Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browsers appear to be redirecting


  • This topic is locked This topic is locked
46 replies to this topic

#1 rstaud1

rstaud1

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 21 August 2012 - 12:39 PM

Hello,
Sorry to trouble you all with this, I hope, mundane issue....My son loaded a bunch of files from various sites and his laptop running windows 7 home premium service pack 1 now has virus issues. I trash canned a bunch of inappropriate content, ran Rkill, then installed newest version of malware bytes and ran it rebooted, then Rkill then updated mcafee and ran it, in between the computer began to load a number of updates that had previously failed. ran combo fix three times. Ran Tdsskiller but still browsers appear to be hijacked. In appearance it is as though there are two browser windows one laid upon the other....but to control the scroll function on the top window your mouse must be over the apparently lower window, you can not separate the two windows. FYI Netnanny is running ont his computer...alot of good it does...let me know if it needs removed/disabled.

To prepare for this conversation I ran defogger, ran dds but I have no idea what a script blocker is...so it is unknown how effective this was...it provided the DDS log but not the Attach log. I saved this and attached it here. put gmer on desktop and opened it when I remembered this is a 64bit system and stopped the process.

As my friend who does point of sales systems has put it I should now turn this over to some of the finest minds in the universe. Let me know your thoughts. Thank you

Here is DDS log

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Undead Munlcee at 13:18:14 on 2012-08-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4003.2614 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\brsvc01a.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\brss01a.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\ContentWatch\Internet Protection\cwsvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\mfevtps.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\ContentWatch\Internet Protection\cwtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120820220740.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [OpenDNS Updater] "C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" /autostart
uRun: [DelayShred] "c:\PROGRA~1\mcafee\mqs\ShrCL.EXE" /P1 /q "F:\ARIELR~2" "F:\MP3" "F:\Music" "F:\NHDPRO~1" "F:\REALLL~1" "F:\singles" "F:\UPSKIR~1" "F:\Blowjob" "F:\CAMERA" "F:\cum" "F:\DCIM" "F:\FAYERE~1" "F:\bleep" "F:\gifs" "F:\group" "F:\HOTNES~1" "F:\lesbians" "F:\LITTLE~1" "F:\MASTER~1" "F:\_disk_id.pod" "F:\270PX-~1.PNG" "F:\DRMv1PM.lic" "F:\NHDPRO~2.MSW" "F:\PORTFO~1.DOC" "F:\SIMS-B~1.JPG" "F:\SNOWBO~1.PPT" "F:\THEPAR~1.DOC"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [cwcptray] C:\Program Files (x86)\ContentWatch\Internet Protection\cwtray.exe
mRun: [CWPhoenixApp] C:\Program Files (x86)\ContentWatch\Internet Protection\Updater\Phoenix.exe /r
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
LSP: C:\Windows\system32\cwalsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{3F0342A8-86ED-4B2E-9015-80BC932B4A71} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{3F0342A8-86ED-4B2E-9015-80BC932B4A71} : DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{3F0342A8-86ED-4B2E-9015-80BC932B4A71}\7456963796E6765627027457563747 : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{3F0342A8-86ED-4B2E-9015-80BC932B4A71}\7456963796E6765627027457563747 : DhcpNameServer = 10.240.250.9 10.240.250.10
TCP: Interfaces\{3F0342A8-86ED-4B2E-9015-80BC932B4A71}\C4163516C6C6567457563747 : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{3F0342A8-86ED-4B2E-9015-80BC932B4A71}\C4163516C6C6567457563747 : DhcpNameServer = 8.8.8.8 8.8.4.4 4.4.2.2
TCP: Interfaces\{6DE89C99-7441-41A9-BFE9-0329DB0E1D64} : DhcpNameServer = 192.168.1.1 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120820220740.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [cwcptray] C:\Program Files (x86)\ContentWatch\Internet Protection\cwtray.exe
mRun-x64: [CWPhoenixApp] C:\Program Files (x86)\ContentWatch\Internet Protection\Updater\Phoenix.exe /r
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-4-16 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-11-3 897088]
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [2012-8-21 67584]
R2 CwAltaService20;ContentWatch;C:\Program Files (x86)\ContentWatch\Internet Protection\cwsvc.exe [2012-2-25 3074624]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-4-16 13336]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-24 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-24 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-24 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-24 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-4-16 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-4-16 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-4-16 1692480]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-4-29 2280312]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-4-16 2655768]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2010-11-3 1298496]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]
R3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2010-11-16 141192]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-20 136176]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-20 136176]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-4-16 220528]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-24 249936]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-08-21 14:02:53 -------- d-----w- C:\Program Files (x86)\Cobian Backup 11
2012-08-21 02:40:09 -------- d-sh--w- C:\$RECYCLE.BIN
2012-08-20 23:46:46 -------- d-----w- C:\Windows\System32\SPReview
2012-08-18 18:20:52 98816 ----a-w- C:\Windows\sed.exe
2012-08-18 18:20:52 518144 ----a-w- C:\Windows\SWREG.exe
2012-08-18 18:20:52 256000 ----a-w- C:\Windows\PEV.exe
2012-08-18 18:20:52 208896 ----a-w- C:\Windows\MBR.exe
2012-08-17 17:26:37 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2004A81C-F1C6-43AB-8BFE-DC5B1A63B32F}\mpengine.dll
2012-08-15 11:31:46 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2012-08-15 07:22:02 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-08-15 07:22:02 296960 ----a-w- C:\Windows\System32\rstrui.exe
2012-08-15 07:22:01 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-08-15 07:21:56 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-08-15 07:21:56 67072 ----a-w- C:\Windows\splwow64.exe
2012-08-15 07:21:55 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-08-15 07:21:54 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-08-15 07:21:44 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-15 07:21:42 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-08-15 07:21:41 136704 ----a-w- C:\Windows\System32\browser.dll
2012-08-15 07:21:38 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-08-15 07:21:36 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-08-15 07:21:36 39424 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\winprint.dll
2012-07-31 04:30:32 11264 ----a-r- C:\Users\Undead Munlcee\AppData\Roaming\Microsoft\Installer\{98613C99-1399-416C-A07C-1EE1C585D872}\Icon98613C992.exe
2012-07-31 04:30:31 -------- d-----w- C:\Program Files (x86)\Seagate
2012-07-31 04:26:12 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-07-28 01:11:10 -------- d-----w- C:\Users\Undead Munlcee\AppData\Roaming\Unity
2012-07-27 20:51:30 184248 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
==================== Find3M ====================
.
2012-08-20 23:59:13 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-08-20 23:59:13 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 16:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 13:18:29.00 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:45 PM

Posted 22 August 2012 - 11:46 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 rstaud1

rstaud1
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 23 August 2012 - 08:11 AM

Gringo,

Thank you for looking into my problem. FYI I download the programs you ask me to run to a flash drive from a separate computer, then move/copy to infected computer desktop and run them. Ran Security Check here is log. I will post combofix info when completed. thank you for your time and effort here.

Results of screen317's Security Check version 0.99.46
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 31
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader X (10.1.4)
Google Chrome 21.0.1180.60
Google Chrome 21.0.1180.79
````````Process Check: objlist.exe by Laurent````````
mcafee VIRUSS~1 mcvsshld.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 4%
````````````````````End of Log``````````````````````

Sending combofixlog when completed

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:45 PM

Posted 23 August 2012 - 08:12 AM

ok I will be waiting for the report


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:45 PM

Posted 23 August 2012 - 08:13 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 rstaud1

rstaud1
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 23 August 2012 - 08:43 AM

turned active scan off on mcAfee, placed combofix to descktop and ran it. Combofix reached stage 4 or possibly 5 when "Execution of command "'C:\Program Files (x86)\ContentWatch\Internet Protection\Updater\Updater.exe' Illegal operation attempted on a registery key that has been marked for deletion." message appeared. Combofix continued to run despite this pop up so I allowed it to finish. log created is pasted here. Your instruction noted I should restart the computer if the Illegal message appeared but I was unclear if I was to do this in the middle of the combofix scan or after. I elected after. This is my sons computer for his studies, due to suspected virus we have stopped using it for now. but on the surface it appears to operate normally except for when you go online. The duplicate or shadow window still appears in windows explorer but appears to have stopped in Chrome.

ComboFix 12-08-22.03 - Undead Munlcee 08/23/2012 9:16.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4003.2495 [GMT -4:00]
Running from: c:\users\Undead Munlcee\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-07-23 to 2012-08-23 )))))))))))))))))))))))))))))))
.
.
2012-08-23 13:24 . 2012-08-23 13:24 -------- d-----w- c:\users\Undead Munlcee_2\AppData\Local\temp
2012-08-23 13:24 . 2012-08-23 13:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-17 17:26 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2004A81C-F1C6-43AB-8BFE-DC5B1A63B32F}\mpengine.dll
2012-08-15 11:31 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-08-15 07:22 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 07:22 . 2010-11-20 13:25 296960 ----a-w- c:\windows\system32\rstrui.exe
2012-08-15 07:22 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-15 07:21 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 07:21 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-15 07:21 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-15 07:21 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 07:21 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-15 07:21 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-15 07:21 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 07:21 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-15 07:21 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 07:21 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-15 07:21 . 2010-11-20 13:27 39424 ----a-w- c:\windows\system32\Spool\prtprocs\x64\winprint.dll
2012-08-07 23:09 . 2012-08-07 23:09 -------- d-----w- c:\users\Teagan\AppData\Roaming\Anvil Studio
2012-07-31 04:30 . 2012-07-31 04:30 11264 ----a-r- c:\users\Undead Munlcee\AppData\Roaming\Microsoft\Installer\{98613C99-1399-416C-A07C-1EE1C585D872}\Icon98613C992.exe
2012-07-31 04:30 . 2012-07-31 04:30 -------- d-----w- c:\program files (x86)\Seagate
2012-07-31 04:26 . 2012-07-31 04:26 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-07-28 01:11 . 2012-07-28 01:11 -------- d-----w- c:\users\Undead Munlcee\AppData\Roaming\Unity
2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-20 23:59 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-08-20 23:59 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-08-03 08:27 . 2011-11-02 02:53 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 17:46 . 2011-04-29 16:39 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-09 05:43 . 2012-07-10 21:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-10 21:52 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-10 21:52 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-10 21:51 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-10 21:52 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-10 21:52 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-10 21:51 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-04 11:32 . 2011-08-13 21:58 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-06-04 11:31 . 2011-08-22 10:43 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-06-04 11:31 . 2011-08-22 10:18 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-06-04 11:31 . 2011-09-12 21:53 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-06-02 22:19 . 2012-06-23 17:44 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-23 17:44 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-23 17:44 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-23 17:44 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-23 17:44 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-23 17:44 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-23 17:44 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-23 17:43 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-23 17:43 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-10 21:52 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-10 21:52 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48 . 2012-07-10 21:51 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45 . 2012-07-10 21:52 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-10 21:52 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-10 21:51 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-10 21:51 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-10 21:51 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-10 21:51 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-31 16:25 . 2012-04-24 19:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-28 21:04 . 2011-09-12 21:54 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-05-28 21:03 . 2011-08-13 21:57 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-05-28 21:03 . 2011-08-13 21:57 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-05-28 21:03 . 2011-08-13 21:57 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-08-21_02.30.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-29 12:31 . 2012-08-23 12:50 65150 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-08-21 02:05 38510 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-23 12:50 38510 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-04-20 23:13 . 2012-08-23 12:50 12266 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1358358883-2722712185-3082351182-1001_UserData.bin
- 2011-04-20 22:08 . 2012-08-21 02:17 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-04-20 22:08 . 2012-08-23 12:48 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-04-20 22:08 . 2012-08-21 02:17 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-04-20 22:08 . 2012-08-23 12:48 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-23 12:48 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-21 02:17 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-08-21 15:35 96656 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-08-21 03:02 . 2012-08-21 03:02 61440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\17a178f13bc0ecee86c07c2c2a2592d6\WindowsLiveWriter.ni.exe
+ 2012-08-21 03:02 . 2012-08-21 03:02 81408 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d6b93428bf30896d67a891884048ef18\WindowsLive.Writer.Passport.ni.dll
+ 2012-08-21 02:59 . 2012-08-21 02:59 98816 c:\windows\assembly\NativeImages_v2.0.50727_32\TlbImp\d6ef5db4af6adafe587c64af9b80fdcd\TlbImp.ni.exe
+ 2012-08-21 02:59 . 2012-08-21 02:59 86528 c:\windows\assembly\NativeImages_v2.0.50727_32\TlbExp\d5697fbab22a8e1807af7b032f63a3e6\TlbExp.ni.exe
+ 2012-08-21 03:13 . 2012-08-21 03:13 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\fee2bbfe0b8f5988a3ab7a9db85c7a30\System.Windows.Presentation.ni.dll
+ 2012-08-21 03:12 . 2012-08-21 03:12 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\19ec2acb1a563ecfce8396babd4a3b25\System.Web.DynamicData.Design.ni.dll
+ 2012-08-21 03:09 . 2012-08-21 03:09 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\221fa10bd3cb407e43b7476af5039090\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-08-21 03:01 . 2012-08-21 03:01 85504 c:\windows\assembly\NativeImages_v2.0.50727_32\SQLPS\bc1ea1f8f0428fc2176432e041eed4c9\SQLPS.ni.exe
+ 2012-08-21 02:59 . 2012-08-21 02:59 64512 c:\windows\assembly\NativeImages_v2.0.50727_32\sgen\2f479189db2f6c2f255af9fb96046f76\sgen.ni.exe
+ 2012-08-21 02:59 . 2012-08-21 02:59 84480 c:\windows\assembly\NativeImages_v2.0.50727_32\ResGen\f741d1e1b487dd9b354e038089c87c85\ResGen.ni.exe
+ 2012-08-21 03:08 . 2012-08-21 03:08 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\b3ade8d5c0d4bb5d4940bcafd3453642\PresentationFontCache.ni.exe
+ 2012-08-21 03:08 . 2012-08-21 03:08 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\86550fdda6994a9c192d7a0b9b59ee5b\Microsoft.WSMan.Runtime.ni.dll
+ 2012-08-21 03:07 . 2012-08-21 03:07 27136 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\ee8ed3c8e7f0281a9e29c7cdf050b69d\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
+ 2012-08-21 03:08 . 2012-08-21 03:08 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\e7904d77bcee77868d534546ed2a61b6\Microsoft.Windows.Diagnosis.SDEngine.ni.dll
+ 2012-08-21 03:07 . 2012-08-21 03:07 32256 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\de64901e4cd2074f5c70733ab5d7787a\Microsoft.Windows.Diagnosis.SDHost.ni.dll
+ 2012-08-21 03:07 . 2012-08-21 03:07 25088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\b5e6aa065d13e30c27219186f8e02689\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
+ 2012-08-21 03:07 . 2012-08-21 03:07 23040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\aa3fa7748881ce0969396eba0be3c6c3\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
+ 2012-08-21 03:08 . 2012-08-21 03:08 86528 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\90cd177df2fc13d88c401b6b53a121b8\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll
+ 2012-08-21 03:07 . 2012-08-21 03:07 19968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\0a5d39e601d2512b483a56408c3cec05\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
+ 2012-08-21 03:07 . 2012-08-21 03:07 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\7afe05fe13c9466d4f896036026c7c2d\Microsoft.VisualStudio.Shell.Interop.9.0.ni.dll
+ 2012-08-21 02:58 . 2012-08-21 02:58 23040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\730f1faecc4dfbcef3eced19db7a68c0\Microsoft.VisualStudio.VSHelp80.ni.dll
+ 2012-08-21 03:01 . 2012-08-21 03:01 65536 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\fe2fcb40a956d5c8d68cce198f51222e\Microsoft.SqlServer.Instapi.ni.dll
+ 2012-08-21 03:06 . 2012-08-21 03:06 98816 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\d33b960a00996151e03e01f00ba0facc\Microsoft.SqlServer.DlgGrid.ni.dll
+ 2012-08-21 03:06 . 2012-08-21 03:06 35840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\c14f4b67b58e08ada114be17f7e2eff8\Microsoft.SqlServer.PolicyEnum.ni.dll
+ 2012-08-21 03:01 . 2012-08-21 03:01 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\b9169265090185ea3a45b86822688fa7\Microsoft.SqlServer.Management.PowerShellTasks.ni.dll
+ 2012-08-21 03:06 . 2012-08-21 03:06 35328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\a6805f133732aadae67b7e5a86e59d3e\Microsoft.SqlServer.Dts.Design.ni.dll
+ 2012-08-21 03:00 . 2012-08-21 03:00 43008 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\8a5a73530a2bd1d420cfe5c8b3cc441d\Microsoft.SqlServer.ServiceBrokerEnum.ni.dll
+ 2012-08-21 03:00 . 2012-08-21 03:00 26112 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\833cdfa3bd9b109a73fac3c3304b8002\Microsoft.SqlServer.SqlClrProvider.ni.dll
+ 2012-08-21 03:06 . 2012-08-21 03:06 41472 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\7ee2c19920e14f3eb27de3eb853f66ac\Microsoft.SqlServer.SqlTDiagM.ni.dll
+ 2012-08-21 03:06 . 2012-08-21 03:06 86016 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\7308393374bffa81ed1684f358901e3e\Microsoft.SqlServer.PipelineHost.ni.dll
+ 2012-08-21 03:01 . 2012-08-21 03:01 66048 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\4988851c3837e64f1cc4c677a2f7b9ee\Microsoft.SqlServer.WmiEnum.ni.dll
+ 2012-08-21 03:05 . 2012-08-21 03:05 73216 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\27e7d0fb4b9e573a95cb964c9d9cc520\Microsoft.SqlServer.BatchParserClient.ni.dll
+ 2012-08-21 03:01 . 2012-08-21 03:01 42496 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\1c45ab90b7c39973c00e97d83b7413e5\Microsoft.SqlServer.SString.ni.dll
+ 2012-08-21 03:06 . 2012-08-21 03:06 96256 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\0ac494f42e8a3f698e84597b278c6f0b\Microsoft.SqlServer.OlapEnum.ni.dll
+ 2012-08-21 03:04 . 2012-08-21 03:04 53248 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.DataWareh#\f57325a47731f9f7d00aec9075f104f5\Microsoft.DataWarehouse.Interfaces.ni.dll
+ 2012-08-21 03:04 . 2012-08-21 03:04 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\84b83e7639310b35b5ce150df62a2843\Microsoft.Build.Framework.ni.dll
+ 2012-08-21 03:03 . 2012-08-21 03:03 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\4c0fa9d495ac562afcb136f3e9a87cb9\Microsoft.Build.Framework.ni.dll
+ 2012-08-21 02:59 . 2012-08-21 02:59 51712 c:\windows\assembly\NativeImages_v2.0.50727_32\lc\0aa818297dafef865d79e7738d9978ae\lc.ni.exe
+ 2012-08-21 02:59 . 2012-08-21 02:59 19968 c:\windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgrSvc\f0d2b0f50cdf1676b1ee98afba776451\IAStorDataMgrSvc.ni.exe
+ 2012-08-21 02:59 . 2012-08-21 02:59 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\cc10612ddfbea7a40a49951152fa6a67\IAStorCommon.ni.dll
+ 2012-08-21 03:03 . 2012-08-21 03:03 31232 c:\windows\assembly\NativeImages_v2.0.50727_32\EnvDTE90a\9d56b245f09eb5da23036cd6ed75eeb2\EnvDTE90a.ni.dll
+ 2012-08-21 03:03 . 2012-08-21 03:03 46080 c:\windows\assembly\NativeImages_v2.0.50727_32\EnvDTE90\40cd4ae1b86cd908bcf949373cb67ce0\EnvDTE90.ni.dll
+ 2012-08-21 03:03 . 2012-08-21 03:03 31232 c:\windows\assembly\NativeImages_v2.0.50727_32\EnvDTE100\73d732327295e1bb5352e7d6c9755679\EnvDTE100.ni.dll
+ 2012-08-21 03:03 . 2012-08-21 03:03 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\2c3e7fda8de40e45e7f5e004094dc7c9\dfsvc.ni.exe
+ 2012-08-21 02:59 . 2012-08-21 02:59 69120 c:\windows\assembly\NativeImages_v2.0.50727_32\AxImp\0c07db90232892ac1c768836c3865d52\AxImp.ni.exe
- 2012-08-21 02:02 . 2012-08-21 02:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-23 12:47 . 2012-08-23 12:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-23 12:47 . 2012-08-23 12:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-21 02:02 . 2012-08-21 02:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-08-23 12:54 725842 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-08-21 02:09 725842 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-23 12:54 145828 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-08-21 02:09 145828 c:\windows\system32\perfc009.dat
- 2009-07-14 04:45 . 2012-08-21 02:03 487568 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 04:45 . 2012-08-21 07:19 487568 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 05:01 . 2012-08-21 17:42 472280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-08-21 01:54 472280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-08-21 03:00 . 2012-08-21 03:00 126976 c:\windows\assembly\NativeImages_v2.0.50727_32\xsd\7bf4655f75df7fc7abfad012515cc415\xsd.ni.exe
+ 2012-08-21 02:59 . 2012-08-21 02:59 145408 c:\windows\assembly\NativeImages_v2.0.50727_32\wsdl\47d1fa1ebab9e36daf5477abe9307244\wsdl.ni.exe
+ 2012-08-21 03:03 . 2012-08-21 03:03 634368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\ca161c46a750350d2620e064f369acdf\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2012-08-21 03:02 . 2012-08-21 03:02 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\febfa58603f0df4ba70ae8e1ec84d61d\WindowsLive.Writer.BrowserControl.ni.dll
+ 2012-08-21 03:02 . 2012-08-21 03:02 780800 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f5df32eefe38ac66e9d2bd7a0309fa78\WindowsLive.Writer.Controls.ni.dll
+ 2012-08-21 03:02 . 2012-08-21 03:02 101376 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e63b0e9e188801a1e282245837a802b5\WindowsLive.Writer.Api.ni.dll
+ 2012-08-21 03:03 . 2012-08-21 03:03 891392 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\dd774397bb5dc356399d847e189088a4\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2012-08-21 03:02 . 2012-08-21 03:02 313856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c5970d2199e6016ddafeec0ccf7b9afa\WindowsLive.Writer.Interop.SHDocVw.ni.dll
+ 2012-08-21 03:03 . 2012-08-21 03:03 326144 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c3695871b185bf711829e5d63a59c019\WindowsLive.Writer.SpellChecker.ni.dll
+ 2012-08-21 03:02 . 2012-08-21 03:02 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a73b50558f1879d54ba9df0df0765b50\WindowsLive.Writer.Mshtml.ni.dll
+ 2012-08-21 03:03 . 2012-08-21 03:03 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a4279ac8d22368085fec9e10256a1e98\WindowsLive.Writer.FileDestinations.ni.dll
+ 2012-08-21 03:03 . 2012-08-21 03:03 871424 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\9d2b920238886ec30ef5b41344ab01fd\WindowsLive.Writer.BlogClient.ni.dll
+ 2012-08-21 03:02 . 2012-08-21 03:02 146432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\97763898ce6593a6f27595d1462f68b3\WindowsLive.Writer.Instrumentation.ni.dll
+ 2012-08-21 03:02 . 2012-08-21 03:02 665600 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7f3c08c27b40b1ec03d4d0d1c3bd92c4\WindowsLive.Writer.Interop.ni.dll
+ 2012-08-21 03:02 . 2012-08-21 03:02 156672 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\695f70ca64a3d650b89a527388a11c1c\WindowsLive.Writer.HtmlParser.ni.dll
+ 2012-08-21 03:02 . 2012-08-21 03:02 374272 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\2a0c92adceb46b75ec3f1fcea126ef13\WindowsLive.Writer.Interop.Mshtml.ni.dll
+ 2012-08-21 03:03 . 2012-08-21 03:03 122368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\293c3d968238164f7be11dbc38ba3d75\WindowsLive.Writer.Extensibility.ni.dll
+ 2012-08-21 03:03 . 2012-08-21 03:03 223232 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\83355267db25bf8816a142c5290ad976\WindowsLive.Client.ni.dll
+ 2012-08-21 03:14 . 2012-08-21 03:14 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\30b1d86571495ea86b9a19b13498aad3\WindowsFormsIntegration.ni.dll
+ 2012-08-21 03:05 . 2012-08-21 03:05 452096 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\eca4310274a7a6ce651b33cd4278610c\UIAutomationClient.ni.dll
+ 2012-08-21 03:12 . 2012-08-21 03:12 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\165d0873203da280298bfcfa50567a0b\System.Web.Routing.ni.dll
+ 2012-08-21 03:13 . 2012-08-21 03:13 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\0b5071ee1d40266575a7ac53b9b299d4\System.Web.Extensions.Design.ni.dll
+ 2012-08-21 03:12 . 2012-08-21 03:12 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\9a3ab1594cf5cd52f0794b0a93a14b57\System.Web.Entity.ni.dll
+ 2012-08-21 03:12 . 2012-08-21 03:12 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\a63e76cc86c8958f0f3e9741c0d89f14\System.Web.Entity.Design.ni.dll
+ 2012-08-21 03:12 . 2012-08-21 03:12 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\a16dd65d2bfab6a019ac8a05337a5c24\System.Web.DynamicData.ni.dll
+ 2012-08-21 03:11 . 2012-08-21 03:11 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\3112fe15b1994ff59b169cf7ce997e71\System.Web.Abstractions.ni.dll
+ 2012-08-21 03:12 . 2012-08-21 03:12 624128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\964a515210f3bad01949e9ae4f83c7b2\System.Net.ni.dll
+ 2012-08-21 03:12 . 2012-08-21 03:12 330240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\17e443d6c643b83137beb310adee3c48\System.Management.Instrumentation.ni.dll
+ 2012-08-21 03:11 . 2012-08-21 03:11 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\19837bdc62b7667aba81364142e3565a\System.IO.Log.ni.dll
+ 2012-08-21 03:11 . 2012-08-21 03:11 888320 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\bcad898b90aee666da2f81b0a87a91ee\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-08-21 03:11 . 2012-08-21 03:11 462336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\5d0f494f1be2367fb0a634956f719965\System.Data.Services.Design.ni.dll
+ 2012-08-21 03:09 . 2012-08-21 03:09 763392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\32088676b4c08d192aae910cac1dade4\System.Data.Entity.Design.ni.dll
+ 2012-08-21 03:09 . 2012-08-21 03:09 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\eae18653a1b39fe484b49963d43480ce\System.Data.DataSetExtensions.ni.dll
+ 2012-08-21 03:12 . 2012-08-21 03:12 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\8abe9d895b3e9efe741b9162cb9206fc\sysglobl.ni.dll
+ 2012-08-21 02:59 . 2012-08-21 02:59 925696 c:\windows\assembly\NativeImages_v2.0.50727_32\SqlMetal\d27498bd651690e29a7cf400e9b01f90\SqlMetal.ni.exe
+ 2012-08-21 03:08 . 2012-08-21 03:08 723456 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\f64692e58aa1a7116024bf3c3cbd1352\napsnap.ni.dll
+ 2012-08-21 03:08 . 2012-08-21 03:08 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\6a657f2f518f97b282702fce20033459\napinit.ni.dll
+ 2012-08-21 03:08 . 2012-08-21 03:08 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\af28543d9b3e7d9f110448ecce53cd72\MSBuild.ni.exe
+ 2012-08-21 03:08 . 2012-08-21 03:08 531968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\ee28a075665b6bc23b6dae56903d431d\Microsoft.WSMan.Management.ni.dll
+ 2012-08-21 03:07 . 2012-08-21 03:07 373248 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\f5cbdc820976d0e435439b19d0d0575f\Microsoft.VisualStudio.Shell.Interop.8.0.ni.dll
+ 2012-08-21 03:07 . 2012-08-21 03:07 163840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\a68a5305571941382cf6106581a46b01\Microsoft.VisualStudio.Shell.Interop.10.0.ni.dll
+ 2012-08-21 03:07 . 2012-08-21 03:07 306176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\0d056c40e45d4a09bda08a18b6945c1e\Microsoft.VisualStudio.OLE.Interop.ni.dll
+ 2012-08-21 03:06 . 2012-08-21 03:06 485888 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\ddb92362c92d9af5944d7a393e485aac\Microsoft.SqlServer.Msxml6_interop.ni.dll
+ 2012-08-21 03:06 . 2012-08-21 03:06 127488 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\cff78220369cc9b93451dda92a6fde6d\Microsoft.SqlServer.DTSPipelineWrap.ni.dll
+ 2012-08-21 03:01 . 2012-08-21 03:01 100352 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\ce7abeb2fbc3dd0e8acc036b937d232d\Microsoft.SqlServer.Management.PSSnapins.ni.dll
+ 2012-08-21 03:00 . 2012-08-21 03:00 272896 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\bf09e9ce13fe7b8c1a3ea995cdcd26ce\Microsoft.SqlServer.ConnectionInfo.ni.dll
+ 2012-08-21 03:06 . 2012-08-21 03:06 128000 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\8f3eb9db504bced6f24abd11768539c8\Microsoft.SqlServer.RegSvrEnum.ni.dll
+ 2012-08-21 03:01 . 2012-08-21 03:01 640000 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\89adf953c013086a30bf4504cb5b2490\Microsoft.SqlServer.BatchParser.ni.dll
+ 2012-08-21 03:01 . 2012-08-21 03:01 205824 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\83b36b270625d65cddd33b4e73022c20\Microsoft.SqlServer.Management.RegisteredServers.ni.dll
+ 2012-08-21 03:06 . 2012-08-21 03:06 415232 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\7687caba17dc44e6bafa4ef8b28474e8\Microsoft.SqlServer.MaintenancePlanTasks.ni.dll
+ 2012-08-21 03:01 . 2012-08-21 03:01 252416 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\72640b078776e2f36d5cbb87d20c5b71\Microsoft.SqlServer.SqlWmiManagement.ni.dll
+ 2012-08-21 03:00 . 2012-08-21 03:00 532480 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\6b9e53308f5248b9f118b170b578587f\Microsoft.SqlServer.Diagnostics.STrace.ni.dll
+ 2012-08-21 03:06 . 2012-08-21 03:06 157184 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\5c04bc47ccb0b7e4d28c38227f4954cd\Microsoft.SqlServer.DtsMsg.ni.dll
+ 2012-08-21 03:02 . 2012-08-21 03:02 674304 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\4cb2db73024548156cf2715f31c25de7\Microsoft.SqlServer.Management.Controls.ni.dll
+ 2012-08-21 03:05 . 2012-08-21 03:05 190464 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\3ea62b382c129e224b9b2d429a1a8948\Microsoft.SqlServer.Management.MultiServerConnection.ni.dll
+ 2012-08-21 03:07 . 2012-08-21 03:07 346624 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\36c4efbde45cc75d80c190d689882c56\Microsoft.SqlServer.TransferObjectsTask.ni.dll
+ 2012-08-21 03:05 . 2012-08-21 03:05 137728 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\316fac556410e549baa631bb7dfd5c63\Microsoft.SqlServer.ConnectionInfoExtended.ni.dll
+ 2012-08-21 03:05 . 2012-08-21 03:05 532480 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\2ef3352868f91e4fdc4177adb0b3087f\Microsoft.SqlServer.GridControl.ni.dll
+ 2012-08-21 03:01 . 2012-08-21 03:01 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\2652357f36e604f6ae2bf81e8615da1c\Microsoft.SqlServer.Management.PSProvider.ni.dll
+ 2012-08-21 03:05 . 2012-08-21 03:05 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\215e27cfe384a0578f0611964d5b9d00\Microsoft.SqlServer.DataStorage.ni.dll
+ 2012-08-21 03:00 . 2012-08-21 03:00 166912 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\1e4a0d2260fbf527e190a366d0bb05af\Microsoft.SqlServer.Management.SmoMetadataProvider.ni.dll
+ 2012-08-21 03:06 . 2012-08-21 03:06 404992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\1b29ee453273e60464daac7b8d2951b3\Microsoft.SqlServer.SmoExtended.ni.dll
+ 2012-08-21 03:06 . 2012-08-21 03:06 601088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\026205dbc861b4b372693ed3f33aa650\Microsoft.SqlServer.ManagedDTS.ni.dll
+ 2012-08-21 03:05 . 2012-08-21 03:05 729088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\e998eeb1548ffd53b39dcde50d196ab7\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2012-08-21 03:01 . 2012-08-21 03:01 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\b1c511d8fad78ad3c5213b2b4fb02b8b\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2012-08-21 03:01 . 2012-08-21 03:01 786432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\8df695fb80187f65208d87229e81e8a2\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2012-08-21 03:01 . 2012-08-21 03:01 167424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\8ce205027e30804d1b2deaffa0582735\Microsoft.PowerShell.Security.ni.dll
+ 2012-08-21 03:04 . 2012-08-21 03:04 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\4f68cd04686e5dc5a55070d112d44bdf\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2012-08-21 03:02 . 2012-08-21 03:02 233472 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Exception#\6026ebd4529be94de71d1ca1c24ffbb1\Microsoft.ExceptionMessageBox.ni.dll
+ 2012-08-21 03:04 . 2012-08-21 03:04 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\dfb5532e4cf07b7324280988a3e1cca4\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-08-21 03:04 . 2012-08-21 03:04 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\30f8865f88bb953486fd20650b54177c\Microsoft.Build.Utilities.ni.dll
+ 2012-08-21 03:04 . 2012-08-21 03:04 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\14afe54e24cf09fe6c371fc47cfabf0e\Microsoft.Build.Engine.ni.dll
+ 2012-08-21 03:03 . 2012-08-21 03:03 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\942c10614a6f8c8a22d1f74e217a11d6\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-08-21 03:06 . 2012-08-21 03:06 511488 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.AnalysisS#\d4b471aeac40af91d40a31937077b114\Microsoft.AnalysisServices.Xmla.ni.dll
+ 2012-08-21 02:59 . 2012-08-21 02:59 169472 c:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\382afe78186619eb1ca851b09a15abe8\IsdiInterop.ni.dll
+ 2012-08-21 02:59 . 2012-08-21 02:59 475648 c:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\f7989bb2b5e070b6999502757f12b3fd\IAStorUtil.ni.dll
+ 2012-08-21 02:59 . 2012-08-21 02:59 219136 c:\windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgr\b750a45528393b8a809a32b16aae87ea\IAStorDataMgr.ni.dll
+ 2012-08-21 02:58 . 2012-08-21 02:58 276480 c:\windows\assembly\NativeImages_v2.0.50727_32\EnvDTE80\ba33ab5fc985b6019a0179f8ed056a68\EnvDTE80.ni.dll
+ 2012-08-21 02:58 . 2012-08-21 02:58 573440 c:\windows\assembly\NativeImages_v2.0.50727_32\EnvDTE\a9b055b8c27362efe593d6966ab9ee1b\EnvDTE.ni.dll
+ 2012-08-21 03:03 . 2012-08-21 03:03 161280 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiExtens\7b6de29c99674df526ccf9d4937828fe\ehiExtens.ni.dll
+ 2012-08-21 03:03 . 2012-08-21 03:03 254464 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\c899de3549784161aa66610d5735e4f0\ehExtHost32.ni.exe
+ 2012-08-21 03:03 . 2012-08-21 03:03 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\bf7e7494e75e32979c7824a07570a8a9\CustomMarshalers.ni.dll
+ 2009-07-14 04:45 . 2012-08-21 07:23 7174117 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-08-21 02:00 7174117 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-04-16 10:02 . 2012-08-21 17:42 2116936 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-03-17 01:47 . 2012-08-21 17:42 2814324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1358358883-2722712185-3082351182-1001-8192.dat
+ 2012-08-21 03:02 . 2012-08-21 03:02 1285632 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\fe2e706ffaa2850e1e7dee0418c30222\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2012-08-21 03:02 . 2012-08-21 03:02 1346560 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d3f44930f03c4b5701b3af253df8ea3a\WindowsLive.Writer.Localization.ni.dll
+ 2012-08-21 03:02 . 2012-08-21 03:02 2193408 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c6f8f3dd590f96bd9d70c982f0841a35\WindowsLive.Writer.CoreServices.ni.dll
+ 2012-08-21 03:02 . 2012-08-21 03:02 7026176 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5ffaaf4ee1ef158c7b1a620c09be7c95\WindowsLive.Writer.PostEditor.ni.dll
+ 2012-08-21 03:13 . 2012-08-21 03:13 1047552 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\56780b4bd164787631d4317d0556c3c0\UIAutomationClientsideProviders.ni.dll
+ 2012-08-21 03:13 . 2012-08-21 03:13 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\f0f10d0591d11a36ee2aa8ee2fbdb2bf\System.WorkflowServices.ni.dll
+ 2012-08-21 03:13 . 2012-08-21 03:13 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\9abec9ee3dab00d67b395d1994a60776\System.Web.Mobile.ni.dll
+ 2012-08-21 03:11 . 2012-08-21 03:11 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\70823ac0d6e6631a11d443bf38987cc9\System.Web.Extensions.ni.dll
+ 2012-08-21 03:12 . 2012-08-21 03:12 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\6935e1dad6ec5de21658f8d38999099a\System.Speech.ni.dll
+ 2012-08-21 03:11 . 2012-08-21 03:11 1707008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\4782a5d2bc7d86895faf404a3470aacb\System.ServiceModel.Web.ni.dll
+ 2012-08-21 03:01 . 2012-08-21 03:01 8872960 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\4436815b432c313255af322f4ec3560d\System.Management.Automation.ni.dll
+ 2012-08-21 03:10 . 2012-08-21 03:10 2029568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\c335a6ef5339fa917518475c286c8ca4\System.Data.Services.ni.dll
+ 2012-08-21 03:11 . 2012-08-21 03:11 1378816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\a933cd1241698e4d13d80c8cb31d7055\System.Data.Services.Client.ni.dll
+ 2012-08-21 03:09 . 2012-08-21 03:09 9921536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\a5947a9c77b884b9e06c54f38ff3c4d7\System.Data.Entity.ni.dll
+ 2012-08-21 03:08 . 2012-08-21 03:08 1451520 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\37f8f1a507d353670abc6d151e34ad3a\PresentationBuildTasks.ni.dll
+ 2012-08-21 03:08 . 2012-08-21 03:08 2623488 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\0bae62c3fc6c327ed24989263988173d\Narrator.ni.exe
+ 2012-08-21 03:08 . 2012-08-21 03:08 1545216 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\6d4bacfd54e8f79763945bee5a50711d\MMCEx.ni.dll
+ 2012-08-21 03:07 . 2012-08-21 03:07 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll
+ 2012-08-21 03:00 . 2012-08-21 03:00 1391104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\fee538f0d2c286ab6593547993ccc90e\Microsoft.SqlServer.Management.Sdk.Sfc.ni.dll
+ 2012-08-21 03:00 . 2012-08-21 03:00 6711296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\a7397049e421991c9cd416af73ff64b2\Microsoft.SqlServer.Smo.ni.dll
+ 2012-08-21 03:00 . 2012-08-21 03:00 3477504 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\9a0cfe41e21d27d3693a0083d0347bab\Microsoft.SqlServer.Replication.ni.dll
+ 2012-08-21 03:00 . 2012-08-21 03:00 1281536 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\582b9ba4ac8fd4a6c90059bb724fcd0f\Microsoft.SqlServer.Dmf.ni.dll
+ 2012-08-21 03:00 . 2012-08-21 03:00 1575424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\1630238c532fe66a3d8958ca54bb2e37\Microsoft.SqlServer.SqlEnum.ni.dll
+ 2012-08-21 03:05 . 2012-08-21 03:05 3724288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\6cc1334749f85cce651642f0a8260892\Microsoft.PowerShell.Editor.ni.dll
+ 2012-08-21 03:01 . 2012-08-21 03:01 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\3008a05e2928e2c1d856cc34e0422c17\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-08-21 03:05 . 2012-08-21 03:05 1704960 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\2ba6bf6e9258afde91ab81fad2d37469\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2012-08-21 03:04 . 2012-08-21 03:04 1361408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\b0d0daea6a1d9a111a0f33a9a868bcf7\Microsoft.Ink.ni.dll
+ 2012-08-21 03:04 . 2012-08-21 03:04 1970176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\d7245402b9853a8e390552ba45b3a6b4\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-08-21 03:04 . 2012-08-21 03:04 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\880a680b2160130c8cf858a7d2a9067d\Microsoft.Build.Tasks.ni.dll
+ 2012-08-21 03:03 . 2012-08-21 03:03 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\e4031bd0b7706fd0a686e9bb6353aa2a\Microsoft.Build.Engine.ni.dll
+ 2012-08-21 03:03 . 2012-08-21 03:03 2950144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.AnalysisS#\584d40de82314eac4e299cb015462fee\Microsoft.AnalysisServices.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-21 39408]
"OpenDNS Updater"="c:\program files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680]
"DelayShred"="c:\progra~1\mcafee\mqs\ShrCL.EXE" [2012-03-23 129184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-19 487562]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-27 336384]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"cwcptray"="c:\program files (x86)\ContentWatch\Internet Protection\cwtray.exe" [2012-02-25 676416]
"CWPhoenixApp"="c:\program files (x86)\ContentWatch\Internet Protection\Updater\Phoenix.exe" [2012-02-25 2387008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-15 559616]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 0277271345726634mcinstcleanup;McAfee Application Installer Cleanup (0277271345726634);c:\windows\TEMP\027727~1.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2010-11-16 141192]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-21 136176]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2010-11-03 1298496]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-21 136176]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2010-08-30 220528]
R3 mfeavfk01;McAfee Inc.;Device\mfeavfk01.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 250984]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-21 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-27 203776]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-11-03 897088]
S2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe [2012-07-31 67584]
S2 CwAltaService20;ContentWatch;c:\program files (x86)\ContentWatch\Internet Protection\cwsvc.exe [2012-02-25 3074624]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-01-27 8283136]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-01-27 295424]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2010-11-04 58128]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2010-10-19 274432]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 175168]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2010-11-04 59904]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-01-08 12262688]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-09-21 56344]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-12-21 8505856]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-10-26 406632]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk02
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1358358883-2722712185-3082351182-1003Core.job
- c:\users\Undead Munlcee_2\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-09 13:58]
.
2012-08-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1358358883-2722712185-3082351182-1003UA.job
- c:\users\Undead Munlcee_2\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-09 13:58]
.
2012-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-21 00:46]
.
2012-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-21 00:46]
.
2012-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1358358883-2722712185-3082351182-1001Core.job
- c:\users\Undead Munlcee\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-23 00:46]
.
2012-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1358358883-2722712185-3082351182-1001UA.job
- c:\users\Undead Munlcee\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-23 00:46]
.
2012-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1358358883-2722712185-3082351182-1003Core.job
- c:\users\Undead Munlcee_2\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-28 00:46]
.
2012-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1358358883-2722712185-3082351182-1003UA.job
- c:\users\Undead Munlcee_2\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-28 00:46]
.
2012-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1358358883-2722712185-3082351182-1010Core.job
- c:\users\Teagan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-07 04:40]
.
2012-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1358358883-2722712185-3082351182-1010UA.job
- c:\users\Teagan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-07 04:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-08 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-08 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-08 418328]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-01-05 592240]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2010-11-03 10228224]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-01-25 1802472]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\cwalsp.dll
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{3F0342A8-86ED-4B2E-9015-80BC932B4A71}: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{3F0342A8-86ED-4B2E-9015-80BC932B4A71}\7456963796E6765627027457563747: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{3F0342A8-86ED-4B2E-9015-80BC932B4A71}\C4163516C6C6567457563747: NameServer = 208.67.222.222,208.67.220.220
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-23 09:26:03
ComboFix-quarantined-files.txt 2012-08-23 13:26
ComboFix2.txt 2012-08-21 02:32
ComboFix3.txt 2012-08-18 19:47
ComboFix4.txt 2012-08-18 18:59
.
Pre-Run: 376,402,784,256 bytes free
Post-Run: 376,186,146,816 bytes free
.
- - End Of File - - 450D411EE3EB042218FF4CA092875CEE

#7 rstaud1

rstaud1
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 23 August 2012 - 09:00 AM

Gringo,

After Illegal message appeared and combo had run I restarted computer. noted that IE was still shadowed. Then disabled mcafee again, and turned off wireless. placed TDSSkiller on desktop and ran it. When completed, clicked on report, I can view and highlight but I can not copy or print it. no dialogue box appears when you right click unhighlighted or highlighted portions of log. no other commands are evident. scan was 29 seconds, 484 objects processed under details they are all shown as OK, 0 threats found/neutralized/quarantined, plan to run aswMBR in a sec I have to sit with client and will let you know in a little while.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:45 PM

Posted 23 August 2012 - 10:14 AM

No problem and I will be around for a while



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 rstaud1

rstaud1
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 23 August 2012 - 10:50 AM

Gringo

With mcafee active scan off I loaded aswMBR updated virus definitions and ran scan. Here is log. Again thnk you for taking time to review this problem for me.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-23 10:59:14
-----------------------------
10:59:14.657 OS Version: Windows x64 6.1.7601 Service Pack 1
10:59:14.657 Number of processors: 4 586 0x2A07
10:59:14.658 ComputerName: UNDEADMUNLCEE UserName:
10:59:16.123 Initialize success
11:04:38.941 AVAST engine defs: 12082300
11:27:05.575 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:27:05.581 Disk 0 Vendor: ST950032 D005 Size: 476940MB BusType: 3
11:27:05.604 Disk 0 MBR read successfully
11:27:05.610 Disk 0 MBR scan
11:27:05.618 Disk 0 Windows 7 default MBR code
11:27:05.636 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048
11:27:05.646 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 206848
11:27:05.670 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461838 MB offset 30926848
11:27:05.695 Disk 0 scanning C:\Windows\system32\drivers
11:27:20.892 Service scanning
11:27:58.168 Modules scanning
11:27:58.186 Disk 0 trace - called modules:
11:27:58.216 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
11:27:58.549 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a89060]
11:27:58.562 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> [0xfffffa8004406950]
11:27:58.574 5 ACPI.sys[fffff88000f857a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800440a050]
11:28:00.167 AVAST engine scan C:\Windows
11:28:04.612 AVAST engine scan C:\Windows\system32
11:32:42.119 AVAST engine scan C:\Windows\system32\drivers
11:33:01.874 AVAST engine scan C:\Users\Undead Munlcee
11:39:05.176 AVAST engine scan C:\ProgramData
11:41:54.233 Scan finished successfully
11:48:54.369 Disk 0 MBR has been saved successfully to "D:\MBR.dat"
11:48:55.007 The log file has been saved successfully to "D:\aswMBR log.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:45 PM

Posted 23 August 2012 - 11:15 AM

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 rstaud1

rstaud1
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 23 August 2012 - 03:18 PM

system is asking me to do 7 important updates. 1 Micro office validation, 5 security updates for microsoft.NET framework 3.5.1, 1 micro visual studios update...Go Ahead and update before rogue killer? Also should I continue to disable mcafee each time I run these utilites/anti-virus programs/roguekiller?

#12 rstaud1

rstaud1
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 23 August 2012 - 03:40 PM

I have been doing all of the scans so far as administrator. I signed in as my son and received a pop up that looks sketchy at best....
heading is... ARO 2011 ...

body of pop reads....Reminder Faster startup,fewer errors and a cleaner system may be just a click away. 4 registry errors and tweaks remained on your system after the last scan. Buy Now to fix any that remain or learn how to fix them for free....

this is followed by three buttons... (keep these errors) (fix them free) (buy now) buy now is highlighted....

post script is noted ....To remove ARO 2011 without fixing errors, please click here........

I did nothing and I signed off this user

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:45 PM

Posted 24 August 2012 - 12:11 AM

hold off on the updates and run RogueKiller on the infected account


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 rstaud1

rstaud1
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 24 August 2012 - 07:56 AM

Gringo

Sorry I have been unable to oversee this more continuously. I sincerely appreciate your attentiveness to this problem.

Updates loaded overnight....I thought I had exited and it would await a command to go ahead but it updated and rebooted. loading roguekiller today to my sons user account rather than as administrator...
Two questions.
There are three user accounts, Admin, son and daughter should I run roguekiller on all three?

and

Should I continue to disable mcafee...I am assuming yes.

#15 rstaud1

rstaud1
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 24 August 2012 - 08:12 AM

ran roguekiller as son's user account. FYI the AOR 2011 pop up is still there. The scan resulted in two items being identified I have done nothing about them at this point.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users