Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

tmltesor.exe


  • This topic is locked This topic is locked
19 replies to this topic

#1 Spudweiser

Spudweiser

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 14 August 2012 - 08:51 AM

Hi Everyone,

I seem to have got some sort of virus and something that repeatedly pops up is an application error on tmltesor.exe. Amazingly google only provided 1 page for this application which led me here: http://www.bleepingcomputer.com/forums/topic463974.html

I cannot login to McAfee
Malwarebytes won't start (I renamed the mbam file so it would but got a corrupt or missing message). It did detect a Trojan in safe mode at AppData\Local\tbvmrndu\cenycqmi.exe
Firefox (my default browser) won't start

I have tried using the OTL.exe Custom Scans/Fixes as advised by Noviciate on page 2 of the above linked thread.

Any help would be greatly appreciated.

Thanks

BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:40 PM

Posted 14 August 2012 - 02:44 PM

Good evening. :)

I have tried using the OTL.exe Custom Scans/Fixes as advised by Noviciate on page 2 of the above linked thread.


I wouldn't trust him as far as I could throw him!

Start by going here, follow steps six, seven and eight as best you can, skipping those that you cannot run for any reason, and then post accordingly into this thread.

So long, and thanks for all the fish.

 

 


#3 Spudweiser

Spudweiser
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 14 August 2012 - 03:23 PM

Thanks for getting back to me Noviciate!

I have done steps 6 and 7 but I am on a 64 machine so couldn't do step 8.

Here are the results from DDS:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Adam McLaughlin at 21:17:15 on 2012-08-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8106.7141 [GMT 1:00]
.
AV: McAfeeŽ Security-as-a-Service *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfeeŽ Security-as-a-Service *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfeeŽ Security-as-a-Service *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\mfevtps.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.parcelforce.net/
uDefault_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,,C:\Users\Adam McLaughlin\AppData\Local\tbvmrndu\cenycqmi.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120701181635.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Jmrcrl] C:\Users\Adam McLaughlin\AppData\Roaming\Jmrcrl.exe
uRun: [Biluheelv] "C:\Users\Adam McLaughlin\AppData\Roaming\Cyfo\edogs.exe"
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [CenYcqmi] C:\Users\Adam McLaughlin\AppData\Local\tbvmrndu\cenycqmi.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
mRun: [MVS Splash] "C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Adam McLaughlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cenycqmi.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\IGPXTS~1.LNK - C:\Program Files (x86)\Lenovo\igpxtskmgn64.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download With Album Copier - C:\Program Files (x86)\BiroSolutions\Web Album Copier\\InternetExplorerExtensions\albumcopier.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{3C5BD984-C751-4073-84A6-B2CCB09FBB03} : DhcpNameServer = 88.82.13.60 88.82.13.60
TCP: Interfaces\{AF2D686C-F6E0-4084-9EF6-DFEBDD3C971E} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{DA5405A8-43AF-4C43-B7ED-39FE7B01A349} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{DA5405A8-43AF-4C43-B7ED-39FE7B01A349}\1447479636 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{DA5405A8-43AF-4C43-B7ED-39FE7B01A349}\D436C675843523 : DhcpNameServer = 192.168.0.100
TCP: Interfaces\{DA5405A8-43AF-4C43-B7ED-39FE7B01A349}\E4544574541425D434C4 : DhcpNameServer = 192.168.0.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120701181635.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
mRun-x64: [MVS Splash] "C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {208413D2-71EE-4052-9C8B-A4F8C6278E64} - C:\Program Files (x86)\BiroSolutions\Web Album Copier\\InternetExplorerExtensions\albumcopier.htm
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Adam McLaughlin\AppData\Roaming\Mozilla\Firefox\Profiles\1wz16g68.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 AiCharger;ASUS Charger Driver;C:\Windows\system32\DRIVERS\AiCharger.sys --> C:\Windows\system32\DRIVERS\AiCharger.sys [?]
R0 dlkmdldr;dlkmdldr;C:\Windows\system32\drivers\dlkmdldr.sys --> C:\Windows\system32\drivers\dlkmdldr.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-10-26 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]
R3 cyhid;Cypress Input Device;C:\Windows\system32\DRIVERS\cyhid.sys --> C:\Windows\system32\DRIVERS\cyhid.sys [?]
R3 cykbfltrService;Cypress Keyboard Filter Driver;C:\Windows\system32\DRIVERS\cykbfltr.sys --> C:\Windows\system32\DRIVERS\cykbfltr.sys [?]
R3 cymfltrService;Cypress Trackpad Filter Driver;C:\Windows\system32\DRIVERS\cymfltr.sys --> C:\Windows\system32\DRIVERS\cymfltr.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
S2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-8-23 98208]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-1-24 901184]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-1-24 991296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2011-4-10 9663848]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-5 136176]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-14 655944]
S2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2011-5-12 324928]
S2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-10-26 199272]
S2 myAgtSvc;McAfee Virus and Spyware Protection Service;C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2011-10-26 291328]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-8-23 2009704]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 RumorServer;McAfee Peer Distribution Service;C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2011-10-26 291328]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-4-21 378472]
S2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-7-16 2673064]
S2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-8-23 2656280]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-5 250056]
S3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-1-24 1298496]
S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]
S3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
S3 DisplayLinkUsbPort;DisplayLink USB Device;C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_5.6.31854.0.sys --> C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_5.6.31854.0.sys [?]
S3 dlkmd;dlkmd;C:\Windows\system32\drivers\dlkmd.sys --> C:\Windows\system32\drivers\dlkmd.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-5 136176]
S3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]
S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-4-10 25072]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 USBPNPA;USB PnP Sound Device Interface;C:\Windows\system32\drivers\CM10864.sys --> C:\Windows\system32\drivers\CM10864.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-08-14 20:06:42 -------- d-----w- C:\Windows\pss
2012-08-14 18:31:45 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\Norman Malware Cleaner
2012-08-14 18:20:26 -------- d-----w- C:\Program Files (x86)\stinger
2012-08-14 16:50:39 145120 ---ha-w- C:\Windows\SysWow64\TcYsBrn
2012-08-14 16:37:57 -------- d-----w- C:\Program Files (x86)\AxBx
2012-08-14 09:22:36 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{6952DDB8-A21E-4FB9-AEAC-B5F1FD31CEDD}
2012-08-14 09:22:22 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{674A9852-3A09-4DC2-887B-1B31ED0E025E}
2012-08-14 00:53:42 -------- d-----w- C:\_OTL
2012-08-13 23:39:09 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-13 22:10:08 119663 --s---w- C:\Users\Adam McLaughlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cenycqmi.exe
2012-08-13 22:10:08 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\tbvmrndu
2012-08-13 21:27:55 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\Macromedia
2012-08-13 13:33:34 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{2F941F0E-51AB-44CF-B8F2-FC9046DB6201}
2012-08-13 01:33:07 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{04D6C9E7-B224-4F9E-B295-727F7A68688F}
2012-08-13 01:32:56 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{2D833B36-64F8-4D52-BB1B-51C951F4D44F}
2012-08-12 13:31:58 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{C65A0AF9-FACF-4BD6-AE98-89A01BA1A142}
2012-08-12 13:31:42 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{DD20F18A-6D19-4B02-83FE-C9439935392F}
2012-08-11 15:31:08 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{92894A88-1EB2-40E9-AFC6-ABFF8E68826B}
2012-08-11 15:30:52 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{4169E5C1-BBC9-47DC-9C69-C7D09FB74C3D}
2012-08-10 11:19:59 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{5B1AC15C-9C21-4BE2-B99D-E35FD1CB7979}
2012-08-10 11:19:45 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{93AB1CAB-6D34-4EE3-83CA-E405698032A2}
2012-08-09 23:19:06 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{912A7B44-5CE1-4E15-AEE2-70A563233212}
2012-08-09 23:18:53 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{83AB8297-33C5-4BDB-9BF7-8DC77999C553}
2012-08-09 09:18:03 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{2584C929-05D2-4111-A4E0-32B1B6E73B3F}
2012-08-09 09:17:31 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{41A7359B-E96D-432B-B89F-692D4C57892F}
2012-08-08 21:17:01 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{53CE0A86-D6D6-47A7-8318-D2A0DFF68FED}
2012-08-08 21:16:50 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{4410F799-6911-4A4E-873A-B94069FB49FA}
2012-08-08 09:16:21 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{8B4F9D4C-D0C5-4F46-85DD-200C9681F988}
2012-08-08 09:16:09 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{18582465-9F65-4E05-9723-7B5DB3DA98E3}
2012-08-07 07:14:31 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{CAA6C5D2-8738-4C92-8B28-06BD6237E52B}
2012-08-07 07:14:19 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{081CFBB4-BD9F-4E0E-A0F8-B7A0E648A05A}
2012-08-06 09:35:41 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{3192809F-363F-4516-8E2E-D5DB06AF51DD}
2012-08-06 09:35:30 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{64A97C11-CE33-4D85-8462-77387AAC59F1}
2012-08-05 21:35:02 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{0AB6AD4E-FBB6-451F-9E76-52D92C8B2C89}
2012-08-05 21:34:51 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{3B4BCA2E-4A1E-4D19-ACC6-2DC43CAE2A1C}
2012-08-05 09:22:41 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{E91DB2F2-5EA5-4D40-B363-4EED0E45AA38}
2012-08-05 09:22:29 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{9079F38F-6379-4CEB-B722-2EDF587611BF}
2012-08-02 23:34:53 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{0992CCD5-4B1E-47EB-A43C-DDF5F7804442}
2012-08-02 23:34:42 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{BBD46928-55E0-4D12-B36A-7A622EC7BDFB}
2012-08-02 11:34:15 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{AFAD787B-696D-4D81-B5D7-D498FC19E484}
2012-08-02 11:34:05 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{257D814F-6216-4789-91F3-2227C3DA5421}
2012-08-01 23:32:50 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{9239D0AC-A29A-4DAD-BCD2-721D91424CD5}
2012-08-01 23:32:37 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{EBC9A7E6-B0BE-429B-8098-6C006435F401}
2012-08-01 22:50:10 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{488B768F-DA30-455E-B3C6-C85DAF4CEC19}
2012-08-01 22:49:59 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{133FD3AD-AAF0-41A0-BBC9-92D0D1EBEB3C}
2012-08-01 10:49:13 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{B87DCB4A-A4BC-40EE-B64C-8343B12186AC}
2012-08-01 10:49:02 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{58EC1104-1722-4506-9A21-A2B45DF4DE25}
2012-07-31 22:48:03 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{B6287AC5-3301-4F1D-AB04-D5A223F9E089}
2012-07-31 22:47:50 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{8ABEEEA5-9522-4796-95D7-6E551E02F5E6}
2012-07-31 07:32:42 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{1E28093A-4B93-471A-9FD7-1E626CDC1A3C}
2012-07-31 07:32:31 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{B21A40EA-DF16-4E40-AE56-4BAA0B91013D}
2012-07-30 19:20:10 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{2D5FF66E-1D2C-46C6-9B18-49A311F216D9}
2012-07-30 19:19:58 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{96F69345-A61E-46CB-B8A2-7E3FB5F3BB6F}
2012-07-30 07:19:32 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{8F0B5664-5ED5-4A76-A4E3-624BF9273D2A}
2012-07-29 13:26:55 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{1D94B56F-D1FD-4345-87B5-7F33C465D948}
2012-07-29 13:26:38 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{B1A8E7A3-4708-4EA8-85EC-F799D1ABAFA8}
2012-07-27 11:51:22 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{10FAAFCB-23A8-40AE-B566-79516447BFC7}
2012-07-27 11:51:12 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{3ED28F55-E64E-4580-B1E0-73970434DF10}
2012-07-26 23:51:16 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{9CC079F5-55AD-4559-97EB-CFF81AD2D48C}
2012-07-26 11:22:10 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{28DFEEF7-2B7C-433D-AE23-272F01242DA9}
2012-07-26 11:21:59 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{30F93373-D712-4647-9422-DCC7C348B7AB}
2012-07-25 23:21:27 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{36603E57-AA4A-4F68-8497-EA62692A0532}
2012-07-25 23:21:16 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{D7DF78D9-9E64-4AEB-80D8-FB9FE7C3792E}
2012-07-25 11:20:46 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{797D1DF4-1279-40FB-AB2B-56C7FD45A02B}
2012-07-25 11:20:36 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{738BCBB0-1374-4A59-9099-B22687DF8159}
2012-07-24 23:19:55 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{D8276D4A-CB7A-48C4-87DD-1267D26FF2AF}
2012-07-24 23:19:44 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{F3D69675-03DE-4054-AA6E-4803568D61D6}
2012-07-23 09:52:49 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{1AA8823C-2625-4337-B6C8-5DC098430142}
2012-07-21 13:07:20 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{681D2FB4-7630-442A-8405-7160ADBD0A5F}
2012-07-21 13:07:08 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{A70D9D7A-06E5-4B5F-A5D6-09399D0BCDD0}
2012-07-20 09:15:31 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{206DA367-018C-4B95-9933-0F1BD3B33DB1}
2012-07-20 09:15:09 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{33DFB437-63AB-49FA-940D-8F3C6E7A7F4C}
2012-07-19 21:14:40 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{0B134EE8-C48F-46B3-B0C8-059B8CEA2D18}
2012-07-19 21:14:29 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{1F308CAB-113E-40B5-BB0E-CA514A9A1164}
2012-07-19 20:57:19 -------- d-----w- C:\Users\Adam McLaughlin\temp
2012-07-19 09:13:50 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{9E92FC86-B05F-475A-A644-06F60782A1E8}
2012-07-18 12:11:15 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{1E89FDA5-C4BC-4338-A494-A5E3AA19D1FE}
2012-07-18 12:11:04 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{97D3114D-7C59-48DA-8DE0-D509890DB1D5}
2012-07-17 22:53:35 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{10DEC3B6-1C4B-4210-A45E-63407ADD1D6F}
2012-07-17 22:53:24 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{B6B4CC46-F601-4A99-8500-7C01BD28FFF7}
2012-07-17 10:52:57 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{67B6B18A-4DF1-4765-8271-C2C29AB83346}
2012-07-17 10:52:47 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{CC4487E6-8137-4325-B101-0DFF8F9147F7}
2012-07-16 22:52:16 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{7AD0EB6B-B4A9-4617-BE1F-930AD60EEB5E}
2012-07-16 22:52:04 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{B3F9726D-4398-42CD-95AD-C98A7E7697E5}
2012-07-16 10:07:59 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{C7644E29-BE54-4EFB-982F-E93DACD478A1}
2012-07-16 10:07:35 -------- d-----w- C:\Users\Adam McLaughlin\AppData\Local\{54ABC99B-C140-4A25-8FD2-89AB223032A2}
2012-07-15 22:23:24 -------- d-----w- C:\Poker
.
==================== Find3M ====================
.
2012-08-13 21:44:12 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-13 21:44:12 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-12 03:08:36 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 14:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 14:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2006-05-03 10:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll
2007-02-21 11:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll
2008-03-16 13:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll
2010-01-06 23:00:00 107520 --sha-r- C:\Windows\SysWOW64\TAKDSDecoder.dll
.
============= FINISH: 21:18:51.89 ===============

#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:40 PM

Posted 14 August 2012 - 04:11 PM

I'd like to see the contents of Attach.txt as well - you should have saved it alongside DDS.txt.

So long, and thanks for all the fish.

 

 


#5 Spudweiser

Spudweiser
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 14 August 2012 - 04:23 PM

Sorry I forgot to attach. Struggling to zip it up as I'm currently in safe mode.

Thanks

Attached Files



#6 Spudweiser

Spudweiser
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 15 August 2012 - 01:59 PM

Bump

#7 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:40 PM

Posted 15 August 2012 - 02:30 PM

Good evening. :)

Bumping a topic is unlikely to get you what you want. If you post after I log off and before I next log on there is very little I can do to advance the resolution of your problem. I could ask my boss to pay me to stay at home, but I suspect he won't be that willing - for "willing", read "not even if Hell freezes over".

Let me have a OTL log, a fresh one for preference, and i'll see where all the data points.

So long, and thanks for all the fish.

 

 


#8 Spudweiser

Spudweiser
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 15 August 2012 - 03:14 PM

Haha apologies Noviciate, it was more directed at anyone else willing to help.

I've located what appears to be a rogue file here: C:\Users\Adam McLaughlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cenycqmi it won't delete, cannot be renamed, cannot change file extension and it will not untick on startup programmes within msconfig.

OTL Scan is workign just now and I'll get the results up when it's finished.

Thanks Noviciate, it's much appreciated.

#9 Spudweiser

Spudweiser
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 15 August 2012 - 03:45 PM

Finally finished! Never realised it had to scan through all my music which is quite alot of files:

The OTL Scan:


OTL logfile created on: 8/15/2012 8:38:15 PM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Adam McLaughlin\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

7.92 Gb Total Physical Memory | 6.21 Gb Available Physical Memory | 78.48% Memory free
30.56 Gb Paging File | 0.41 Gb Available in Paging File | 1.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 679.00 Gb Total Space | 47.98 Gb Free Space | 7.07% Space Free | Partition Type: NTFS

Computer Name: ADAMMCLAUGHLIN | User Name: Adam McLaughlin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/14 17:43:40 | 204,219,008 | ---- | M] (Norman ASA) -- C:\Users\Adam McLaughlin\Downloads\Norman_Malware_Cleaner.exe
PRC - [2012/08/14 01:52:39 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Adam McLaughlin\Downloads\OTL.exe
PRC - [2012/07/30 18:01:02 | 003,075,920 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
PRC - [2012/07/16 15:31:32 | 007,445,416 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
PRC - [2012/07/16 15:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/07/16 15:22:42 | 000,106,408 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
PRC - [2012/05/04 09:09:16 | 000,476,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe
PRC - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/12 11:48:20 | 000,324,928 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe
PRC - [2011/04/22 08:13:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/04/21 19:32:26 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/04/13 16:39:14 | 000,503,942 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2011/01/24 21:34:06 | 000,991,296 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011/01/24 21:34:04 | 001,298,496 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011/01/24 21:33:30 | 000,901,184 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011/01/24 21:33:24 | 000,979,008 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
PRC - [2010/12/21 00:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/21 00:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/12/17 16:25:22 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2010/11/17 16:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010/05/10 11:04:16 | 000,465,536 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/19 09:37:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
MOD - [2010/12/17 16:25:22 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MOD - [2010/11/25 04:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010/11/17 16:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/02/22 08:25:30 | 000,162,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012/02/13 16:10:40 | 000,210,584 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012/02/13 16:09:34 | 000,199,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/04/10 21:07:33 | 009,663,848 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)
SRV:64bit: - [2010/12/17 20:41:32 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/12/17 20:28:46 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/12/17 20:26:50 | 000,836,880 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/11/29 21:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2010/09/23 00:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/18 03:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/08/14 17:44:29 | 000,776,192 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/08/13 22:44:13 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/30 18:01:02 | 003,075,920 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2012/07/19 21:57:00 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/16 15:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/05/04 09:02:30 | 000,291,328 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe -- (RumorServer)
SRV - [2012/05/04 09:02:30 | 000,291,328 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe -- (myAgtSvc)
SRV - [2012/01/12 18:57:12 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/12 11:48:20 | 000,324,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe -- (McAfee SiteAdvisor Enterprise Service)
SRV - [2011/04/22 08:13:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/21 19:32:26 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/01/24 21:34:06 | 000,991,296 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/01/24 21:34:04 | 001,298,496 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/01/24 21:33:30 | 000,901,184 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2010/12/21 00:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/21 00:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/25 11:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 11:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/03/18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/04/25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/03/28 15:39:51 | 000,017,408 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DisplayLinkUsbPort_5.6.31854.0.sys -- (DisplayLinkUsbPort)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 08:25:30 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012/02/22 08:25:30 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012/02/22 08:25:30 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012/02/22 08:25:30 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012/02/22 08:25:30 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012/02/22 08:25:30 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012/02/22 08:25:30 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2011/08/26 11:30:26 | 000,069,632 | ---- | M] (Cypress Semiconductor, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cymfltr.sys -- (cymfltrService)
DRV:64bit: - [2011/08/26 11:30:24 | 000,116,736 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cyhid.sys -- (cyhid)
DRV:64bit: - [2011/08/26 11:30:24 | 000,013,312 | ---- | M] (Cypress Semiconductor, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cykbfltr.sys -- (cykbfltrService)
DRV:64bit: - [2011/06/22 13:17:34 | 001,309,184 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CM10864.sys -- (USBPNPA)
DRV:64bit: - [2011/06/01 06:18:22 | 000,079,360 | ---- | M] (ASIX Electronics Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ax88772.sys -- (AX88772)
DRV:64bit: - [2011/05/10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/04/22 08:13:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/04/10 21:07:57 | 000,206,960 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dlkmd.sys -- (dlkmd)
DRV:64bit: - [2011/04/10 21:07:57 | 000,013,936 | ---- | M] (DisplayLink Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\dlkmdldr.sys -- (dlkmdldr)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/07 21:52:24 | 012,264,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/01/24 08:24:52 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011/01/24 08:22:48 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011/01/24 07:56:06 | 000,274,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/01/20 17:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2011/01/15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2011/01/13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/28 04:15:56 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/12/22 18:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010/12/13 18:34:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010/12/01 11:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/11/29 21:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/19 19:34:26 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/11/19 19:34:26 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/11 02:32:20 | 000,172,632 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010/10/20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/16 01:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/08/20 19:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2010/05/05 16:38:26 | 000,014,592 | ---- | M] (ASUSTek Computer Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger)
DRV:64bit: - [2010/03/19 09:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/27 16:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006/11/01 18:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2012/04/30 18:45:28 | 000,066,320 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys -- (a2acc)
DRV - [2012/03/01 11:03:52 | 000,000,026 | ---- | M] () [Kernel | System | Running] -- C:\Retail\Rpro\NULL -- (Null)
DRV - [2011/10/03 11:55:27 | 000,665,600 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\hardlock.sys -- (hardlock)
DRV - [2011/10/03 11:55:26 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\Haspnt.sys -- (Haspnt)
DRV - [2011/05/19 14:10:34 | 000,023,208 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys -- (A2DDA)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {290A8B02-ABC0-48E7-9356-13221C7785C5}
IE:64bit: - HKLM\..\SearchScopes\{290A8B02-ABC0-48E7-9356-13221C7785C5}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {290A8B02-ABC0-48E7-9356-13221C7785C5}
IE - HKLM\..\SearchScopes\{290A8B02-ABC0-48E7-9356-13221C7785C5}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.parcelforce.net/
IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {290A8B02-ABC0-48E7-9356-13221C7785C5}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://google.com/"


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\ [2012/08/14 17:14:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\albumcopier@biro.solutions: C:\Program Files (x86)\BiroSolutions\Web Album Copier\\FirefoxExtensions\albumcopier [2012/04/17 20:31:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/08/14 17:12:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 21:57:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5\extensions\\albumcopier@biro.solutions: C:\Program Files (x86)\BiroSolutions\Web Album Copier\\FirefoxExtensions\albumcopier [2012/04/17 20:31:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 21:57:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/08/30 21:35:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adam McLaughlin\AppData\Roaming\Mozilla\Extensions
[2012/05/11 23:01:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adam McLaughlin\AppData\Roaming\Mozilla\Firefox\Profiles\1wz16g68.default\extensions
[2012/03/29 16:53:30 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Adam McLaughlin\AppData\Roaming\Mozilla\Firefox\Profiles\1wz16g68.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/09/11 13:27:47 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Adam McLaughlin\AppData\Roaming\Mozilla\Firefox\Profiles\1wz16g68.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2012/04/17 21:51:55 | 000,000,000 | ---D | M] (fluschipranie) -- C:\Users\Adam McLaughlin\AppData\Roaming\Mozilla\Firefox\Profiles\1wz16g68.default\extensions\jid0-Dg47y8CbssHh7EDdmKEYB6phtn0@jetpack
[2012/01/10 00:36:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/08/14 17:12:12 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES (X86)\COMMON FILES\MCAFEE\SYSTEMCORE
[2011/09/05 12:15:48 | 000,034,637 | ---- | M] () (No name found) -- C:\USERS\ADAM MCLAUGHLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1WZ16G68.DEFAULT\EXTENSIONS\{BB117431-63C1-4A4D-8E4E-47F02268B2C6}.XPI
[2011/09/02 11:40:45 | 000,019,924 | ---- | M] () (No name found) -- C:\USERS\ADAM MCLAUGHLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1WZ16G68.DEFAULT\EXTENSIONS\GAURANGNSHAH@GMAIL.COM.XPI
[2012/07/19 21:57:05 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/25 22:19:22 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/18 22:56:51 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/25 22:19:21 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/04/25 22:19:20 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/04/25 22:19:34 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/04/25 22:19:20 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/08/14 14:30:33 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20120701181634.dll (McAfee, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120701181635.dll (McAfee, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [Cm108Sound] C:\Windows\Syswow64\cm108.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [CyCpIo] C:\Program Files\Cypress\TrackPad\CyCpIo.exe (Cypress Semiconductor Corporation)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] c:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [emsisoft anti-malware] C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MVS Splash] C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKCU..\Run: [Biluheelv] "C:\Users\Adam McLaughlin\AppData\Roaming\Cyfo\edogs.exe" File not found
O4 - HKCU..\Run: [CenYcqmi] C:\Users\Adam McLaughlin\AppData\Local\tbvmrndu\cenycqmi.exe File not found
O4 - HKCU..\Run: [Jmrcrl] C:\Users\Adam McLaughlin\AppData\Roaming\Jmrcrl.exe File not found
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: Download With Album Copier - C:\Program Files (x86)\BiroSolutions\Web Album Copier\\InternetExplorerExtensions\albumcopier.htm ()
O8 - Extra context menu item: Download With Album Copier - C:\Program Files (x86)\BiroSolutions\Web Album Copier\\InternetExplorerExtensions\albumcopier.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C5BD984-C751-4073-84A6-B2CCB09FBB03}: DhcpNameServer = 88.82.13.60 88.82.13.60
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF2D686C-F6E0-4084-9EF6-DFEBDD3C971E}: DhcpNameServer = 192.168.0.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA5405A8-43AF-4C43-B7ED-39FE7B01A349}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Users\Adam McLaughlin\AppData\Local\tbvmrndu\cenycqmi.exe) - C:\Users\Adam McLaughlin\AppData\Local\tbvmrndu\cenycqmi.exe File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\615\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/15 20:25:06 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\Norman Malware Cleaner
[2012/08/15 13:51:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2012/08/15 13:51:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2012/08/15 13:51:07 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\Documents\Anti-Malware
[2012/08/15 10:40:35 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{625864AB-7B17-4379-A8A9-0217BDF51DF5}
[2012/08/15 10:40:23 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{DF7EBD10-1873-452B-97BF-C52C8BED6C76}
[2012/08/14 21:16:14 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Adam McLaughlin\Desktop\dds.com
[2012/08/14 21:06:42 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/08/14 19:20:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger
[2012/08/14 10:22:36 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{6952DDB8-A21E-4FB9-AEAC-B5F1FD31CEDD}
[2012/08/14 10:22:22 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{674A9852-3A09-4DC2-887B-1B31ED0E025E}
[2012/08/14 01:53:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/14 00:39:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/14 00:39:09 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/13 23:34:46 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\Desktop\Donna Summer
[2012/08/13 22:27:55 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\Macromedia
[2012/08/13 14:33:34 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{2F941F0E-51AB-44CF-B8F2-FC9046DB6201}
[2012/08/13 02:33:07 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{04D6C9E7-B224-4F9E-B295-727F7A68688F}
[2012/08/13 02:32:56 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{2D833B36-64F8-4D52-BB1B-51C951F4D44F}
[2012/08/12 14:31:58 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{C65A0AF9-FACF-4BD6-AE98-89A01BA1A142}
[2012/08/12 14:31:42 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{DD20F18A-6D19-4B02-83FE-C9439935392F}
[2012/08/11 16:31:08 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{92894A88-1EB2-40E9-AFC6-ABFF8E68826B}
[2012/08/11 16:30:52 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{4169E5C1-BBC9-47DC-9C69-C7D09FB74C3D}
[2012/08/10 12:19:59 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{5B1AC15C-9C21-4BE2-B99D-E35FD1CB7979}
[2012/08/10 12:19:45 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{93AB1CAB-6D34-4EE3-83CA-E405698032A2}
[2012/08/10 00:19:06 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{912A7B44-5CE1-4E15-AEE2-70A563233212}
[2012/08/10 00:18:53 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{83AB8297-33C5-4BDB-9BF7-8DC77999C553}
[2012/08/09 10:18:03 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{2584C929-05D2-4111-A4E0-32B1B6E73B3F}
[2012/08/09 10:17:31 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{41A7359B-E96D-432B-B89F-692D4C57892F}
[2012/08/08 22:17:01 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{53CE0A86-D6D6-47A7-8318-D2A0DFF68FED}
[2012/08/08 22:16:50 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{4410F799-6911-4A4E-873A-B94069FB49FA}
[2012/08/08 10:16:21 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{8B4F9D4C-D0C5-4F46-85DD-200C9681F988}
[2012/08/08 10:16:09 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{18582465-9F65-4E05-9723-7B5DB3DA98E3}
[2012/08/07 08:14:31 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{CAA6C5D2-8738-4C92-8B28-06BD6237E52B}
[2012/08/07 08:14:19 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{081CFBB4-BD9F-4E0E-A0F8-B7A0E648A05A}
[2012/08/06 16:51:25 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\Desktop\AW12 SMQ
[2012/08/06 10:35:41 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{3192809F-363F-4516-8E2E-D5DB06AF51DD}
[2012/08/06 10:35:30 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{64A97C11-CE33-4D85-8462-77387AAC59F1}
[2012/08/05 22:35:02 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{0AB6AD4E-FBB6-451F-9E76-52D92C8B2C89}
[2012/08/05 22:34:51 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{3B4BCA2E-4A1E-4D19-ACC6-2DC43CAE2A1C}
[2012/08/05 10:22:41 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{E91DB2F2-5EA5-4D40-B363-4EED0E45AA38}
[2012/08/05 10:22:29 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{9079F38F-6379-4CEB-B722-2EDF587611BF}
[2012/08/03 00:34:53 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{0992CCD5-4B1E-47EB-A43C-DDF5F7804442}
[2012/08/03 00:34:42 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{BBD46928-55E0-4D12-B36A-7A622EC7BDFB}
[2012/08/02 12:34:15 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{AFAD787B-696D-4D81-B5D7-D498FC19E484}
[2012/08/02 12:34:05 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{257D814F-6216-4789-91F3-2227C3DA5421}
[2012/08/02 00:32:50 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{9239D0AC-A29A-4DAD-BCD2-721D91424CD5}
[2012/08/02 00:32:37 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{EBC9A7E6-B0BE-429B-8098-6C006435F401}
[2012/08/01 23:50:10 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{488B768F-DA30-455E-B3C6-C85DAF4CEC19}
[2012/08/01 23:49:59 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{133FD3AD-AAF0-41A0-BBC9-92D0D1EBEB3C}
[2012/08/01 20:40:46 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\Desktop\Lease
[2012/08/01 11:49:13 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{B87DCB4A-A4BC-40EE-B64C-8343B12186AC}
[2012/08/01 11:49:02 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{58EC1104-1722-4506-9A21-A2B45DF4DE25}
[2012/07/31 23:48:03 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{B6287AC5-3301-4F1D-AB04-D5A223F9E089}
[2012/07/31 23:47:50 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{8ABEEEA5-9522-4796-95D7-6E551E02F5E6}
[2012/07/31 08:32:42 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{1E28093A-4B93-471A-9FD7-1E626CDC1A3C}
[2012/07/31 08:32:31 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{B21A40EA-DF16-4E40-AE56-4BAA0B91013D}
[2012/07/30 20:20:10 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{2D5FF66E-1D2C-46C6-9B18-49A311F216D9}
[2012/07/30 20:19:58 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{96F69345-A61E-46CB-B8A2-7E3FB5F3BB6F}
[2012/07/30 08:19:32 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{8F0B5664-5ED5-4A76-A4E3-624BF9273D2A}
[2012/07/29 14:26:55 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{1D94B56F-D1FD-4345-87B5-7F33C465D948}
[2012/07/29 14:26:38 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{B1A8E7A3-4708-4EA8-85EC-F799D1ABAFA8}
[2012/07/27 12:51:22 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{10FAAFCB-23A8-40AE-B566-79516447BFC7}
[2012/07/27 12:51:12 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{3ED28F55-E64E-4580-B1E0-73970434DF10}
[2012/07/27 00:51:16 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{9CC079F5-55AD-4559-97EB-CFF81AD2D48C}
[2012/07/26 12:22:10 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{28DFEEF7-2B7C-433D-AE23-272F01242DA9}
[2012/07/26 12:21:59 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{30F93373-D712-4647-9422-DCC7C348B7AB}
[2012/07/26 00:21:27 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{36603E57-AA4A-4F68-8497-EA62692A0532}
[2012/07/26 00:21:16 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{D7DF78D9-9E64-4AEB-80D8-FB9FE7C3792E}
[2012/07/25 12:20:46 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{797D1DF4-1279-40FB-AB2B-56C7FD45A02B}
[2012/07/25 12:20:36 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{738BCBB0-1374-4A59-9099-B22687DF8159}
[2012/07/25 00:19:55 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{D8276D4A-CB7A-48C4-87DD-1267D26FF2AF}
[2012/07/25 00:19:44 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{F3D69675-03DE-4054-AA6E-4803568D61D6}
[2012/07/23 10:52:49 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{1AA8823C-2625-4337-B6C8-5DC098430142}
[2012/07/21 14:07:20 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{681D2FB4-7630-442A-8405-7160ADBD0A5F}
[2012/07/21 14:07:08 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{A70D9D7A-06E5-4B5F-A5D6-09399D0BCDD0}
[2012/07/20 10:15:31 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{206DA367-018C-4B95-9933-0F1BD3B33DB1}
[2012/07/20 10:15:09 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{33DFB437-63AB-49FA-940D-8F3C6E7A7F4C}
[2012/07/19 22:14:40 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{0B134EE8-C48F-46B3-B0C8-059B8CEA2D18}
[2012/07/19 22:14:29 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{1F308CAB-113E-40B5-BB0E-CA514A9A1164}
[2012/07/19 21:57:19 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\temp
[2012/07/19 10:13:50 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{9E92FC86-B05F-475A-A644-06F60782A1E8}
[2012/07/18 13:11:15 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{1E89FDA5-C4BC-4338-A494-A5E3AA19D1FE}
[2012/07/18 13:11:04 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{97D3114D-7C59-48DA-8DE0-D509890DB1D5}
[2012/07/17 23:53:35 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{10DEC3B6-1C4B-4210-A45E-63407ADD1D6F}
[2012/07/17 23:53:24 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{B6B4CC46-F601-4A99-8500-7C01BD28FFF7}
[2012/07/17 11:52:57 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{67B6B18A-4DF1-4765-8271-C2C29AB83346}
[2012/07/17 11:52:47 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{CC4487E6-8137-4325-B101-0DFF8F9147F7}
[2012/07/16 23:52:16 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{7AD0EB6B-B4A9-4617-BE1F-930AD60EEB5E}
[2012/07/16 23:52:04 | 000,000,000 | ---D | C] -- C:\Users\Adam McLaughlin\AppData\Local\{B3F9726D-4398-42CD-95AD-C98A7E7697E5}

========== Files - Modified Within 30 Days ==========

[2012/08/15 20:48:17 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/15 20:44:08 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/15 20:20:01 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/08/15 20:13:45 | 000,021,296 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/15 20:13:45 | 000,021,296 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/15 20:13:36 | 000,783,138 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/15 20:13:36 | 000,667,796 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/15 20:13:36 | 000,126,440 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/15 20:06:25 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/15 20:06:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/15 20:06:07 | 2079,985,663 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/15 13:55:05 | 000,555,008 | ---- | M] (RealWorld Graphics) -- C:\Users\Adam McLaughlin\Desktop\PhotoResize1200.exe
[2012/08/15 13:51:26 | 000,001,161 | ---- | M] () -- C:\Users\Adam McLaughlin\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2012/08/15 13:51:26 | 000,001,137 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012/08/15 10:46:42 | 000,001,148 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/14 21:16:14 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Adam McLaughlin\Desktop\dds.com
[2012/08/14 21:15:40 | 000,000,000 | ---- | M] () -- C:\Users\Adam McLaughlin\defogger_reenable
[2012/08/14 21:14:22 | 000,050,477 | ---- | M] () -- C:\Users\Adam McLaughlin\Desktop\Defogger.exe
[2012/08/14 19:22:52 | 000,145,120 | -H-- | M] () -- C:\Windows\SysWow64\TcYsBrn
[2012/08/14 14:36:04 | 000,000,034 | ---- | M] () -- C:\Windows\iltwain.ini
[2012/08/14 14:30:33 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/08/14 10:21:46 | 000,000,204 | ---- | M] () -- C:\Windows\Cm108.ini.imi
[2012/08/14 01:35:46 | 000,788,268 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/25 19:18:36 | 000,015,119 | ---- | M] () -- C:\Users\Adam McLaughlin\Documents\mockdraft2012.csv
[2012/07/25 00:17:49 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/07/24 15:31:10 | 000,091,185 | ---- | M] () -- C:\Users\Adam McLaughlin\Desktop\Diesel Invite.jpg
[2012/07/17 11:05:52 | 000,002,495 | ---- | M] () -- C:\Users\Adam McLaughlin\Desktop\ABD Music.lnk
[2012/07/17 11:05:52 | 000,002,235 | ---- | M] () -- C:\Users\Adam McLaughlin\Desktop\Web 12 AW - Shortcut.lnk
[2012/07/17 11:05:52 | 000,002,123 | ---- | M] () -- C:\Users\Adam McLaughlin\Desktop\Rpro8.lnk

========== Files Created - No Company Name ==========

[2012/08/15 13:51:26 | 000,001,161 | ---- | C] () -- C:\Users\Adam McLaughlin\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2012/08/15 13:51:26 | 000,001,137 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012/08/14 21:15:40 | 000,000,000 | ---- | C] () -- C:\Users\Adam McLaughlin\defogger_reenable
[2012/08/14 21:14:22 | 000,050,477 | ---- | C] () -- C:\Users\Adam McLaughlin\Desktop\Defogger.exe
[2012/08/14 17:50:39 | 000,145,120 | -H-- | C] () -- C:\Windows\SysWow64\TcYsBrn
[2012/08/14 00:39:15 | 000,001,148 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/13 22:07:04 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/25 19:18:36 | 000,015,119 | ---- | C] () -- C:\Users\Adam McLaughlin\Documents\mockdraft2012.csv
[2012/07/24 15:31:10 | 000,091,185 | ---- | C] () -- C:\Users\Adam McLaughlin\Desktop\Diesel Invite.jpg
[2012/05/25 16:20:28 | 000,013,037 | ---- | C] () -- C:\Users\Adam McLaughlin\AppData\Roaming\Comma Separated Values (Windows).CAL
[2012/05/15 23:47:46 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012/05/15 23:44:21 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2012/04/17 20:32:02 | 000,000,136 | ---- | C] () -- C:\Users\Adam McLaughlin\AppData\Local\configurator.xml
[2012/03/28 15:41:02 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix108.dll
[2012/03/28 15:41:02 | 000,000,169 | ---- | C] () -- C:\Windows\Cm108.ini.cfl
[2012/03/28 15:40:58 | 000,000,204 | ---- | C] () -- C:\Windows\Cm108.ini.imi
[2012/03/28 15:40:57 | 000,002,029 | ---- | C] () -- C:\Windows\Cm108.ini.cfg
[2012/03/28 15:40:57 | 000,001,318 | ---- | C] () -- C:\Windows\cm108.ini
[2012/03/28 15:40:07 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd9.dll
[2012/03/28 15:40:07 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd11.dll
[2012/03/28 15:40:07 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd10.dll
[2012/01/12 18:57:02 | 000,103,784 | ---- | C] () -- C:\Users\Adam McLaughlin\GoToAssistDownloadHelper.exe
[2011/12/02 11:05:06 | 000,060,304 | ---- | C] () -- C:\Users\Adam McLaughlin\g2mdlhlpx.exe
[2011/10/17 23:41:24 | 000,000,532 | ---- | C] () -- C:\Windows\eReg.dat
[2011/10/03 11:55:27 | 000,000,383 | ---- | C] () -- C:\Windows\SysWow64\haspdos.sys
[2011/10/03 11:43:04 | 000,000,034 | ---- | C] () -- C:\Windows\iltwain.ini
[2011/08/30 12:46:05 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/08/30 12:46:05 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011/08/30 11:32:15 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/08/23 13:24:07 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/08/23 13:24:05 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/08/23 13:24:03 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/02/10 17:10:51 | 000,788,268 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== LOP Check ==========

[2012/04/17 15:06:27 | 000,000,000 | ---D | M] -- C:\Users\Adam McLaughlin\AppData\Roaming\Cyfo
[2012/01/12 19:03:16 | 000,000,000 | ---D | M] -- C:\Users\Adam McLaughlin\AppData\Roaming\Cypress
[2011/10/12 23:30:04 | 000,000,000 | ---D | M] -- C:\Users\Adam McLaughlin\AppData\Roaming\DAEMON Tools Lite
[2011/09/28 13:24:38 | 000,000,000 | ---D | M] -- C:\Users\Adam McLaughlin\AppData\Roaming\DocumentsToGoDesktop
[2012/04/19 14:30:13 | 000,000,000 | ---D | M] -- C:\Users\Adam McLaughlin\AppData\Roaming\FileZilla
[2011/08/30 11:11:37 | 000,000,000 | ---D | M] -- C:\Users\Adam McLaughlin\AppData\Roaming\Fingertapps
[2011/09/28 16:33:02 | 000,000,000 | ---D | M] -- C:\Users\Adam McLaughlin\AppData\Roaming\HandBrake
[2011/08/30 13:02:56 | 000,000,000 | ---D | M] -- C:\Users\Adam McLaughlin\AppData\Roaming\PCDr
[2012/03/26 18:05:39 | 000,000,000 | ---D | M] -- C:\Users\Adam McLaughlin\AppData\Roaming\Rihyh
[2012/08/14 14:02:51 | 000,000,000 | ---D | M] -- C:\Users\Adam McLaughlin\AppData\Roaming\TeamViewer
[2012/08/15 20:08:16 | 000,000,000 | ---D | M] -- C:\Users\Adam McLaughlin\AppData\Roaming\uTorrent
[2012/04/17 15:09:56 | 000,000,000 | ---D | M] -- C:\Users\Adam McLaughlin\AppData\Roaming\Vymyot
[2012/01/20 02:46:22 | 000,000,000 | ---D | M] -- C:\Users\Adam McLaughlin\AppData\Roaming\Windows Live Writer
[2012/07/25 00:17:49 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/07/11 14:47:10 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/08/15 20:20:01 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Adam McLaughlin\Documents\Samsung Documents:Roxio EMC Stream

< End of report >

#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:40 PM

Posted 15 August 2012 - 04:13 PM

Run OTL.exe.

  • Copy and paste the following into the Custom Scans/Fixes box at the bottom:

    :OTL
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKCU..\Run: [Biluheelv] "C:\Users\Adam McLaughlin\AppData\Roaming\Cyfo\edogs.exe" File not found
    O4 - HKCU..\Run: [CenYcqmi] C:\Users\Adam McLaughlin\AppData\Local\tbvmrndu\cenycqmi.exe File not found
    O4 - HKCU..\Run: [Jmrcrl] C:\Users\Adam McLaughlin\AppData\Roaming\Jmrcrl.exe File not found

    :Files
    C:\Users\Adam McLaughlin\AppData\Roaming\Cyfo
    C:\Users\Adam McLaughlin\AppData\Local\tbvmrndu

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Click the Run Fix button at the top.
  • Let the program run until it has completed and then reboot the PC when it is done.
Please let me have a copy of the log that appears once OTL has completed it's run.


Note:If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post. The name of the log will in the following format: xxxxxxxx_xxxxxx. x representing the month, date, year and time the log was created. Eg: 03062009_170403

So long, and thanks for all the fish.

 

 


#11 Spudweiser

Spudweiser
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 15 August 2012 - 05:09 PM

Hi,

The notepad opened on rebbot with the following:

All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Biluheelv not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\CenYcqmi deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Jmrcrl not found.
========== FILES ==========
C:\Users\Adam McLaughlin\AppData\Roaming\Cyfo folder moved successfully.
File\Folder C:\Users\Adam McLaughlin\AppData\Local\tbvmrndu not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Adam McLaughlin
->Temp folder emptied: 770285219 bytes
->Temporary Internet Files folder emptied: 43797903 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 110485565 bytes
->Flash cache emptied: 5376 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3648 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 3863161805 bytes

Total Files Cleaned = 4,566.00 mb


[EMPTYFLASH]

User: Adam McLaughlin
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.57.0 log created on 08152012_230220

Files\Folders moved on Reboot...
C:\Users\Adam McLaughlin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Adam McLaughlin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Adam McLaughlin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HQ0AVGN1\topic465157[1].htm moved successfully.

PendingFileRenameOperations files...
File C:\Users\Adam McLaughlin\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\Adam McLaughlin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
File C:\Users\Adam McLaughlin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HQ0AVGN1\topic465157[1].htm not found!

Registry entries deleted on Reboot...

#12 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:40 PM

Posted 16 August 2012 - 02:45 PM

Good evening. :)

How is the PC behaving now?

So long, and thanks for all the fish.

 

 


#13 Spudweiser

Spudweiser
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 16 August 2012 - 02:58 PM

Hi Noviciate,

Still misbehaving I'm afraid. Still can't login to McAfee, tmltesor.exe is still appearing with an error message on startup and cenycqmi is still in the startup programmes. Would a new log help?

Edited by Spudweiser, 16 August 2012 - 03:14 PM.


#14 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:40 PM

Posted 16 August 2012 - 05:07 PM

Take a trip to this webpage for download links and instructions for running Combofix by sUBs: http://www.bleepingcomputer.com/combofix/how-to-use-combofix *

  • When prompted to save Combofix, change the filename BEFORE saving it - any name will do, as long as it has .exe at the end.
  • Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start.
  • When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste
  • Let me know how the PC is behaving.
* There are two points to note from the instructions page:

1) The Recovery Console.

It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.
CF will complete some, but not all, of it's removal tasks without the installation of the Console, so you are free to choose whether you want to complete this step, but it is in your interests to do so.

2) Disabling your Anti-Virus.

CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for!

So long, and thanks for all the fish.

 

 


#15 Spudweiser

Spudweiser
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 16 August 2012 - 06:01 PM

I think at the moment I'm running with no AV as the virus has logged me out and disabled everything

Here are the results:

ComboFix 12-08-16.01 - Adam McLaughlin 16/08/2012 23:33:40.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8106.5940 [GMT 1:00]
Running from: c:\users\Adam McLaughlin\Downloads\newname.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5907\Downloads\f0fc9c9c-10ba-435b-8365-dadb523644ff.dll
c:\programdata\Roaming
c:\users\Adam McLaughlin\AppData\Local\dkaruphf.log
c:\users\Adam McLaughlin\AppData\Local\ebhfqmoc.log
c:\users\Adam McLaughlin\AppData\Local\fbwxotos.log
c:\users\Adam McLaughlin\AppData\Local\fslehpaq.log
c:\users\Adam McLaughlin\AppData\Local\itupaixw.log
c:\users\Adam McLaughlin\AppData\Local\pyptqydm.log
c:\users\Adam McLaughlin\AppData\Local\rvrsbetv.log
c:\users\Adam McLaughlin\AppData\Local\tbvmrndu\cenycqmi.exe
c:\users\Adam McLaughlin\AppData\Local\vkkigntt.log
c:\users\Adam McLaughlin\g2mdlhlpx.exe
c:\users\Adam McLaughlin\GoToAssistDownloadHelper.exe
.
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-16 to 2012-08-16 )))))))))))))))))))))))))))))))
.
.
2012-08-16 10:51 . 2012-08-16 12:02 -------- d-----w- C:\Download
2012-08-16 10:42 . 2012-08-16 10:48 130776384 ----a-w- C:\vssetup.exe
2012-08-16 09:15 . 2012-08-16 13:59 129040 ---ha-w- c:\windows\SysWow64\shJvcvjRm
2012-08-15 21:28 . 2012-08-16 22:52 -------- d-----w- c:\users\Adam McLaughlin\AppData\Local\tbvmrndu
2012-08-15 12:51 . 2012-08-16 22:52 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2012-08-14 18:20 . 2012-08-14 18:21 -------- d-----w- c:\program files (x86)\stinger
2012-08-14 16:50 . 2012-08-14 18:22 145120 ---ha-w- c:\windows\SysWow64\TcYsBrn
2012-08-14 00:53 . 2012-08-14 00:53 -------- d-----w- C:\_OTL
2012-08-13 23:39 . 2012-07-03 12:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-13 21:27 . 2012-08-13 21:27 -------- d-----w- c:\users\Adam McLaughlin\AppData\Local\Macromedia
2012-07-19 20:57 . 2012-07-19 20:57 -------- d-----w- c:\users\Adam McLaughlin\temp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-16 13:46 . 2012-07-05 08:53 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-16 13:46 . 2011-08-30 20:57 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 08:08 . 2011-08-30 11:59 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-12 03:08 . 2012-07-11 08:10 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-10 19:51 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-10 19:51 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-10 19:51 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-10 19:51 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-10 19:51 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-10 19:51 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-10 19:51 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-21 09:25 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 09:25 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 09:25 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 09:25 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 09:25 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 09:25 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 09:25 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 14:19 . 2012-06-21 09:24 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:15 . 2012-06-21 09:24 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 12:49 . 2012-07-11 08:07 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-11 08:07 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-11 08:07 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-11 08:07 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-11 08:07 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-11 08:07 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-11 08:07 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-11 08:07 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-11 08:07 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-11 08:07 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-11 08:07 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-11 08:07 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-11 08:07 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-11 08:07 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-11 08:07 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-11 08:07 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-11 08:07 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-11 08:07 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-11 08:07 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50 . 2012-07-10 19:51 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-10 19:51 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48 . 2012-07-10 19:51 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45 . 2012-07-10 19:51 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-10 19:51 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-10 19:51 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-10 19:51 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-10 19:51 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-10 19:51 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2006-05-03 10:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2010-01-06 23:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"ASUS Ai Charger"="c:\program files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2010-05-10 465536]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-08-16 786432]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"emsisoft anti-malware"="c:\program files (x86)\Emsisoft Anti-Malware\a2guard.exe" [2012-07-30 3408288]
.
c:\users\Adam McLaughlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
cenycqmi.exe [2012-8-13 119663]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
igpxtskmgn.lnk - c:\program files (x86)\Lenovo\igpxtskmgn64.exe [2012-3-28 314880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\users\Adam McLaughlin\AppData\Local\tbvmrndu\cenycqmi.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-05 136176]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2012-04-30 66320]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 250056]
R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_5.6.31854.0.sys [2012-03-28 17408]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-05 136176]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-11-11 172632]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-04-10 25072]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM10864.sys [2011-06-22 1309184]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-31 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2010-05-05 14592]
S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2011-04-10 13936]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-04-22 25960]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2011-05-19 23208]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 a2AntiMalware;Emsisoft Anti-Malware 6.6 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-07-30 3075920]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-01-24 901184]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-01-24 991296]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2011-04-10 9663848]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-22 2009704]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-21 378472]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-01-24 1298496]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-01-24 58128]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-01-24 274944]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
S3 cyhid;Cypress Input Device;c:\windows\system32\DRIVERS\cyhid.sys [2011-08-26 116736]
S3 cykbfltrService;Cypress Keyboard Filter Driver;c:\windows\system32\DRIVERS\cykbfltr.sys [2011-08-26 13312]
S3 cymfltrService;Cypress Trackpad Filter Driver;c:\windows\system32\DRIVERS\cymfltr.sys [2011-08-26 69632]
S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2011-04-10 206960]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-01-24 59904]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-16 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-12-28 76912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-12-22 8505856]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-05 13:46]
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-05 16:37]
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-05 16:37]
.
2012-07-24 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-08-16 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-26 6611560]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-02 2189416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-12 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-12 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-12 418840]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-01-24 10355200]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-01-31 4500128]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-04-21 312936]
"CyCpIo"="c:\program files\Cypress\TrackPad\CyCpIo.exe" [2011-08-24 2357760]
"Cm108Sound"="c:\windows\Syswow64\cm108.dll" [2011-06-22 8146944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Download With Album Copier - c:\program files (x86)\BiroSolutions\Web Album Copier\\InternetExplorerExtensions\albumcopier.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Adam McLaughlin\AppData\Roaming\Mozilla\Firefox\Profiles\1wz16g68.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe
Wow6432Node-HKCU-Run-CenYcqmi - c:\users\Adam McLaughlin\AppData\Local\tbvmrndu\cenycqmi.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-CaptureOne5_is1 - c:\program files (x86)\Phase One\Capture One 5\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\users\adammc~1\appdata\local\temp\tmltesor.exe
.
**************************************************************************
.
Completion time: 2012-08-16 23:59:24 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-16 22:59
.
Pre-Run: 77,056,208,896 bytes free
Post-Run: 61,658,742,784 bytes free
.
- - End Of File - - 407C635AA5FC3F52AAE6CE611AB53F93


thanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users