0612 6332 UxSms - ok
11:39:18.0643 6332 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:39:18.0643 6332 VaultSvc - ok
11:39:18.0658 6332 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:39:18.0658 6332 vdrvroot - ok
11:39:18.0690 6332 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
11:39:18.0721 6332 vds - ok
11:39:18.0736 6332 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:39:18.0752 6332 vga - ok
11:39:18.0768 6332 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:39:18.0768 6332 VgaSave - ok
11:39:18.0799 6332 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:39:18.0846 6332 vhdmp - ok
11:39:18.0846 6332 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:39:18.0846 6332 viaide - ok
11:39:18.0877 6332 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:39:18.0877 6332 volmgr - ok
11:39:18.0908 6332 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:39:18.0908 6332 volmgrx - ok
11:39:18.0939 6332 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:39:18.0939 6332 volsnap - ok
11:39:18.0955 6332 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
11:39:18.0970 6332 vsmraid - ok
11:39:19.0048 6332 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
11:39:19.0064 6332 VSS - ok
11:39:19.0142 6332 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:39:19.0142 6332 vwifibus - ok
11:39:19.0173 6332 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:39:19.0173 6332 vwififlt - ok
11:39:19.0204 6332 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
11:39:19.0204 6332 W32Time - ok
11:39:19.0236 6332 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
11:39:19.0236 6332 WacomPen - ok
11:39:19.0267 6332 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:39:19.0267 6332 WANARP - ok
11:39:19.0267 6332 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:39:19.0267 6332 Wanarpv6 - ok
11:39:19.0360 6332 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
11:39:19.0423 6332 WatAdminSvc - ok
11:39:19.0485 6332 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
11:39:19.0501 6332 wbengine - ok
11:39:19.0563 6332 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
11:39:19.0579 6332 WbioSrvc - ok
11:39:19.0594 6332 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
11:39:19.0610 6332 wcncsvc - ok
11:39:19.0626 6332 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
11:39:19.0626 6332 WcsPlugInService - ok
11:39:19.0641 6332 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
11:39:19.0641 6332 Wd - ok
11:39:19.0672 6332 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
11:39:19.0719 6332 WDC_SAM - ok
11:39:19.0782 6332 WDDMService (20442a908fe6d3bc687a5b5df4d5868c) C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
11:39:19.0782 6332 WDDMService - ok
11:39:19.0813 6332 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:39:19.0828 6332 Wdf01000 - ok
11:39:19.0922 6332 WDFMEService (bb9d012a82f66e08d2e235a53b0eba40) C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
11:39:19.0938 6332 WDFMEService - ok
11:39:19.0969 6332 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:39:19.0969 6332 WdiServiceHost - ok
11:39:19.0969 6332 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:39:19.0969 6332 WdiSystemHost - ok
11:39:20.0031 6332 WDRulesService (d878c31511169de535852fc6d15570e8) C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
11:39:20.0047 6332 WDRulesService - ok
11:39:20.0078 6332 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
11:39:20.0078 6332 WebClient - ok
11:39:20.0109 6332 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
11:39:20.0109 6332 Wecsvc - ok
11:39:20.0125 6332 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
11:39:20.0125 6332 wercplsupport - ok
11:39:20.0140 6332 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
11:39:20.0140 6332 WerSvc - ok
11:39:20.0172 6332 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:39:20.0172 6332 WfpLwf - ok
11:39:20.0203 6332 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
11:39:20.0218 6332 WimFltr - ok
11:39:20.0234 6332 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:39:20.0234 6332 WIMMount - ok
11:39:20.0265 6332 WinDefend - ok
11:39:20.0281 6332 WinHttpAutoProxySvc - ok
11:39:20.0328 6332 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
11:39:20.0328 6332 Winmgmt - ok
11:39:20.0421 6332 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
11:39:20.0452 6332 WinRM - ok
11:39:20.0546 6332 winusb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.SYS
11:39:20.0546 6332 winusb - ok
11:39:20.0608 6332 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
11:39:20.0608 6332 Wlansvc - ok
11:39:20.0655 6332 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:39:20.0702 6332 wlcrasvc - ok
11:39:20.0827 6332 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:39:20.0842 6332 wlidsvc - ok
11:39:20.0889 6332 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:39:20.0889 6332 WmiAcpi - ok
11:39:20.0936 6332 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
11:39:20.0952 6332 wmiApSrv - ok
11:39:20.0983 6332 WMPNetworkSvc - ok
11:39:20.0998 6332 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
11:39:20.0998 6332 WPCSvc - ok
11:39:21.0014 6332 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
11:39:21.0030 6332 WPDBusEnum - ok
11:39:21.0045 6332 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:39:21.0045 6332 ws2ifsl - ok
11:39:21.0092 6332 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
11:39:21.0092 6332 wscsvc - ok
11:39:21.0092 6332 WSearch - ok
11:39:21.0232 6332 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
11:39:21.0264 6332 wuauserv - ok
11:39:21.0310 6332 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:39:21.0310 6332 WudfPf - ok
11:39:21.0342 6332 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:39:21.0342 6332 WUDFRd - ok
11:39:21.0357 6332 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
11:39:21.0357 6332 wudfsvc - ok
11:39:21.0373 6332 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
11:39:21.0388 6332 WwanSvc - ok
11:39:21.0420 6332 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
11:39:21.0607 6332 \Device\Harddisk0\DR0 - ok
11:39:21.0607 6332 Boot (0x1200) (995670952e2a8c0286890537b1be21b2) \Device\Harddisk0\DR0\Partition0
11:39:21.0607 6332 \Device\Harddisk0\DR0\Partition0 - ok
11:39:21.0622 6332 Boot (0x1200) (b41db322010c87425bb051ff0e210efa) \Device\Harddisk0\DR0\Partition1
11:39:21.0622 6332 \Device\Harddisk0\DR0\Partition1 - ok
11:39:21.0622 6332 ============================================================
11:39:21.0622 6332 Scan finished
11:39:21.0622 6332 ============================================================
11:39:21.0638 7144 Detected object count: 0
11:39:21.0638 7144 Actual detected object count: 0


aswMBR Log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-12 11:40:17
-----------------------------
11:40:17.004 OS Version: Windows x64 6.1.7601 Service Pack 1
11:40:17.004 Number of processors: 4 586 0x2A07
11:40:17.004 ComputerName: JOSH-PC UserName: Josh
11:40:18.704 Initialize success
11:46:40.029 AVAST engine defs: 12081200
11:47:01.042 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:47:01.042 Disk 0 Vendor: WDC_WD10EALX-759BA1 17.01H17 Size: 953869MB BusType: 3
11:47:01.057 Disk 0 MBR read successfully
11:47:01.057 Disk 0 MBR scan
11:47:01.073 Disk 0 Windows VISTA default MBR code
11:47:01.073 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
11:47:01.073 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15166 MB offset 81920
11:47:01.089 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 938662 MB offset 31141888
11:47:01.104 Disk 0 scanning C:\Windows\system32\drivers
11:47:06.954 Service scanning
11:47:20.448 Modules scanning
11:47:20.448 Disk 0 trace - called modules:
11:47:20.464 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
11:47:20.979 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007aee060]
11:47:20.979 3 CLASSPNP.SYS[fffff8800185a43f] -> nt!IofCallDriver -> [0xfffffa80077a9520]
11:47:20.979 5 ACPI.sys[fffff88000f937a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80077ab060]
11:47:22.585 AVAST engine scan C:\Windows
11:47:26.610 AVAST engine scan C:\Windows\system32
11:49:18.759 AVAST engine scan C:\Windows\system32\drivers
11:49:26.715 AVAST engine scan C:\Users\Josh
11:52:07.426 AVAST engine scan C:\ProgramData
11:56:20.443 Scan finished successfully
11:56:52.720 Disk 0 MBR has been saved successfully to "C:\Users\Josh\Desktop\MBR.dat"
11:56:52.735 The log file has been saved successfully to "C:\Users\Josh\Desktop\aswMBRlog.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:08 PM

Posted 12 August 2012 - 12:51 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 ButterButterJam

ButterButterJam
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 12 August 2012 - 04:08 PM

Hello,

Combo Fix log is below. The only issue I had running Combo Fix was the following message popping up and requiring me to press OK before it would move on to the next stage. "Windows was unable to find NIRKMD. Please check the spelling and try again".

My firewalls are both now showing that they are on, and the weren't before. However when I tried a few Google tests I'm still getting redirected to various ad sites. I'm also getting this popup that I don't recall ever having gotten it before. "You are about to leave a secure internet connection. Others will be able to view the information you send."

ComboFix 12-08-10.02 - Josh 08/12/2012 15:44:35.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8175.6195 [GMT -5:00]
Running from: c:\users\Josh\Downloads\ComboFix.exe
Command switches used :: c:\users\Josh\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-12 to 2012-08-12 )))))))))))))))))))))))))))))))
.
.
2012-08-12 20:51 . 2012-08-12 20:51 -------- d-----w- c:\users\postgres\AppData\Local\temp
2012-08-12 20:51 . 2012-08-12 20:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-12 02:30 . 2012-08-12 02:30 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-08-12 02:30 . 2012-08-12 02:30 -------- d-----w- c:\program files (x86)\Oracle
2012-08-12 02:29 . 2012-07-06 03:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-11 23:17 . 2012-08-11 23:17 -------- d-----w- c:\program files (x86)\ESET
2012-08-11 22:41 . 2012-08-12 00:12 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-08-11 21:53 . 2012-08-11 21:53 -------- d-----w- c:\users\Josh\AppData\Roaming\FixTDSS
2012-08-11 21:53 . 2012-08-11 21:53 27256 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
2012-08-07 01:56 . 2012-08-07 01:56 -------- d--h--r- c:\users\Josh\AppData\Roaming\SecuROM
2012-08-07 01:56 . 2012-08-07 01:56 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2012-08-07 01:39 . 2012-08-07 01:39 -------- d-----w- c:\program files (x86)\Electronic Arts
2012-08-07 01:38 . 2012-08-07 01:38 -------- d-----w- c:\windows\SysWow64\AGEIA
2012-08-07 01:38 . 2012-08-07 01:38 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2012-08-07 01:38 . 2012-08-07 01:38 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-07-27 19:19 . 2012-08-11 22:52 -------- d-----w- c:\users\Josh\AppData\Local\Akamai
2012-07-21 12:47 . 2012-07-21 12:47 -------- d-----w- c:\users\Josh\AppData\Roaming\TeamViewer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-04 03:08 . 2012-04-11 22:24 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-04 03:08 . 2011-08-19 00:16 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 08:02 . 2011-08-14 16:56 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 18:46 . 2011-12-18 22:49 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-25 21:04 . 2012-06-25 21:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-06-12 03:08 . 2012-07-12 08:05 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-11 09:55 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 09:56 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 09:56 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 09:55 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 09:56 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 09:55 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 09:55 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-26 07:59 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-26 08:00 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-26 08:00 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-26 08:00 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-26 07:59 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-26 08:00 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-26 07:59 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-26 07:59 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-26 07:59 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 12:49 . 2012-07-12 08:01 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-12 08:01 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-12 08:01 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-12 08:01 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-12 08:01 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-12 08:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-12 08:01 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-12 08:01 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-12 08:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-12 08:01 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-12 08:01 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-12 08:01 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-12 08:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-12 08:01 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-12 08:01 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-12 08:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-12 08:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-12 08:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-12 08:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50 . 2012-07-11 09:55 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 09:55 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48 . 2012-07-11 09:55 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45 . 2012-07-11 09:55 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 09:55 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 09:55 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 09:55 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 09:55 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 09:55 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-21 . 57300E71DFBB58D8ED0D7B9813E55795 . 857600 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-08-12_14.50.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-08-12 14:51 39830 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-12 14:51 40010 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-08-11 16:17 . 2012-08-12 15:31 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-11 16:17 . 2012-08-12 14:44 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-08-12 02:26 . 2012-08-12 15:31 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-08-12 02:26 . 2012-08-12 14:44 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-12 15:31 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-12 14:44 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-08-12 20:52 . 2012-08-12 20:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-12 14:44 . 2012-08-12 14:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-12 20:52 . 2012-08-12 20:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-12 14:44 . 2012-08-12 14:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-08-12 14:43 356752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-12 20:52 356752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-08-11 19:39 . 2012-08-12 20:52 34567392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3774233893-1554635375-2647293861-1001-12288.dat
- 2011-08-11 19:39 . 2012-08-12 14:43 34567392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3774233893-1554635375-2647293861-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Josh\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-05-30 885760]
"Dell V310-V510 Series"="c:\program files (x86)\Dell V310-V510 Series\fm3032.exe" [2011-01-24 316072]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WD Quick View.lnk - c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe [2011-8-1 4221840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 dleaCATSCustConnectService;dleaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [2010-05-21 45224]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-04 250056]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2010-08-30 220528]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\DRIVERS\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-13 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 FixTDSS;TDSS Fixtool driver;c:\windows\system32\drivers\FixTDSS.sys [2012-08-11 27256]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe [2010-05-21 1052328]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-05-04 81408]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [2009-12-10 65536]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [2011-08-01 317328]
S2 WDFMEService;WDFMEService;c:\program files\Western Digital\WD SmartWare\WDFME.exe [2011-08-01 1978256]
S2 WDRulesService;WDRulesService;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-08-01 1338256]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-06-21 131688]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-14 413800]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 03:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-05-30 2055816]
"dleamon.exe"="c:\program files (x86)\Dell V310-V510 Series\dleamon.exe" [2011-01-24 770728]
"EzPrint"="c:\program files (x86)\Dell V310-V510 Series\ezprint.exe" [2011-01-24 139944]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{09B71986-2AC5-482D-B6CB-42EA34F4F85B}"=hex:51,66,7a,6c,4c,1d,38,12,e8,1a,a4,
0d,f7,64,43,0d,c9,dd,01,aa,31,aa,bc,4f
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{27B4851A-3207-45A2-B947-BE8AFE6163AB}"=hex:51,66,7a,6c,4c,1d,38,12,74,86,a7,
23,35,7c,cc,00,c6,51,fd,ca,fb,3f,27,bf
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,38,12,ce,d6,a1,
79,73,3c,17,0b,c9,9b,20,49,f5,42,16,25
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:e6,d0,4f,0b,f7,77,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0b,a6,cf,bf,2e,a6,19,4d,b7,df,f0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0b,a6,cf,bf,2e,a6,19,4d,b7,df,f0,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2012-08-12 15:58:40 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-12 20:58
ComboFix2.txt 2012-08-12 14:52
.
Pre-Run: 891,860,783,104 bytes free
Post-Run: 892,398,776,320 bytes free
.
- - End Of File - - BF128E419E44F40CFD4364584B1B2BEA

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:08 PM

Posted 12 August 2012 - 04:42 PM

Hello


"You are about to leave a secure internet connection. Others will be able to view the information you send." - put a checkmark in do not show me this again

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 ButterButterJam

ButterButterJam
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 12 August 2012 - 04:48 PM

Hello,

Thanks for the tip on the popup box. Here is the report you requested-

Torrent
ABBYY FineReader 6.0 Sprint
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3) MUI
AGEIA PhysX v7.07.09
Akamai NetSession Interface
AmericasCardroom
Apple Application Support
Apple Software Update
CarbonPoker
Consumer In-Home Service Agreement
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Getting Started Guide
Dell MusicStage
Dell PhotoStage
Dell Stage
Dell Toolbar
Dell VideoStage
DirectX 9 Runtime
ESET Online Scanner v3
HTC BMP USB Driver
HTC Driver Installer
HTC Sync
HyperLobby client
IL-2 Sturmovik 1946
Java Auto Updater
Java™ 6 Update 31
Java™ 7 Update 5
JavaFX 2.1.1
Junk Mail filter update
Malwarebytes Anti-Malware version 1.62.0.1300
McAfee SecurityCenter
Medal of Honor Airborne
Mesh Runtime
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
PhotoShowExpress
PokerStars.net
PokerStove version 1.24
PokerTracker 3 (remove only)
PostgreSQL 8.3
QuickTime
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Silent 3ditor (v0.9.9)
Silent Hunter Wolves of the Pacific
Skype Toolbars
Skype™ 4.2
Sonic CinePlayer Decoder Pack
TeamSpeak 3 Client
TeamViewer 7
TrustedID
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VLC media player 1.1.11
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Xfire (remove only)
Yahoo! Detect

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:08 PM

Posted 12 August 2012 - 04:54 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 6 Update 31
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 ButterButterJam

ButterButterJam
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 12 August 2012 - 05:19 PM

Hello,

I was able to complete the steps without any issues. I did try a few Google tests again and am still being redirected. Other than that the machine seems to be running normally. Here are the log files:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.12.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Josh :: JOSH-PC [administrator]

8/12/2012 5:12:29 PM
mbam-log-2012-08-12 (17-12-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215474
Time elapsed: 1 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:16:41 PM, on 8/12/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
C:\Users\Josh\AppData\Local\Akamai\netsession_win.exe
C:\Users\Josh\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Josh\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Dell Toolbar - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120622055256.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Dell Toolbar - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll
O4 - HKLM\..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
O4 - HKLM\..\Run: [Dell V310-V510 Series] "C:\Program Files (x86)\Dell V310-V510 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Josh\AppData\Local\Akamai\netsession_win.exe"
O4 - HKUS\S-1-5-21-3774233893-1554635375-2647293861-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'postgres')
O4 - HKUS\S-1-5-21-3774233893-1554635375-2647293861-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'postgres')
O4 - Global Startup: WD Quick View.lnk = C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - https://support.dell.com/systemprofiler/SysProExe.CAB
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dleaCATSCustConnectService - Unknown owner - C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe
O23 - Service: dlea_device - - C:\Windows\system32\dleacoms.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\mcafee\msc\mcawfwk.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Dell DataSafe Online (NOBU) - Dell, Inc. - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Program Files (x86)\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WDDMService - WDC - C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
O23 - Service: WDFMEService - Western Digital - C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
O23 - Service: WDRulesService - Western Digital - C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14559 bytes

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:08 PM

Posted 12 August 2012 - 05:28 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 ButterButterJam

ButterButterJam
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 12 August 2012 - 05:37 PM

Thanks again for the quick replies. Here is the log file:

OTL logfile created on: 8/12/2012 5:30:28 PM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Josh\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 6.24 Gb Available Physical Memory | 78.17% Memory free
15.96 Gb Paging File | 13.47 Gb Available in Paging File | 84.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.66 Gb Total Space | 830.44 Gb Free Space | 90.59% Space Free | Partition Type: NTFS

Computer Name: JOSH-PC | User Name: Josh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Josh\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Josh\Downloads\HijackThis.exe (Trend Micro Inc.)
PRC - C:\Users\Josh\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe ()
PRC - C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files (x86)\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - c:\Program Files\mcafee\msk\mskapbho.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleadrs.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleascw.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\DLEAcfg.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleadatr.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleacaps.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleacnv4.dll ()
MOD - C:\Windows\SysWOW64\DLEAsmr.dll ()
MOD - C:\Windows\SysWOW64\DLEAsm.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (McODS) -- C:\Program Files\mcafee\virusscan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (WDRulesService) -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe (Western Digital )
SRV:64bit: - (WDFMEService) -- C:\Program Files\Western Digital\WD SmartWare\WDFME.exe (Western Digital )
SRV:64bit: - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe (WDC)
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (McAWFwk) -- c:\Program Files\mcafee\msc\McAWFwk.exe (McAfee, Inc.)
SRV:64bit: - (dlea_device) -- C:\Windows\SysNative\dleacoms.exe ( )
SRV:64bit: - (dleaCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\dleaserv.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)
SRV - (dleaCATSCustConnectService) -- C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe ()
SRV - (dlea_device) -- C:\Windows\SysWOW64\dleacoms.exe ( )
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (pgsql-8.3) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (PnkBstrA) -- C:\Program Files (x86)\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (FixTDSS) -- C:\Windows\SysNative\drivers\FixTDSS.sys (Symantec Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3774233893-1554635375-2647293861-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKU\S-1-5-21-3774233893-1554635375-2647293861-1001\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKU\S-1-5-21-3774233893-1554635375-2647293861-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3774233893-1554635375-2647293861-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>



========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/06/22 07:43:46 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/08/12 15:53:26 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20120622055256.dll (McAfee, Inc.)
O2 - BHO: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\mcafee\msk\mskapbho.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120622055256.dll (McAfee, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [dleamon.exe] C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe ()
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe ()
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell V310-V510 Series] C:\Program Files (x86)\Dell V310-V510 Series\fm3032.exe ()
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKU\S-1-5-21-3774233893-1554635375-2647293861-1001..\Run: [Akamai NetSession Interface] C:\Users\Josh\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-3774233893-1554635375-2647293861-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3774233893-1554635375-2647293861-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3774233893-1554635375-2647293861-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3774233893-1554635375-2647293861-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3774233893-1554635375-2647293861-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3774233893-1554635375-2647293861-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E241FFA-CD15-4F4C-82F7-E5CEEB7579E4}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D9291419-CC78-46CE-B017-0CE1DFBCF768}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/12 17:09:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/08/12 17:08:55 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/08/12 17:07:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/08/12 17:06:40 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/08/12 17:06:33 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/08/12 17:06:33 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/08/12 17:06:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/08/12 17:01:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/12 16:57:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2012/08/12 16:57:27 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/08/12 15:43:21 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/08/12 11:38:47 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Josh\Desktop\tdsskiller.exe
[2012/08/12 09:37:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/12 09:37:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/12 09:37:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/12 09:35:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/08/12 00:01:12 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Josh\Desktop\aswMBR.exe
[2012/08/12 00:00:09 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Josh\Desktop\123.exe
[2012/08/11 23:59:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/11 23:58:54 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/11 21:41:39 | 000,000,000 | ---D | C] -- C:\Users\Josh\Desktop\rkill-backup
[2012/08/11 21:30:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/08/11 21:29:37 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/08/11 18:17:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/08/11 17:58:23 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/08/11 17:41:24 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/08/11 17:01:26 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/08/11 16:53:52 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\FixTDSS
[2012/08/11 16:53:51 | 000,027,256 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixTDSS.sys
[2012/08/11 16:51:58 | 000,000,000 | ---D | C] -- C:\Users\Josh\Desktop\New folder
[2012/08/06 20:58:47 | 000,000,000 | ---D | C] -- C:\Users\Josh\Documents\EA Games
[2012/08/06 20:56:57 | 000,000,000 | RH-D | C] -- C:\Users\Josh\AppData\Roaming\SecuROM
[2012/08/06 20:56:56 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2012/08/06 20:54:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2012/08/06 20:39:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2012/08/06 20:38:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AGEIA
[2012/08/06 20:38:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA
[2012/08/06 20:38:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2012/08/06 20:38:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/08/02 13:34:58 | 000,000,000 | ---D | C] -- C:\Users\Josh\Desktop\GI Bill
[2012/07/27 14:19:26 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Local\Akamai
[2012/07/21 07:47:20 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\TeamViewer

========== Files - Modified Within 30 Days ==========

[2012/08/12 17:09:02 | 000,000,784 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/08/12 17:07:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/12 17:06:25 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/08/12 17:06:25 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/08/12 16:57:27 | 000,001,270 | ---- | M] () -- C:\Users\Josh\Desktop\Revo Uninstaller.lnk
[2012/08/12 16:01:06 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/12 16:01:06 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/12 15:53:26 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/12 15:52:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/12 15:52:46 | 2133,831,679 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/12 11:56:52 | 000,000,512 | ---- | M] () -- C:\Users\Josh\Desktop\MBR.dat
[2012/08/12 11:38:52 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Josh\Desktop\tdsskiller.exe
[2012/08/12 00:01:44 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Josh\Desktop\aswMBR.exe
[2012/08/12 00:00:15 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Josh\Desktop\123.exe
[2012/08/11 19:59:16 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/11 17:58:22 | 531,916,711 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/11 16:53:51 | 000,027,256 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixTDSS.sys
[2012/08/10 17:36:33 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/10 17:36:33 | 000,660,280 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/10 17:36:33 | 000,121,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/06 20:56:56 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2012/08/03 22:08:11 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/03 22:08:11 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/29 17:30:42 | 000,211,402 | ---- | M] () -- C:\Windows\SysNative\LexFiles.ulf
[2012/07/29 17:30:37 | 000,001,938 | ---- | M] () -- C:\Users\Public\Desktop\Launch Dell Printer Home.LNK
[2012/07/27 13:52:09 | 000,286,152 | ---- | M] () -- C:\Users\Josh\Documents\va.pdf

========== Files Created - No Company Name ==========

[2012/08/12 17:09:02 | 000,000,784 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/08/12 16:57:27 | 000,001,270 | ---- | C] () -- C:\Users\Josh\Desktop\Revo Uninstaller.lnk
[2012/08/12 11:56:52 | 000,000,512 | ---- | C] () -- C:\Users\Josh\Desktop\MBR.dat
[2012/08/12 09:37:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/12 09:37:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/12 09:37:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/12 09:37:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/12 09:37:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/11 17:58:22 | 531,916,711 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/07/27 13:52:09 | 000,286,152 | ---- | C] () -- C:\Users\Josh\Documents\va.pdf
[2012/03/18 15:38:47 | 000,004,996 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf
[2012/02/03 04:29:56 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2012/01/11 18:43:45 | 000,002,048 | -HS- | C] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{5b0aac7a-9fe2-be7a-97c6-30208ce6c228}\@
[2012/01/11 18:43:45 | 000,002,048 | -HS- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Local\{5b0aac7a-9fe2-be7a-97c6-30208ce6c228}\@
[2011/10/25 19:21:59 | 000,016,741 | ---- | C] () -- C:\Users\Josh\JarHead.jpg
[2011/09/24 17:42:41 | 000,000,949 | ---- | C] () -- C:\Users\Josh\µTorrent.lnk
[2011/09/11 02:32:57 | 000,174,924 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/08/11 17:12:40 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\DLEAinst.dll
[2011/08/11 17:12:39 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\dleapmui.dll
[2011/08/11 17:12:39 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\dleainpa.dll
[2011/08/11 17:12:39 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\dleacomx.dll
[2011/08/11 17:12:39 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\dleaiesc.dll
[2011/08/11 17:12:39 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\dleains.dll
[2011/08/11 17:12:39 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\dleainsb.dll
[2011/08/11 17:12:39 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\dleainsr.dll
[2011/08/11 17:12:39 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\dleajswr.dll
[2011/08/11 17:12:39 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dleacur.dll
[2011/08/11 17:12:38 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\dleaserv.dll
[2011/08/11 17:12:38 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\dleausb1.dll
[2011/08/11 17:12:38 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\dlealmpm.dll
[2011/08/11 17:12:38 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\dleaih.exe
[2011/08/11 17:12:38 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\dleacu.dll
[2011/08/11 17:12:38 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\dleacub.dll
[2011/08/11 17:12:37 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacomc.dll
[2011/08/11 17:12:37 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\dleahbn3.dll
[2011/08/11 17:12:37 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacoms.exe
[2011/08/11 17:12:37 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacfg.exe
[2011/08/11 17:12:37 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacomm.dll
[2011/08/11 17:12:36 | 000,086,180 | ---- | C] () -- C:\Windows\SysWow64\DLEAcfg.dll
[2011/08/11 17:11:15 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\DLEAsmr.dll
[2011/08/11 17:11:14 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\DLEAsm.dll
[2011/02/10 11:10:51 | 000,772,990 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/20 22:24:20 | 000,833,024 | ---- | C] () -- C:\Windows\SysWow64\user.dat

< End of report >

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:08 PM

Posted 13 August 2012 - 05:59 AM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 ButterButterJam

ButterButterJam
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 13 August 2012 - 07:03 AM

Hello,

Here are the two log files you requested:

Scan result of Farbar Recovery Scan Tool Version: 09-08-2012
Ran by SYSTEM at 13-08-2012 06:55:30
Running from G:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [207845 2011-05-30] ()
HKLM\...\Run: [dleamon.exe] "C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe" [770728 2011-01-23] ()
HKLM\...\Run: [EzPrint] "C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe" [139944 2011-01-23] ()
HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1675160 2012-03-21] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
HKLM-x32\...\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup [2825741 2011-05-30] ()
HKLM-x32\...\Run: [Dell V310-V510 Series] "C:\Program Files (x86)\Dell V310-V510 Series\fm3032.exe" /s [316072 2011-01-23] ()
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKU\Josh\...\Run: [Akamai NetSession Interface] "C:\Users\Josh\AppData\Local\Akamai\netsession_win.exe" [4327744 2012-05-26] (Akamai Technologies, Inc)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Startup: C:\Users\All Users\Start Menu\Programs\Startup\WD Quick View.lnk
ShortcutTarget: WD Quick View.lnk -> C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe (Western Digital Technologies, Inc.)

==================== Services (Whitelisted) ======

2 dleaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [45224 2010-05-21] ()
2 dlea_device; C:\Windows\system32\dleacoms.exe -service [1052328 2010-05-21] ( )
2 dlea_device; C:\Windows\SysWow64\dleacoms.exe -service [598696 2010-05-21] ( )
3 McAWFwk; C:\PROGRA~1\mcafee\msc\mcawfwk.exe [220528 2010-08-30] (McAfee, Inc.)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
3 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [502032 2012-04-19] (McAfee, Inc.)
4 McOobeSv; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199272 2012-03-20] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [210584 2012-03-20] (McAfee, Inc.)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [162192 2012-03-20] (McAfee, Inc.)
2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [81408 2011-05-04] ()
2 PnkBstrA; "C:\Program Files (x86)\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe" [63040 2007-08-15] ()
2 RoxWatch12; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe" [219632 2010-11-25] (Sonic Solutions)
3 stllssvr; "C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe" [74392 2010-11-08] (MicroVision Development, Inc.)
2 WDDMService; "C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe" [317328 2011-08-01] (WDC)
2 WDFMEService; "C:\Program Files\Western Digital\WD SmartWare\WDFME.exe" [1978256 2011-08-01] (Western Digital )
2 WDRulesService; "C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe" [1338256 2011-08-01] (Western Digital )
2 pgsql-8.3; "C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe" runservice -w -N "pgsql-8.3" -D "C:\Program Files (x86)\PostgreSQL\8.3\data\" [x]

========================== Drivers (Whitelisted) =============

3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [65264 2012-02-22] (McAfee, Inc.)
0 FixTDSS; C:\Windows\System32\Drivers\FixTDSS.sys [27256 2012-08-11] (Symantec Corporation)
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [160792 2012-02-22] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [229528 2012-02-22] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [487296 2012-02-22] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [647208 2012-02-22] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [289664 2012-02-22] (McAfee, Inc.)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 mfeavfk01; [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-13 06:00 - 2012-08-13 06:00 - 01439703 ____A (Farbar) C:\Users\Josh\Desktop\FRST64.exe
2012-08-12 17:35 - 2012-08-12 17:35 - 00058116 ____A C:\Users\Josh\Desktop\Extras.Txt
2012-08-12 17:34 - 2012-08-12 17:34 - 00072588 ____A C:\Users\Josh\Downloads\OTL.Txt
2012-08-12 17:34 - 2012-08-12 17:34 - 00058116 ____A C:\Users\Josh\Downloads\Extras.Txt
2012-08-12 17:29 - 2012-08-12 17:29 - 00596992 ____A (OldTimer Tools) C:\Users\Josh\Downloads\OTL.exe
2012-08-12 17:16 - 2012-08-12 17:16 - 00014561 ____A C:\Users\Josh\Downloads\hijackthis.log
2012-08-12 17:15 - 2012-08-12 17:15 - 00388608 ____A (Trend Micro Inc.) C:\Users\Josh\Downloads\HijackThis.exe
2012-08-12 17:09 - 2012-08-12 17:09 - 00000784 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-08-12 17:09 - 2012-08-12 17:09 - 00000784 ____A C:\Users\All Users\Desktop\CCleaner.lnk
2012-08-12 17:08 - 2012-08-12 17:09 - 00000000 ____D C:\Program Files\CCleaner
2012-08-12 17:08 - 2012-08-12 17:08 - 03907920 ____A (Piriform Ltd) C:\Users\Josh\Downloads\ccsetup321.exe
2012-08-12 17:06 - 2012-08-12 17:06 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-08-12 17:06 - 2012-08-12 17:06 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-08-12 17:06 - 2012-08-12 17:06 - 00000000 ____D C:\Program Files (x86)\Java
2012-08-12 17:06 - 2012-07-05 22:06 - 00227760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-08-12 17:01 - 2012-08-12 17:02 - 00893936 ____A (Oracle Corporation) C:\Users\Josh\Downloads\JavaSetup7u5.exe
2012-08-12 16:57 - 2012-08-12 16:57 - 00001270 ____A C:\Users\Josh\Desktop\Revo Uninstaller.lnk
2012-08-12 16:57 - 2012-08-12 16:57 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2012-08-12 16:56 - 2012-08-12 16:57 - 02617648 ____A (VS Revo Group Ltd.) C:\Users\Josh\Downloads\revosetup.exe
2012-08-12 15:58 - 2012-08-12 15:58 - 00025539 ____A C:\ComboFix.txt
2012-08-12 15:43 - 2012-08-12 15:58 - 00000000 ____D C:\ComboFix
2012-08-12 11:56 - 2012-08-12 11:56 - 00000512 ____A C:\Users\Josh\Desktop\MBR.dat
2012-08-12 11:42 - 2012-08-12 11:42 - 00064858 ____A C:\Users\Josh\Desktop\TDSSKillerReport.txt
2012-08-12 11:38 - 2012-08-12 11:38 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Josh\Desktop\tdsskiller.exe
2012-08-12 09:37 - 2011-06-26 01:45 - 00256000 ____A C:\Windows\PEV.exe
2012-08-12 09:37 - 2010-11-07 12:20 - 00208896 ____A C:\Windows\MBR.exe
2012-08-12 09:37 - 2009-04-19 23:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-08-12 09:37 - 2000-08-30 19:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-08-12 09:37 - 2000-08-30 19:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-08-12 09:37 - 2000-08-30 19:00 - 00098816 ____A C:\Windows\sed.exe
2012-08-12 09:37 - 2000-08-30 19:00 - 00080412 ____A C:\Windows\grep.exe
2012-08-12 09:37 - 2000-08-30 19:00 - 00068096 ____A C:\Windows\zip.exe
2012-08-12 09:22 - 2012-08-12 09:22 - 04729547 ____R (Swearware) C:\Users\Josh\Downloads\ComboFix.exe
2012-08-12 09:20 - 2012-08-12 09:20 - 00000961 ____A C:\Users\Josh\Desktop\Security Check.txt
2012-08-12 09:11 - 2012-08-12 09:12 - 00881494 ____A C:\Users\Josh\Downloads\SecurityCheck (1).exe
2012-08-12 00:09 - 2012-08-12 00:09 - 00607260 ____R (Swearware) C:\Users\Josh\Downloads\dds.com
2012-08-12 00:01 - 2012-08-12 00:01 - 04731392 ____A (AVAST Software) C:\Users\Josh\Desktop\aswMBR.exe
2012-08-12 00:00 - 2012-08-12 00:00 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Josh\Desktop\123.exe
2012-08-11 23:59 - 2012-08-12 15:58 - 00000000 ____D C:\Qoobox
2012-08-11 23:58 - 2012-08-12 09:51 - 00000000 ____D C:\Windows\erdnt
2012-08-11 23:52 - 2012-08-11 23:53 - 00881494 ____A C:\Users\Josh\Downloads\SecurityCheck.exe
2012-08-11 21:52 - 2012-08-11 21:52 - 01932256 ____A (Symantec Corporation) C:\Users\Josh\Downloads\FixTDSS (2).exe
2012-08-11 21:41 - 2012-08-11 21:41 - 00002072 ____A C:\Users\Josh\Desktop\Rkill.txt
2012-08-11 21:41 - 2012-08-11 21:41 - 00000000 ____D C:\Users\Josh\Desktop\rkill-backup
2012-08-11 21:30 - 2012-08-11 21:30 - 00000000 ____D C:\Program Files (x86)\Oracle
2012-08-11 21:29 - 2012-07-05 22:06 - 00772544 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-08-11 21:26 - 2012-08-11 21:26 - 00893936 ____A (Oracle Corporation) C:\Users\Josh\Downloads\jxpiinstall.exe
2012-08-11 21:16 - 2012-08-11 21:16 - 00448512 ____A (OldTimer Tools) C:\Users\Josh\Downloads\TFC.exe
2012-08-11 21:12 - 2012-08-11 21:12 - 00614903 ____A C:\Users\Josh\Downloads\adwcleaner.exe
2012-08-11 21:12 - 2012-08-11 21:12 - 00000654 ____A C:\AdwCleaner[S1].txt
2012-08-11 21:10 - 2012-08-11 21:11 - 00693235 ____A (Farbar) C:\Users\Josh\Downloads\FSS.exe
2012-08-11 21:09 - 2012-08-11 21:09 - 00751391 ____A (Farbar) C:\Users\Josh\Downloads\MiniToolBox.exe
2012-08-11 18:17 - 2012-08-11 18:17 - 00000000 ____D C:\Program Files (x86)\ESET
2012-08-11 18:16 - 2012-08-11 18:17 - 04731392 ____A (AVAST Software) C:\Users\Josh\Downloads\aswMBR.exe
2012-08-11 18:16 - 2012-08-11 18:17 - 02322184 ____A (ESET) C:\Users\Josh\Downloads\esetsmartinstaller_enu.exe
2012-08-11 18:16 - 2012-08-11 18:17 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Josh\Downloads\tdsskiller.exe
2012-08-11 17:58 - 2012-08-11 17:58 - 531916711 ____A C:\Windows\MEMORY.DMP
2012-08-11 17:58 - 2012-08-11 17:58 - 00282384 ____A C:\Windows\Minidump\081112-20576-01.dmp
2012-08-11 17:58 - 2012-08-11 17:58 - 00000000 ____D C:\Windows\Minidump
2012-08-11 17:41 - 2012-08-11 19:12 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-08-11 17:21 - 2012-08-11 17:21 - 01932256 ____A (Symantec Corporation) C:\Users\Josh\Downloads\FixTDSS (1).exe
2012-08-11 17:01 - 2012-08-11 17:01 - 00000000 ____D C:\Windows\pss
2012-08-11 16:53 - 2012-08-11 16:53 - 01932256 ____A (Symantec Corporation) C:\Users\Josh\Downloads\FixTDSS.exe
2012-08-11 16:53 - 2012-08-11 16:53 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixTDSS.sys
2012-08-11 16:53 - 2012-08-11 16:53 - 00000000 ____D C:\Users\Josh\Application Data\FixTDSS
2012-08-11 16:53 - 2012-08-11 16:53 - 00000000 ____D C:\Users\Josh\AppData\Roaming\FixTDSS
2012-08-11 16:51 - 2012-08-11 16:52 - 00000000 ____D C:\Users\Josh\Desktop\New folder
2012-08-11 16:51 - 2012-08-11 16:51 - 02117108 ____A C:\Users\Josh\Downloads\tdsskiller.zip
2012-08-08 16:29 - 2012-08-08 16:40 - 00158636 ____A C:\Users\Josh\Desktop\Draft.xlsm
2012-08-06 20:58 - 2012-08-06 20:58 - 00000000 ____D C:\Users\Josh\My Documents\EA Games
2012-08-06 20:58 - 2012-08-06 20:58 - 00000000 ____D C:\Users\Josh\Documents\EA Games
2012-08-06 20:56 - 2012-08-06 20:56 - 00178800 ____A (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2012-08-06 20:56 - 2012-08-06 20:56 - 00000000 __RHD C:\Users\Josh\Application Data\SecuROM
2012-08-06 20:56 - 2012-08-06 20:56 - 00000000 __RHD C:\Users\Josh\AppData\Roaming\SecuROM
2012-08-06 20:39 - 2012-08-06 20:39 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2012-08-06 20:38 - 2012-08-06 20:38 - 00001330 ____A C:\Windows\DIFx.log
2012-08-06 20:38 - 2012-08-06 20:38 - 00000000 ____D C:\Windows\SysWOW64\AGEIA
2012-08-06 20:38 - 2012-08-06 20:38 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2012-08-02 13:34 - 2012-08-02 13:35 - 00000000 ____D C:\Users\Josh\Desktop\GI Bill
2012-07-29 17:55 - 2012-08-13 06:00 - 00002750 ____A C:\Users\All Users\dleaJSW.log
2012-07-29 17:55 - 2012-08-13 06:00 - 00002750 ____A C:\Users\All Users\Application Data\dleaJSW.log
2012-07-27 14:19 - 2012-08-11 17:52 - 00000000 ____D C:\Users\Josh\Local Settings\Application Data\Akamai
2012-07-27 14:19 - 2012-08-11 17:52 - 00000000 ____D C:\Users\Josh\Local Settings\Akamai
2012-07-27 14:19 - 2012-08-11 17:52 - 00000000 ____D C:\Users\Josh\AppData\Local\Akamai
2012-07-27 14:17 - 2012-07-27 14:19 - 10720808 ____A (Akamai Technologies, Inc) C:\Users\Josh\Downloads\Adobe_Acrobat_X_Pro-AkamaiDLM.exe
2012-07-21 07:47 - 2012-07-21 07:47 - 00000000 ____D C:\Users\Josh\Application Data\TeamViewer
2012-07-21 07:47 - 2012-07-21 07:47 - 00000000 ____D C:\Users\Josh\AppData\Roaming\TeamViewer


============ 3 Months Modified Files ========================

2012-08-13 06:52 - 2011-07-12 15:08 - 02040702 ____A C:\Windows\WindowsUpdate.log
2012-08-13 06:07 - 2012-04-11 17:24 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-13 06:00 - 2012-08-13 06:00 - 01439703 ____A (Farbar) C:\Users\Josh\Desktop\FRST64.exe
2012-08-13 06:00 - 2012-07-29 17:55 - 00002750 ____A C:\Users\All Users\dleaJSW.log
2012-08-13 06:00 - 2012-07-29 17:55 - 00002750 ____A C:\Users\All Users\Application Data\dleaJSW.log
2012-08-12 17:35 - 2012-08-12 17:35 - 00058116 ____A C:\Users\Josh\Desktop\Extras.Txt
2012-08-12 17:34 - 2012-08-12 17:34 - 00072588 ____A C:\Users\Josh\Downloads\OTL.Txt
2012-08-12 17:34 - 2012-08-12 17:34 - 00058116 ____A C:\Users\Josh\Downloads\Extras.Txt
2012-08-12 17:29 - 2012-08-12 17:29 - 00596992 ____A (OldTimer Tools) C:\Users\Josh\Downloads\OTL.exe
2012-08-12 17:16 - 2012-08-12 17:16 - 00014561 ____A C:\Users\Josh\Downloads\hijackthis.log
2012-08-12 17:15 - 2012-08-12 17:15 - 00388608 ____A (Trend Micro Inc.) C:\Users\Josh\Downloads\HijackThis.exe
2012-08-12 17:09 - 2012-08-12 17:09 - 00000784 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-08-12 17:09 - 2012-08-12 17:09 - 00000784 ____A C:\Users\All Users\Desktop\CCleaner.lnk
2012-08-12 17:08 - 2012-08-12 17:08 - 03907920 ____A (Piriform Ltd) C:\Users\Josh\Downloads\ccsetup321.exe
2012-08-12 17:06 - 2012-08-12 17:06 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-08-12 17:06 - 2012-08-12 17:06 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-08-12 17:02 - 2012-08-12 17:01 - 00893936 ____A (Oracle Corporation) C:\Users\Josh\Downloads\JavaSetup7u5.exe
2012-08-12 16:57 - 2012-08-12 16:57 - 00001270 ____A C:\Users\Josh\Desktop\Revo Uninstaller.lnk
2012-08-12 16:57 - 2012-08-12 16:56 - 02617648 ____A (VS Revo Group Ltd.) C:\Users\Josh\Downloads\revosetup.exe
2012-08-12 16:01 - 2009-07-13 23:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-12 16:01 - 2009-07-13 23:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-12 15:58 - 2012-08-12 15:58 - 00025539 ____A C:\ComboFix.txt
2012-08-12 15:53 - 2011-08-11 17:14 - 00428204 ____A C:\Users\All Users\dleascan.log
2012-08-12 15:53 - 2011-08-11 17:14 - 00428204 ____A C:\Users\All Users\Application Data\dleascan.log
2012-08-12 15:53 - 2009-07-13 21:34 - 00000215 ____A C:\Windows\system.ini
2012-08-12 15:52 - 2010-11-20 22:47 - 00060014 ____A C:\Windows\PFRO.log
2012-08-12 15:52 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-12 15:52 - 2009-07-13 23:51 - 00055328 ____A C:\Windows\setupact.log
2012-08-12 11:56 - 2012-08-12 11:56 - 00000512 ____A C:\Users\Josh\Desktop\MBR.dat
2012-08-12 11:42 - 2012-08-12 11:42 - 00064858 ____A C:\Users\Josh\Desktop\TDSSKillerReport.txt
2012-08-12 11:38 - 2012-08-12 11:38 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Josh\Desktop\tdsskiller.exe
2012-08-12 09:22 - 2012-08-12 09:22 - 04729547 ____R (Swearware) C:\Users\Josh\Downloads\ComboFix.exe
2012-08-12 09:20 - 2012-08-12 09:20 - 00000961 ____A C:\Users\Josh\Desktop\Security Check.txt
2012-08-12 09:12 - 2012-08-12 09:11 - 00881494 ____A C:\Users\Josh\Downloads\SecurityCheck (1).exe
2012-08-12 00:09 - 2012-08-12 00:09 - 00607260 ____R (Swearware) C:\Users\Josh\Downloads\dds.com
2012-08-12 00:01 - 2012-08-12 00:01 - 04731392 ____A (AVAST Software) C:\Users\Josh\Desktop\aswMBR.exe
2012-08-12 00:00 - 2012-08-12 00:00 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Josh\Desktop\123.exe
2012-08-11 23:53 - 2012-08-11 23:52 - 00881494 ____A C:\Users\Josh\Downloads\SecurityCheck.exe
2012-08-11 21:52 - 2012-08-11 21:52 - 01932256 ____A (Symantec Corporation) C:\Users\Josh\Downloads\FixTDSS (2).exe
2012-08-11 21:41 - 2012-08-11 21:41 - 00002072 ____A C:\Users\Josh\Desktop\Rkill.txt
2012-08-11 21:26 - 2012-08-11 21:26 - 00893936 ____A (Oracle Corporation) C:\Users\Josh\Downloads\jxpiinstall.exe
2012-08-11 21:16 - 2012-08-11 21:16 - 00448512 ____A (OldTimer Tools) C:\Users\Josh\Downloads\TFC.exe
2012-08-11 21:12 - 2012-08-11 21:12 - 00614903 ____A C:\Users\Josh\Downloads\adwcleaner.exe
2012-08-11 21:12 - 2012-08-11 21:12 - 00000654 ____A C:\AdwCleaner[S1].txt
2012-08-11 21:11 - 2012-08-11 21:10 - 00693235 ____A (Farbar) C:\Users\Josh\Downloads\FSS.exe
2012-08-11 21:09 - 2012-08-11 21:09 - 00751391 ____A (Farbar) C:\Users\Josh\Downloads\MiniToolBox.exe
2012-08-11 19:59 - 2012-01-08 19:13 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-11 19:59 - 2012-01-08 19:13 - 00001115 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-11 18:17 - 2012-08-11 18:16 - 04731392 ____A (AVAST Software) C:\Users\Josh\Downloads\aswMBR.exe
2012-08-11 18:17 - 2012-08-11 18:16 - 02322184 ____A (ESET) C:\Users\Josh\Downloads\esetsmartinstaller_enu.exe
2012-08-11 18:17 - 2012-08-11 18:16 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Josh\Downloads\tdsskiller.exe
2012-08-11 17:58 - 2012-08-11 17:58 - 531916711 ____A C:\Windows\MEMORY.DMP
2012-08-11 17:58 - 2012-08-11 17:58 - 00282384 ____A C:\Windows\Minidump\081112-20576-01.dmp
2012-08-11 17:21 - 2012-08-11 17:21 - 01932256 ____A (Symantec Corporation) C:\Users\Josh\Downloads\FixTDSS (1).exe
2012-08-11 16:53 - 2012-08-11 16:53 - 01932256 ____A (Symantec Corporation) C:\Users\Josh\Downloads\FixTDSS.exe
2012-08-11 16:53 - 2012-08-11 16:53 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixTDSS.sys
2012-08-11 16:51 - 2012-08-11 16:51 - 02117108 ____A C:\Users\Josh\Downloads\tdsskiller.zip
2012-08-10 17:36 - 2009-07-14 00:13 - 00779266 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-08 16:40 - 2012-08-08 16:29 - 00158636 ____A C:\Users\Josh\Desktop\Draft.xlsm
2012-08-06 20:56 - 2012-08-06 20:56 - 00178800 ____A (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2012-08-06 20:39 - 2011-07-12 13:26 - 00380800 ____A C:\Windows\DirectX.log
2012-08-06 20:38 - 2012-08-06 20:38 - 00001330 ____A C:\Windows\DIFx.log
2012-08-03 22:08 - 2012-04-11 17:24 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-03 22:08 - 2011-08-18 19:16 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-29 17:30 - 2011-08-11 17:13 - 00001938 ____A C:\Users\Public\Desktop\Launch Dell Printer Home.LNK
2012-07-29 17:30 - 2011-08-11 17:13 - 00001938 ____A C:\Users\All Users\Desktop\Launch Dell Printer Home.LNK
2012-07-29 17:30 - 2011-08-11 17:12 - 00211402 ____A C:\Windows\System32\LexFiles.ulf
2012-07-27 14:19 - 2012-07-27 14:17 - 10720808 ____A (Akamai Technologies, Inc) C:\Users\Josh\Downloads\Adobe_Acrobat_X_Pro-AkamaiDLM.exe
2012-07-12 03:23 - 2009-07-13 23:45 - 00394296 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-12 03:05 - 2012-07-12 03:04 - 00265116 ____A C:\Windows\msxml4-KB2721691-enu.LOG
2012-07-12 03:02 - 2011-08-14 11:56 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-05 22:06 - 2012-08-12 17:06 - 00227760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-07-05 22:06 - 2012-08-11 21:29 - 00772544 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-07-03 22:47 - 2012-07-03 22:45 - 14870808 ____A C:\Users\Josh\Downloads\PT-Install-v3.13.7.exe
2012-07-03 22:47 - 2012-03-31 21:16 - 00001075 ____A C:\Users\postgres\Desktop\PokerTracker 3.lnk
2012-07-03 13:46 - 2011-12-18 17:49 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-25 16:04 - 2012-06-25 16:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll
2012-06-14 09:54 - 2012-06-14 09:54 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-14 09:54 - 2012-06-14 09:54 - 00001785 ____A C:\Users\All Users\Desktop\iTunes.lnk
2012-06-14 09:43 - 2012-06-14 09:43 - 00001847 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-06-14 09:43 - 2012-06-14 09:43 - 00001847 ____A C:\Users\All Users\Desktop\QuickTime Player.lnk
2012-06-11 22:08 - 2012-07-12 03:05 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-09 00:43 - 2012-07-11 04:55 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 23:41 - 2012-07-11 04:55 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-06 01:06 - 2012-07-11 04:56 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-06 01:06 - 2012-07-11 04:56 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-06 01:02 - 2012-07-11 04:55 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-06 00:05 - 2012-07-11 04:56 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-06 00:05 - 2012-07-11 04:55 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-06 00:03 - 2012-07-11 04:55 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-02 17:19 - 2012-06-26 03:00 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 17:19 - 2012-06-26 03:00 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 17:19 - 2012-06-26 03:00 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 17:19 - 2012-06-26 02:59 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 17:19 - 2012-06-26 02:59 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 17:15 - 2012-06-26 03:00 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 17:15 - 2012-06-26 02:59 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 15:19 - 2012-06-26 02:59 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 15:15 - 2012-06-26 02:59 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 07:49 - 2012-07-12 03:01 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 07:17 - 2012-07-12 03:01 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 07:12 - 2012-07-12 03:01 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 07:05 - 2012-07-12 03:01 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 07:05 - 2012-07-12 03:01 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 07:04 - 2012-07-12 03:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 07:04 - 2012-07-12 03:01 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 07:03 - 2012-07-12 03:01 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 07:01 - 2012-07-12 03:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 07:00 - 2012-07-12 03:01 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 06:59 - 2012-07-12 03:01 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 06:57 - 2012-07-12 03:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 06:57 - 2012-07-12 03:01 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 06:54 - 2012-07-12 03:01 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 04:07 - 2012-07-12 03:01 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 03:43 - 2012-07-12 03:01 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 03:33 - 2012-07-12 03:01 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 03:26 - 2012-07-12 03:01 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 03:25 - 2012-07-12 03:01 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 03:25 - 2012-07-12 03:01 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 03:23 - 2012-07-12 03:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 03:21 - 2012-07-12 03:01 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 03:20 - 2012-07-12 03:01 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 03:19 - 2012-07-12 03:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 03:19 - 2012-07-12 03:01 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 03:17 - 2012-07-12 03:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 03:16 - 2012-07-12 03:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 03:14 - 2012-07-12 03:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-02 00:50 - 2012-07-11 04:55 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-02 00:48 - 2012-07-11 04:55 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-02 00:48 - 2012-07-11 04:55 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-02 00:45 - 2012-07-11 04:55 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-02 00:44 - 2012-07-11 04:55 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 23:40 - 2012-07-11 04:55 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 23:40 - 2012-07-11 04:55 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 23:39 - 2012-07-11 04:55 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 23:34 - 2012-07-11 04:55 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll


ZeroAccess:
C:\Windows\Installer\{5b0aac7a-9fe2-be7a-97c6-30208ce6c228}
C:\Windows\Installer\{5b0aac7a-9fe2-be7a-97c6-30208ce6c228}\L
C:\Windows\Installer\{5b0aac7a-9fe2-be7a-97c6-30208ce6c228}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll
[2010-11-20 22:24] - [2010-11-20 22:24] - 0857600 ____A (Microsoft Corporation) 57300E71DFBB58D8ED0D7B9813E55795

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 8174.64 MB
Available physical RAM: 7395.59 MB
Total Pagefile: 8172.84 MB
Available Pagefile: 7390.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:916.66 GB) (Free:830.25 GB) NTFS
5 Drive g: (CORSAIR) (Removable) (Total:7.6 GB) (Free:7.6 GB) FAT32
6 Drive h: (RECOVERY) (Fixed) (Total:14.81 GB) (Free:6.49 GB) NTFS ==>[System with boot components (obtained from reading drive)]
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 7788 MB 0 B
Disk 3 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 40 MB
Partition 3 Primary 916 GB 14 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 FAT Partition 39 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 H RECOVERY NTFS Partition 14 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 916 GB Healthy

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7787 MB 1024 KB

==================================================================================

Disk: 2
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G CORSAIR FAT32 Removable 7787 MB Healthy

==================================================================================

Last Boot: 2012-08-07 20:07

======================= End Of Log ==========================

Farbar Recovery Scan Tool Version: 09-08-2012
Ran by SYSTEM at 2012-08-13 06:56:56
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\erdnt\cache64\services.exe
[2012-08-12 09:51] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users