Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ComboFix is deleted immediately upon download


  • This topic is locked This topic is locked
25 replies to this topic

#1 crusty1954

crusty1954

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 16 July 2014 - 05:30 PM

AI have a Dell L502 laptop, Win7/64, w/McAffe A/V/Firelwall.  

 

Symptoms:

1) As soon as Combofix is finished downloading it is deleted.  If I copy it from an email (sent from my wife's machine), it is also deleted as soon as the attachment finishes downloading.  I can download it from the email attachment as a zip file, but as soon as it is extracted it is deleted.  I have a copy on CD but my computer will not allow me to copy it to C:\ComboFix folder; I get an error dialog stating that the CD is "Read Only"....?

2) The HD is showing signs of being R/W a lot, computer is slow, slow to boot.

3) As the computer nears boot completion at the Win7 Desktop, a Dialog/Script window flashes momentarily but is blank.  After installing a WD Ext HD to do a backup, upon post Driver/SW Install reboot a dailog appeared with teh message "DSD_5512" (not responding) in the top banner, the dialog message area was blank.

 

I ran Malwarebytes (Free Trial), Spybot and Rkill in both Safe mode and normal.  All did not find anything, but there were times where Malwarebytes and Spybot appeared to "hang/get stuck", but eventually completed.

Malwarebytes quit before finishing on the 2nd run.

 

I ran ComboFix in both Safe Mode and Normal from the CD, total time about 14 mins.  It spent about 1-2 minutes at each of Stage 2, 3, 4, 5 and 32.  Nothing in the Quarantine file appears to be of any significance...to me.

 

I will attach the ComboFix Logs and the DDS Attach.txt files.

 

Thanks in advance

Crusty1954 (aka Alan)

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17207  BrowserJavaVersion: 10.25.2
Run by Crusty at 18:06:08 on 2014-07-16
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8086.4425 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Crusty\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
C:\Users\Crusty\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Crusty\AppData\Local\Autobahn\nexdef.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\splwow64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
uRun: [PCShowServer] "C:\Users\Crusty\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe"
uRun: [DellSystemDetect] C:\Users\Crusty\AppData\Local\Apps\2.0\E246BOXT.WPC\A2Q8G4HY.2Z9\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
mRun: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
mRun: [DriveUtilitiesHelper] C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
dRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
dRunOnce: [{91140000-0011-0000-0000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
StartupFolder: C:\Users\Crusty\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\NEXDEF~1.LNK - C:\Users\Crusty\AppData\Local\Autobahn\nexdef.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
Trusted Zone: dell.com
DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} - hxxp://192.168.1.116:8091/codebase/DVM_IPCam2.ocx
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{812B22EA-BE46-48DA-B85A-B6F79BEC6F03} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{812B22EA-BE46-48DA-B85A-B6F79BEC6F03}\2375942554630393 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{812B22EA-BE46-48DA-B85A-B6F79BEC6F03}\2375942554630393F5548545 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{812B22EA-BE46-48DA-B85A-B6F79BEC6F03}\2427569647C696E6760275966496 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{812B22EA-BE46-48DA-B85A-B6F79BEC6F03}\2656C6B696E6E2169383E2765756374737 : DHCPNameServer = 192.168.169.1
TCP: Interfaces\{812B22EA-BE46-48DA-B85A-B6F79BEC6F03}\84962696373657370284F6573756 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{EBF11D00-C63F-4AC4-A12A-1C6E0D3860F7} : DHCPNameServer = 192.168.1.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [NVHotkey] rundll32.exe C:\Windows\System32\nvHotkey.dll,Start
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [IntelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-10-5 14456]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-6-22 784760]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-6-22 346760]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-8-31 28992]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2012-9-4 21616]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [2014-4-13 62168]
R1 nvkflt;nvkflt;C:\Windows\System32\drivers\nvkflt.sys [2012-8-31 249152]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-8-31 98208]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-9-15 1166848]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
R2 cpextender;Check Point SSL Network Extender;C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe [2011-4-12 353800]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-10-10 328928]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-11 201304]
R2 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2013-10-10 178528]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-10-10 328928]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-10-10 328928]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-10-10 328928]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-10-10 328928]
R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2013-10-10 1041192]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-9-4 219752]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-9-4 189912]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 133928]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2012-8-31 27760]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-9-15 299008]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-11-15 327168]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2012-9-4 70592]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-12-9 60416]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-8-31 317440]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2012-8-9 25528]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-9-4 311856]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2012-9-4 522360]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2014-3-18 441264]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-8-31 95744]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-8-31 212992]
R3 qicflt;upper Device Filter Driver;C:\Windows\System32\drivers\qicflt.sys [2012-8-31 29288]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-8-31 428136]
R3 VNA;Check Point Virtual Network Adapter;C:\Windows\System32\drivers\vna.sys [2011-4-12 161256]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2011-5-17 42392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-9-15 299008]
S3 DIRECTIO;DIRECTIO;C:\Program Files\PerformanceTest\DirectIo64.sys [2014-2-3 25704]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2014-4-22 197704]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-7-8 111616]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2012-8-9 35256]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2012-8-31 174168]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-9-5 25816]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-7-4 63704]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-4-9 289256]
S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2014-3-18 96592]
S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-21 168448]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\System32\drivers\nvstusb.sys [2012-8-31 291648]
S3 SynthVid;SynthVid;C:\Windows\System32\drivers\VMBusVideoM.sys [2010-11-21 22528]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2012-9-19 14464]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S3 XHCIPort;USB-IF xHCI USB Host Controller;C:\Windows\System32\drivers\xHCIPort.sys [2012-8-9 188384]
S4 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2013-6-13 1236336]
S4 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2012-12-27 166400]
S4 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2012-12-27 128512]
S4 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2014-6-9 435032]
S4 MbaeSvc;Malwarebytes Anti-Exploit Service;C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [2014-4-13 319288]
S4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-7-4 1809720]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-7-4 860472]
.
=============== Created Last 30 ================
.
2014-07-16 14:06:29 -------- d-----w- C:\Users\Crusty\AppData\Local\Western Digital
2014-07-16 14:06:22 -------- d-----w- C:\Users\Crusty\AppData\Local\Western_Digital_Technolog
2014-07-16 13:50:54 -------- d-----w- C:\Program Files\Western Digital
2014-07-16 13:50:54 -------- d-----w- C:\Program Files\Common Files\Western Digital
2014-07-16 13:48:47 -------- d-----w- C:\Program Files (x86)\Common Files\Western Digital
2014-07-16 05:42:34 10924376 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3B02E2A1-A85D-46D3-A3FA-1ED6A5F70CA4}\mpengine.dll
2014-07-15 20:55:07 -------- d-----w- C:\Users\Crusty\AppData\Roaming\Dell
2014-07-15 20:54:56 -------- d-----w- C:\ProgramData\PCDr
2014-07-15 20:54:56 -------- d-----w- C:\ProgramData\PC-Doctor for Windows
2014-07-15 20:54:55 -------- d-----w- C:\Program Files\Dell Support Center
2014-07-15 20:54:20 -------- d-----w- C:\Program Files\My Dell
2014-07-15 20:52:36 -------- d-----w- C:\Users\Crusty\AppData\Roaming\PCDr
2014-07-15 20:52:30 -------- d-----w- C:\temp
2014-07-15 20:06:53 -------- d-sh--w- C:\$RECYCLE.BIN
2014-07-15 07:49:22 10924376 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-07-11 07:49:18 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CDF2DB6C-8EAE-4DC7-9A1E-E5DF35BB1DB0}\gapaengine.dll
2014-07-05 03:04:43 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-07-05 03:03:58 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-07-05 03:03:58 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-23 02:15:10 -------- d-----w- C:\Users\Crusty\AppData\Roaming\PortForward.com
2014-06-23 02:15:06 -------- d-----w- C:\Program Files (x86)\Portforward.com
.
==================== Find3M  ====================
.
2014-06-30 02:09:33 519168 ----a-w- C:\Windows\System32\aepdu.dll
2014-06-30 02:04:49 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-06-19 01:06:55 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-06-19 01:06:24 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-06-19 00:42:57 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-06-19 00:42:49 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-06-19 00:41:52 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-06-19 00:41:16 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-06-19 00:24:30 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-06-19 00:24:12 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-06-19 00:23:53 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-06-19 00:14:28 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-06-18 23:59:04 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-06-18 23:56:37 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-06-18 23:51:38 5721088 ----a-w- C:\Windows\System32\jscript9.dll
2014-06-18 23:38:40 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-06-18 23:37:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-06-18 23:36:35 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-06-18 23:35:55 62464 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-06-18 23:27:45 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-06-18 23:27:07 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-06-18 23:23:27 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-06-18 23:22:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-06-18 23:06:10 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-06-18 22:58:27 2266112 ----a-w- C:\Windows\System32\wininet.dll
2014-06-18 22:52:18 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-06-18 22:46:23 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-06-18 22:45:59 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-06-18 22:13:59 1791488 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-06-18 01:10:36 3157504 ----a-w- C:\Windows\System32\win32k.sys
2014-06-06 10:10:34 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-06-06 09:44:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-06-05 14:45:15 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-06-05 14:26:58 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-06-05 14:25:49 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-05-30 06:45:52 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2014-05-12 11:26:00 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-05-12 11:25:56 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-05-08 13:33:24 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-08 13:33:24 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-04-25 02:34:59 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-04-25 02:06:17 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2001-01-28 03:10:36 60928 --sha-w- C:\Windows\SysWOW64\ntport.dll
2001-01-23 04:23:36 6080 --sha-w- C:\Windows\SysWOW64\zntport.sys
.
============= FINISH: 18:07:25.94 ===============
 
 
 

 

 

 

 

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:40 AM

Posted 21 July 2014 - 10:33 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#3 crusty1954

crusty1954
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 21 July 2014 - 01:41 PM

Nasdaq,

 

First, let me thank you very much for your time.

 

I downloaded and ran both AdwCleaner and Farbar Recovery per your instructions; the logs are pasted below, Addition.txt is attached.

I did a "Fix" on AdwCleaner, but not on Farbar.

 

As a note, I have tried till I scream to stop Google, Skype (should be uninstalled), Adobe, etc., the usual non-compliant Apps, from running Auto Updates.  I have tried to stop them in MS Config Boot and Services to no avail.

 

As I did not see an Attach Button, I am pasting the Addition.txt to the bottom also.

 

Again, Thanks in Advance

Crusty1954 - aka Alan

 

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

AdwCleaner Log:

 

# AdwCleaner v3.216 - Report created 21/07/2014 at 13:59:13
# Updated 17/07/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Crusty - CRUSTYSPC
# Running from : C:\Users\Crusty\Desktop\adwcleaner_3.216.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\Toolbar Cleaner
Folder Deleted : C:\Users\Crusty\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\strongvaultapp_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\strongvaultapp_rasmancs
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
Key Deleted : HKLM\Software\Toolbar Cleaner
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17207
 
 
-\\ Google Chrome v35.0.1916.153
 
[ File : C:\Users\Crusty\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh
 
*************************
 
AdwCleaner[R0].txt - [1470 octets] - [06/10/2013 11:24:48]
AdwCleaner[R10].txt - [2633 octets] - [21/07/2014 13:52:36]
AdwCleaner[R1].txt - [900 octets] - [06/10/2013 11:34:57]
AdwCleaner[R2].txt - [1018 octets] - [06/10/2013 21:56:51]
AdwCleaner[R3].txt - [1139 octets] - [06/10/2013 22:08:07]
AdwCleaner[R4].txt - [1259 octets] - [07/10/2013 08:21:00]
AdwCleaner[R5].txt - [1379 octets] - [07/10/2013 14:39:28]
AdwCleaner[R6].txt - [1440 octets] - [07/10/2013 19:10:06]
AdwCleaner[R7].txt - [1500 octets] - [09/10/2013 07:00:13]
AdwCleaner[R8].txt - [1560 octets] - [09/10/2013 11:21:55]
AdwCleaner[R9].txt - [1620 octets] - [10/10/2013 07:26:06]
AdwCleaner[S0].txt - [1496 octets] - [06/10/2013 11:28:13]
AdwCleaner[S1].txt - [960 octets] - [06/10/2013 11:35:40]
AdwCleaner[S2].txt - [1080 octets] - [06/10/2013 21:59:30]
AdwCleaner[S3].txt - [1201 octets] - [06/10/2013 22:09:22]
AdwCleaner[S4].txt - [1321 octets] - [07/10/2013 08:21:22]
AdwCleaner[S5].txt - [2575 octets] - [21/07/2014 13:59:13]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [2635 octets] ##########
 
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
Farbar Log:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014
Ran by Crusty (administrator) on CRUSTYSPC on 21-07-2014 14:05:30
Running from C:\Users\Crusty\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Check Point Software Technologies) C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Software 2000 Limited) C:\Windows\System32\spool\drivers\x64\3\HP1006MC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(NDS Technologies) C:\Users\Crusty\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
(Dell) C:\Users\Crusty\AppData\Local\Apps\2.0\E246BOXT.WPC\A2Q8G4HY.2Z9\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
() C:\Users\Crusty\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
() C:\Users\Crusty\AppData\Local\Autobahn\nexdef.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2531624 2010-12-17] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6611048 2011-02-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [NVHotkey] => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start 
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" 
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-09-15] (Intel® Corporation)
HKLM\...\Run: [IntelliType Pro] => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1464984 2012-10-12] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2075288 2012-10-12] (Microsoft Corporation)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5524336 2013-06-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694048 2014-05-23] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1852264 2014-05-23] (Western Digital Technologies, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [122200 2014-06-09] (Garmin Ltd or its subsidiaries)
HKU\.DEFAULT\...\RunOnce: [{91140000-0011-0000-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H 
HKU\.DEFAULT\...\Policies\Explorer: [NoFolderOptions] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-642430525-3971105479-3747859108-1000\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-642430525-3971105479-3747859108-1001\...\Run: [PCShowServer] => C:\Users\Crusty\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [1765744 2013-06-25] (NDS Technologies)
HKU\S-1-5-21-642430525-3971105479-3747859108-1001\...\Run: [DellSystemDetect] => C:\Users\Crusty\AppData\Local\Apps\2.0\E246BOXT.WPC\A2Q8G4HY.2Z9\dell..tion_0f612f649c4a10af_0005.00 (the data entry has 41 more characters).
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Crusty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk
ShortcutTarget: NexDef Plug-in.lnk -> C:\Users\Crusty\AppData\Local\Autobahn\nexdef.exe ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {6D038659-9948-48AA-A6E4-23BBB8A2CE22} URL = http://www.bing.com/search?q={searchTerms}&form=OSDSRC
SearchScopes: HKCU - {E711C045-D63A-4D32-A256-3C51EF4AA3CE} URL = http://search.yahoo.com/search?fr=mcafee&type=A011US105&p={SearchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
DPF: HKLM-x32 {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} http://192.168.1.116:8091/codebase/DVM_IPCam2.ocx
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @mcafee.com/MVT - C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @nds.com/PlayerPlugin - C:\Users\Crusty\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (DIRECTV)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Crusty\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Crusty\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: NDS.com/PlayerPlugin - C:\Users\Crusty\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (DIRECTV)
FF Plugin ProgramFiles/Appdata: C:\Users\Crusty\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-09-04]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2012-09-04]
 
Chrome: 
=======
CHR HomePage: 
CHR DefaultSearchKeyword: mcafee
CHR DefaultSearchProvider: McAfee
CHR DefaultNewTabURL: 
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Crusty\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Users\Crusty\AppData\Roaming\Mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee Virtual Technician) - C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll No File
CHR Plugin: (DIRECTV Player) - C:\Users\Crusty\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (DIRECTV)
CHR Plugin: (Google Update) - C:\Users\Crusty\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Crusty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-26]
CHR Extension: (Google Drive) - C:\Users\Crusty\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Crusty\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-31]
CHR Extension: (YouTube) - C:\Users\Crusty\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-26]
CHR Extension: (Google Cast) - C:\Users\Crusty\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2013-12-26]
CHR Extension: (No Name) - C:\Users\Crusty\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-02-22]
CHR Extension: (Adblock Plus) - C:\Users\Crusty\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-07-08]
CHR Extension: (Google Search) - C:\Users\Crusty\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-26]
CHR Extension: (DoNotTrackMe: Online Privacy Protection) - C:\Users\Crusty\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2014-04-17]
CHR Extension: (SiteAdvisor) - C:\Users\Crusty\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-02-08]
CHR Extension: (Google Wallet) - C:\Users\Crusty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-26]
CHR Extension: (Gmail) - C:\Users\Crusty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-26]
 
==================== Services (Whitelisted) =================
 
S4 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-06-13] (Lavasoft Limited)
R2 cpextender; C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe [353800 2011-04-12] (Check Point Software Technologies)
S4 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
S4 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [435032 2014-06-09] (Garmin Ltd or its subsidiaries)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S4 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [319288 2014-02-21] (Malwarebytes Corporation)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S4 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-03-18] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-04-03] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-04-03] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-15] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S4 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
S4 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-06-19] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-05-23] (Western Digital Technologies, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-04-03] (McAfee, Inc.)
S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [25704 2012-08-13] ()
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [62168 2014-02-21] ()
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-10-05] (GFI Software)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [177544 2014-04-03] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311856 2014-04-03] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-04-03] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [784760 2014-04-03] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [441264 2014-03-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-03-18] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [346760 2014-04-03] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [249152 2011-11-04] (NVIDIA Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 VNA; C:\Windows\System32\DRIVERS\vna.sys [161256 2011-04-12] (Check Point Software Technologies)
S3 XHCIPort; C:\Windows\System32\DRIVERS\XHCIPort.sys [188384 2012-08-09] (Windows ® Win 7 DDK provider)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [32792 2009-05-13] (X10 Wireless Technology, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-21 14:05 - 2014-07-21 14:10 - 00026052 _____ () C:\Users\Crusty\Desktop\FRST.txt
2014-07-21 14:04 - 2014-07-21 14:05 - 00000000 ____D () C:\FRST
2014-07-21 13:53 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-21 13:49 - 2014-07-21 13:49 - 02090496 _____ (Farbar) C:\Users\Crusty\Desktop\FRST64.exe
2014-07-21 13:47 - 2014-07-21 13:47 - 01354223 _____ () C:\Users\Crusty\Desktop\adwcleaner_3.216.exe
2014-07-16 18:08 - 2014-07-16 18:07 - 00027768 _____ () C:\Users\Crusty\Desktop\dds.txt
2014-07-16 18:08 - 2014-07-16 18:07 - 00023225 _____ () C:\Users\Crusty\Desktop\attach.txt
2014-07-16 17:08 - 2014-07-16 17:10 - 00000000 ____D () C:\Users\Crusty\Desktop\Retrieve
2014-07-16 10:10 - 2014-07-16 10:10 - 00000000 ____D () C:\Windows\System32\Tasks\Western Digital
2014-07-16 10:06 - 2014-07-16 10:06 - 00000000 ____D () C:\Users\Crusty\AppData\Local\Western_Digital_Technolog
2014-07-16 10:06 - 2014-07-16 10:06 - 00000000 ____D () C:\Users\Crusty\AppData\Local\Western Digital
2014-07-16 09:51 - 2014-07-21 14:02 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2014-07-16 09:51 - 2014-07-16 09:51 - 00001146 _____ () C:\Users\Public\Desktop\WD SmartWare.lnk
2014-07-16 09:50 - 2014-07-16 09:50 - 00000000 ____D () C:\Program Files\Western Digital
2014-07-16 09:50 - 2014-07-16 09:50 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2014-07-15 22:36 - 2014-07-20 03:00 - 00004005 _____ () C:\Users\Crusty\Downloads\CF.zip
2014-07-15 16:55 - 2014-07-15 16:57 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-07-15 16:55 - 2014-07-15 16:55 - 00000000 ____D () C:\Users\Crusty\AppData\Roaming\Dell
2014-07-15 16:54 - 2014-07-15 16:55 - 00000000 ____D () C:\ProgramData\PCDr
2014-07-15 16:54 - 2014-07-15 16:54 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2014-07-15 16:54 - 2014-07-15 16:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2014-07-15 16:54 - 2014-07-15 16:54 - 00000000 ____D () C:\Program Files\My Dell
2014-07-15 16:54 - 2014-07-15 16:54 - 00000000 ____D () C:\Program Files\Dell Support Center
2014-07-15 16:52 - 2014-07-15 17:01 - 00000000 ____D () C:\temp
2014-07-15 16:52 - 2014-07-15 16:52 - 00000000 ____D () C:\Users\Crusty\AppData\Roaming\PCDr
2014-07-15 16:06 - 2014-07-15 16:06 - 00025712 _____ () C:\ComboFix.txt
2014-07-15 10:56 - 2014-07-15 10:56 - 00368256 _____ (RegNow.com) C:\Users\Crusty\Downloads\Download_MaxSDDMnew.exe
2014-07-11 13:57 - 2014-07-11 13:57 - 00001872 _____ () C:\Users\Crusty\Downloads\Parrish, Bobbi.vcf
2014-07-08 20:20 - 2014-06-29 22:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-08 20:20 - 2014-06-29 22:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-08 20:20 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-08 20:20 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-08 20:20 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-08 20:20 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-08 20:20 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-08 20:20 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-08 20:20 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-08 20:20 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-08 20:20 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-08 20:20 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-08 20:20 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-08 20:20 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-08 20:20 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-08 20:20 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-08 20:20 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-08 20:20 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-08 20:20 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-08 20:20 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-08 20:20 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-08 20:20 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-08 20:20 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-08 20:20 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-08 20:20 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-08 20:20 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-08 20:20 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-08 20:20 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-08 20:20 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-08 20:20 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-08 20:20 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-08 20:20 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-08 20:20 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-08 20:20 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-08 20:20 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-08 20:20 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-08 20:20 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-08 20:20 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-08 20:20 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-08 20:20 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-08 20:20 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-08 20:19 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-08 20:19 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-08 20:19 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-08 20:19 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-08 20:19 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-08 20:19 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-08 20:19 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-08 20:19 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-08 20:19 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-08 20:19 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-08 20:19 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-08 20:19 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-08 20:19 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-08 20:19 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-08 20:19 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-08 20:19 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-08 20:19 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-08 20:19 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-08 20:19 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-08 20:19 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-08 20:19 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-08 20:19 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-08 20:19 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-08 20:19 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-08 20:19 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-08 20:19 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-08 20:19 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-08 20:19 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-08 20:19 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-08 20:19 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-08 20:19 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-08 20:19 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-08 20:19 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-08 20:19 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-08 20:19 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-08 20:19 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-08 20:19 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-08 20:19 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-08 20:19 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-08 20:19 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-04 23:04 - 2014-07-16 06:37 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-04 23:04 - 2014-07-04 23:04 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-04 23:04 - 2014-07-04 23:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-04 23:03 - 2014-07-04 23:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-04 23:03 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-24 08:59 - 2014-06-24 08:59 - 00266728 _____ () C:\Windows\Minidump\062414-27424-01.dmp
2014-06-22 22:15 - 2014-06-22 23:17 - 00000000 ____D () C:\Users\Crusty\AppData\Roaming\PortForward.com
2014-06-22 22:15 - 2014-06-22 22:15 - 00001435 _____ () C:\Users\Crusty\Desktop\Port Forward Network Utilities.lnk
2014-06-22 22:15 - 2014-06-22 22:15 - 00000000 ____D () C:\Users\Crusty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portforward.com
2014-06-22 22:15 - 2014-06-22 22:15 - 00000000 ____D () C:\Program Files (x86)\Portforward.com
2014-06-22 22:14 - 2014-06-22 22:14 - 01697368 _____ () C:\Users\Crusty\Downloads\setup-network-utilities.exe
2014-06-22 12:07 - 2014-07-03 13:02 - 00000000 ____D () C:\Users\Crusty\Documents\Unemployment
 
==================== One Month Modified Files and Folders =======
 
2014-07-21 14:10 - 2014-07-21 14:05 - 00026052 _____ () C:\Users\Crusty\Desktop\FRST.txt
2014-07-21 14:10 - 2013-12-26 11:40 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf0250dfdef7f2.job
2014-07-21 14:09 - 2012-09-04 21:56 - 01821877 _____ () C:\Windows\WindowsUpdate.log
2014-07-21 14:08 - 2013-06-14 13:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-07-21 14:08 - 2009-07-14 01:13 - 00786558 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-21 14:05 - 2014-07-21 14:04 - 00000000 ____D () C:\FRST
2014-07-21 14:02 - 2014-07-16 09:51 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2014-07-21 14:02 - 2013-12-26 11:35 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-21 14:01 - 2012-09-04 21:55 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-21 14:01 - 2010-11-20 23:47 - 00374554 _____ () C:\Windows\PFRO.log
2014-07-21 14:01 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-21 14:01 - 2009-07-14 00:51 - 00101997 _____ () C:\Windows\setupact.log
2014-07-21 13:59 - 2013-10-06 11:24 - 00000000 ____D () C:\AdwCleaner
2014-07-21 13:49 - 2014-07-21 13:49 - 02090496 _____ (Farbar) C:\Users\Crusty\Desktop\FRST64.exe
2014-07-21 13:47 - 2014-07-21 13:47 - 01354223 _____ () C:\Users\Crusty\Desktop\adwcleaner_3.216.exe
2014-07-21 13:47 - 2013-06-24 08:05 - 00000000 ____D () C:\Users\Crusty\Documents\ComboFix
2014-07-21 13:45 - 2012-12-22 10:51 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-21 13:44 - 2014-05-08 09:33 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-642430525-3971105479-3747859108-1001UA1cf6ac2188083b6.job
2014-07-20 23:44 - 2013-12-26 11:42 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-642430525-3971105479-3747859108-1001Core.job
2014-07-20 03:00 - 2014-07-15 22:36 - 00004005 _____ () C:\Users\Crusty\Downloads\CF.zip
2014-07-19 23:00 - 2012-09-05 20:43 - 00000000 ____D () C:\Users\Crusty\Documents\Resumes
2014-07-18 10:12 - 2013-12-26 11:36 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-17 18:45 - 2012-11-15 12:37 - 00000000 ____D () C:\Users\Crusty\Documents\Guitar
2014-07-17 18:43 - 2012-09-05 20:07 - 00000000 ____D () C:\Users\Crusty\Documents\Dell Stuff
2014-07-17 16:04 - 2009-07-14 00:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-17 16:04 - 2009-07-14 00:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-16 18:07 - 2014-07-16 18:08 - 00027768 _____ () C:\Users\Crusty\Desktop\dds.txt
2014-07-16 18:07 - 2014-07-16 18:08 - 00023225 _____ () C:\Users\Crusty\Desktop\attach.txt
2014-07-16 17:10 - 2014-07-16 17:08 - 00000000 ____D () C:\Users\Crusty\Desktop\Retrieve
2014-07-16 10:10 - 2014-07-16 10:10 - 00000000 ____D () C:\Windows\System32\Tasks\Western Digital
2014-07-16 10:06 - 2014-07-16 10:06 - 00000000 ____D () C:\Users\Crusty\AppData\Local\Western_Digital_Technolog
2014-07-16 10:06 - 2014-07-16 10:06 - 00000000 ____D () C:\Users\Crusty\AppData\Local\Western Digital
2014-07-16 10:04 - 2012-09-04 20:17 - 00041650 _____ () C:\Windows\DPINST.LOG
2014-07-16 10:03 - 2013-02-21 15:21 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2014-07-16 09:51 - 2014-07-16 09:51 - 00001146 _____ () C:\Users\Public\Desktop\WD SmartWare.lnk
2014-07-16 09:51 - 2013-02-21 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2014-07-16 09:50 - 2014-07-16 09:50 - 00000000 ____D () C:\Program Files\Western Digital
2014-07-16 09:50 - 2014-07-16 09:50 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2014-07-16 09:50 - 2013-02-21 10:30 - 00000000 ____D () C:\ProgramData\Western Digital
2014-07-16 06:37 - 2014-07-04 23:04 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-15 21:44 - 2013-10-01 14:12 - 00000000 ____D () C:\Users\Crusty\Desktop\mbar
2014-07-15 17:21 - 2012-11-06 08:13 - 00000000 ____D () C:\Users\Crusty\AppData\Local\Deployment
2014-07-15 17:01 - 2014-07-15 16:52 - 00000000 ____D () C:\temp
2014-07-15 16:57 - 2014-07-15 16:55 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-07-15 16:55 - 2014-07-15 16:55 - 00000000 ____D () C:\Users\Crusty\AppData\Roaming\Dell
2014-07-15 16:55 - 2014-07-15 16:54 - 00000000 ____D () C:\ProgramData\PCDr
2014-07-15 16:54 - 2014-07-15 16:54 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2014-07-15 16:54 - 2014-07-15 16:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2014-07-15 16:54 - 2014-07-15 16:54 - 00000000 ____D () C:\Program Files\My Dell
2014-07-15 16:54 - 2014-07-15 16:54 - 00000000 ____D () C:\Program Files\Dell Support Center
2014-07-15 16:52 - 2014-07-15 16:52 - 00000000 ____D () C:\Users\Crusty\AppData\Roaming\PCDr
2014-07-15 16:19 - 2012-11-06 08:13 - 00000000 ____D () C:\Users\Crusty\AppData\Local\Apps\2.0
2014-07-15 16:06 - 2014-07-15 16:06 - 00025712 _____ () C:\ComboFix.txt
2014-07-15 16:06 - 2012-11-02 17:04 - 00000000 ____D () C:\Qoobox
2014-07-15 16:03 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-15 10:56 - 2014-07-15 10:56 - 00368256 _____ (RegNow.com) C:\Users\Crusty\Downloads\Download_MaxSDDMnew.exe
2014-07-15 10:29 - 2013-07-15 10:56 - 00000000 ____D () C:\Users\Crusty\Documents\RKill
2014-07-15 07:39 - 2014-01-07 22:34 - 00000000 ____D () C:\Users\Crusty\Documents\ZH
2014-07-14 19:18 - 2012-09-05 20:43 - 00000000 ____D () C:\Users\Crusty\Documents\Order Confirms
2014-07-14 19:17 - 2014-06-08 10:20 - 00000000 ____D () C:\Users\Crusty\Documents\Gold and PM's
2014-07-12 08:38 - 2012-11-15 12:41 - 00000000 ____D () C:\Users\Crusty\Documents\Wind
2014-07-11 13:57 - 2014-07-11 13:57 - 00001872 _____ () C:\Users\Crusty\Downloads\Parrish, Bobbi.vcf
2014-07-09 04:04 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-07-09 03:38 - 2009-07-14 00:45 - 00418888 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 03:35 - 2014-05-08 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-09 03:35 - 2010-11-21 03:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 03:35 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-09 03:35 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-09 03:19 - 2012-09-04 21:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-09 03:15 - 2013-07-18 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 03:09 - 2012-09-05 12:54 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-07 21:45 - 2014-04-13 10:02 - 00000000 ____D () C:\Users\Crusty\Documents\John Deere
2014-07-05 07:58 - 2012-09-05 14:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-07-04 23:04 - 2014-07-04 23:04 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-04 23:04 - 2014-07-04 23:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-04 23:04 - 2014-07-04 23:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-04 23:04 - 2012-09-05 14:47 - 00000000 ____D () C:\Users\Crusty\AppData\Roaming\Malwarebytes
2014-07-04 23:03 - 2012-09-05 14:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-03 13:02 - 2014-06-22 12:07 - 00000000 ____D () C:\Users\Crusty\Documents\Unemployment
2014-06-29 22:09 - 2014-07-08 20:20 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-29 22:04 - 2014-07-08 20:20 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-24 14:21 - 2012-09-05 20:50 - 00000000 ____D () C:\Users\Crusty\Documents\Tammy
2014-06-24 08:59 - 2014-06-24 08:59 - 00266728 _____ () C:\Windows\Minidump\062414-27424-01.dmp
2014-06-24 08:59 - 2012-09-04 21:42 - 854808496 _____ () C:\Windows\MEMORY.DMP
2014-06-24 08:59 - 2012-09-04 21:42 - 00000000 ____D () C:\Windows\Minidump
2014-06-22 23:17 - 2014-06-22 22:15 - 00000000 ____D () C:\Users\Crusty\AppData\Roaming\PortForward.com
2014-06-22 22:15 - 2014-06-22 22:15 - 00001435 _____ () C:\Users\Crusty\Desktop\Port Forward Network Utilities.lnk
2014-06-22 22:15 - 2014-06-22 22:15 - 00000000 ____D () C:\Users\Crusty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portforward.com
2014-06-22 22:15 - 2014-06-22 22:15 - 00000000 ____D () C:\Program Files (x86)\Portforward.com
2014-06-22 22:14 - 2014-06-22 22:14 - 01697368 _____ () C:\Users\Crusty\Downloads\setup-network-utilities.exe
2014-06-22 15:22 - 2012-09-05 19:56 - 00000000 ____D () C:\Users\Crusty\Documents\ATT U-Verse
2014-06-21 18:50 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
 
Some content of TEMP:
====================
C:\Users\Crusty\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-18 00:02
 
==================== End Of Log ============================

 

 

 

 

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

 

 

Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2014
Ran by Crusty at 2014-07-21 14:11:03
Running from C:\Users\Crusty\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Lavasoft Ad-Aware (Disabled - Up to date) {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Lavasoft Ad-Aware (Disabled - Up to date) {5BB89C30-6480-BC7C-9F17-199BD76F557A}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: Lavasoft Ad-Aware (Disabled) {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
 
==================== Installed Programs ======================
 
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.11.22 - STMicroelectronics)
ActiveHome Pro (HKLM-x32\...\ActiveHomePro) (Version:  - )
Ad-Aware Antivirus (HKLM-x32\...\{944167EA-7F89-4705-8DCD-1D63B53141B0}) (Version: 10.5.3.4405 - Lavasoft)
Ad-Aware Browsing Protection (HKLM-x32\...\Ad-Aware Browsing Protection) (Version: 1.0.1.124 - Lavasoft)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Altium Designer Release 10 (HKLM-x32\...\Altium Designer Release 10 {40D3AA80-85AB-4EE2-A0A6-61D41D18BC3A}) (Version: 10.700.22943 - Altium Limited)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Any Video Converter 3.5.3 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Auslogics File Recovery (HKLM-x32\...\{D8F33108-139F-409A-A160-B9510DE736B3}_is1) (Version: 4.1.0.0 - Auslogics Labs Pty Ltd)
Beyond Compare Version 3.3.5 (HKLM-x32\...\BeyondCompare3_is1) (Version:  - Scooter Software)
Check Point SSL Network Extender (HKLM-x32\...\{eb425f91-1b69-4da6-a9a9-9f73d226cfca}) (Version: 7.01.0000 - CheckPoint)
ChromecastApp (HKCU\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.316.0 - Google Inc.)
Cisco WebEx Meetings (HKCU\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version:  - Microsoft)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.8.1.1 - Dell)
DIRECTV Player (HKLM-x32\...\{69b8745b-65c2-4a2d-b5db-00e0cd841f1e}) (Version: 9.0 - DIRECTV)
EasyWeather (HKLM-x32\...\{CE1B03BC-3C99-4580-A2AC-A41DB9B83378}) (Version:  - 1.0)
Elevated Installer (x32 Version: 3.2.7.0 - Garmin Ltd or its subsidiaries) Hidden
Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.10.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WorkForce 630 Series Printer Uninstall (HKLM\...\EPSON WorkForce 630 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.3 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3b - SEIKO EPSON CORPORATION)
Garmin Express (HKLM-x32\...\{55ae01f2-f0a8-4342-a9cc-a0327cdaa811}) (Version: 3.2.7.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.7.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.7.0 - Garmin Ltd or its subsidiaries) Hidden
GENESYS Version 7.0 (HKLM-x32\...\GENESYS Version 7.0) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel PROSet Wireless (Version:  - ) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{295AEB79-B53A-4F1B-860F-7800BB7E3681}) (Version: 14.2.1000 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Intel® WiDi (HKLM\...\{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}) (Version: 3.5.34.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
IPCamSetup (HKLM-x32\...\{02C39DE9-B03A-4FE7-89F9-61E224FE65CC}) (Version: 1.00.0000 - FOSCAM)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java 7 Update 9 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417009FF}) (Version: 7.0.90 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
join.me (HKCU\...\JoinMe) (Version: 1.9.0.130 - LogMeIn, Inc.)
JPEG Recovery Pro 5.0 (HKLM-x32\...\JPEG Recovery Pro5.0) (Version: 5.0 - e.World Technology Limited)
Lernout & Hauspie TruVoice American English TTS Engine (HKLM-x32\...\tv_enua) (Version:  - )
Malwarebytes Anti-Exploit version 0.10.0.1000 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 0.10.0.1000 - Malwarebytes)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.8.958 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 7.1.0.2483 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.0.161.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.0.161.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
NexDef Plug-in (HKLM-x32\...\Autobahn) (Version:  - )
No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.0.1 - Vitalwerks Internet Solutions LLC)
NVIDIA 3D Vision Driver 285.77 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 285.77 - NVIDIA Corporation)
NVIDIA Control Panel 285.77 (Version: 285.77 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 285.77 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 285.77 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.718 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.5.21 (Version: 1.5.21 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.8577 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.5.21 - NVIDIA Corporation) Hidden
PerformanceTest v8.0 (HKLM\...\PerformanceTest 8_is1) (Version: 8.0.1029.0 - Passmark Software)
Port Forward Network Utilities 2.0.1 (HKLM-x32\...\Port Forward Network Utilities) (Version: 2.0.1 - Portforward.com)
Power Tab Editor 1.7 (HKLM-x32\...\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}) (Version: 1.7.0 - Power Tab Software)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.10 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6312 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Stellar Phoenix JPEG Repair (HKLM-x32\...\Stellar Phoenix JPEG Repair_is1) (Version: 2.0.0.0 - Stellar Information Systems Ltd)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.6.0 - Synaptics Incorporated)
Trillian (HKLM-x32\...\Trillian) (Version:  - Cerulean Studios, LLC)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
VirtualLab Client 7.0.52 (HKLM-x32\...\VirtualLab 7 Client_is1) (Version:  - BinaryBiz)
VLC media player 2.0.6 (HKLM-x32\...\VLC media player) (Version: 2.0.6 - VideoLAN)
WD Drive Utilities (HKLM-x32\...\{E61CFDDA-40DD-4400-95CA-12819C50B5C2}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD Link (HKLM-x32\...\WD Link) (Version: 1.00.03 - Western Digital)
WD Security (HKLM-x32\...\{919ADA61-13BF-43C4-A2DD-8BA49A244FC8}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{EC54143B-24CC-47D2-AB39-0F5701988BA4}) (Version: 2.1.0.11 - Western Digital Technologies, Inc.)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
 
==================== Restore Points  =========================
 
12-07-2014 07:50:34 Windows Update
15-07-2014 19:52:26 ComboFix created restore point
16-07-2014 05:41:19 Windows Update
16-07-2014 13:53:52 Installed WD Security
16-07-2014 14:02:53 Installed WD Drive Utilities
19-07-2014 14:07:53 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 22:34 - 2014-07-15 15:17 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {00A1847F-C16A-4CB8-B7CB-A0B1CC495239} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-26] (Google Inc.)
Task: {5729C921-1F2B-4047-BB58-810AA8F05B1A} - System32\Tasks\GoogleUpdateTaskMachineUA1cf0250dfdef7f2 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-26] (Google Inc.)
Task: {5CE148DD-E1ED-4FBE-9212-6FF5BD2D38FC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-08] (Adobe Systems Incorporated)
Task: {73AEE5CF-4C59-497F-B7AE-732FBFC7AD17} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-642430525-3971105479-3747859108-1001UA1cf6ac2188083b6 => C:\Users\Crusty\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-26] (Google Inc.)
Task: {8702CB81-BD5D-4A32-87CC-3837406B8D4E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-642430525-3971105479-3747859108-1001Core => C:\Users\Crusty\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-26] (Google Inc.)
Task: {99425F7E-30A7-4959-B51F-4EA8AA8485DE} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-10] (PC-Doctor, Inc.)
Task: {A87CBC38-F27D-45F6-BB8E-C02F1D2A1B82} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-06-09] ()
Task: {F4F616EB-23FE-410D-A526-39DC9B86FE77} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe [2013-06-13] (Lavasoft Limited)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf0250dfdef7f2.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-642430525-3971105479-3747859108-1001Core.job => C:\Users\Crusty\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-642430525-3971105479-3747859108-1001UA1cf6ac2188083b6.job => C:\Users\Crusty\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-09-15 18:46 - 2011-09-15 18:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-08-31 14:08 - 2011-03-25 23:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-09-04 20:16 - 2010-12-17 11:25 - 00686704 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
2011-09-15 18:46 - 2011-09-15 18:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2013-06-25 16:12 - 2013-06-25 16:12 - 07956328 _____ () C:\Users\Crusty\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
2013-03-14 10:47 - 2013-03-14 10:47 - 15500800 _____ () C:\Users\Crusty\AppData\Local\Autobahn\nexdef.exe
2013-06-25 16:12 - 2013-06-25 16:12 - 00332128 _____ () C:\Users\Crusty\AppData\Local\DIRECTV Player\ndsLogStore.dll
2013-06-25 16:12 - 2013-06-25 16:12 - 03175264 _____ () C:\Users\Crusty\AppData\Local\DIRECTV Player\DrmSingleton.dll
2013-06-25 16:12 - 2013-06-25 16:12 - 02237288 _____ () C:\Users\Crusty\AppData\Local\DIRECTV Player\DiscoveryManager.dll
2013-06-25 16:12 - 2013-06-25 16:12 - 07554400 _____ () C:\Users\Crusty\AppData\Local\DIRECTV Player\gsttspplugin.dll
2013-06-25 16:12 - 2013-06-25 16:12 - 00689000 _____ () C:\Users\Crusty\AppData\Local\DIRECTV Player\libgstreamer-0.10.dll
2013-06-25 16:12 - 2013-06-25 16:12 - 01403224 _____ () C:\Users\Crusty\AppData\Local\DIRECTV Player\libxml2-2.dll
2013-06-25 16:12 - 2013-06-25 16:12 - 00091976 _____ () C:\Users\Crusty\AppData\Local\DIRECTV Player\z.dll
2013-03-14 10:47 - 2013-03-14 10:47 - 00020480 _____ () C:\Users\Crusty\AppData\Local\Autobahn\rt\bin\jetvm\jvm.dll
2013-03-14 10:47 - 2013-03-14 10:47 - 00069632 _____ () C:\Users\Crusty\AppData\Local\Autobahn\rt\bin\java.dll
2013-03-14 10:47 - 2013-03-14 10:47 - 00126976 _____ () C:\Users\Crusty\AppData\Local\Autobahn\rt\bin\zip.dll
2013-03-14 10:47 - 2013-03-14 10:47 - 00159744 _____ () C:\Users\Crusty\AppData\Local\Autobahn\rt\jetrt\baseline720.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
MSCONFIG\Services: Ad-Aware Service => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: EpsonBidirectionalService => 3
MSCONFIG\Services: EPSON_PM_RPCV4_04 => 2
MSCONFIG\Services: Garmin Core Update Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MbaeSvc => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RemoteRegistry => 3
MSCONFIG\Services: SBAMSvc => 2
MSCONFIG\Services: SBSDWSCService => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: WDBackup => 3
MSCONFIG\startupreg: Ad-Aware Antivirus => "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
MSCONFIG\startupreg: Ad-Aware Browsing Protection => "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: FUFAXSTM => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\Crusty\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: Malwarebytes Anti-Exploit => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 
==================== Faulty Device Manager Devices =============
 
Name: USB-IF xHCI USB Host Controller
Description: USB-IF xHCI USB Host Controller
Class Guid: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}
Manufacturer: Intel Corporation
Service: XHCIPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/21/2014 02:02:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/16/2014 09:56:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/16/2014 09:50:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WDRulesEngine.exe, version: 1.6.4.2, time stamp: 0x505a960f
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0xe0434352
Fault offset: 0x0000c42d
Faulting process id: 0x820
Faulting application start time: 0xWDRulesEngine.exe0
Faulting application path: WDRulesEngine.exe1
Faulting module path: WDRulesEngine.exe2
Report Id: WDRulesEngine.exe3
 
Error: (07/16/2014 09:50:28 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: WDRulesEngine.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ObjectDisposedException
Stack:
   at System.Data.SQLite.SQLiteConnection.CheckDisposed()
   at System.Data.SQLite.SQLiteConnection.get_State()
   at BackupRulesDB.Close()
   at BackupRulesDB.Dispose(Boolean)
   at BackupRulesDB.Finalize()
 
Error: (07/16/2014 09:39:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/15/2014 09:41:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/15/2014 04:19:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/15/2014 03:43:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/15/2014 03:33:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/15/2014 03:08:02 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).
 
 
System errors:
=============
Error: (07/21/2014 02:03:04 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (07/20/2014 00:38:03 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}
 
Error: (07/20/2014 10:06:51 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.179.534.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.5.0216.00
 
Source Path: 4.5.0216.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (07/18/2014 03:17:40 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}
 
Error: (07/17/2014 10:06:51 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.179.160.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.5.0216.00
 
Source Path: 4.5.0216.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (07/16/2014 07:39:14 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}
 
Error: (07/16/2014 09:57:54 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (07/16/2014 09:40:10 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (07/15/2014 09:42:27 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (07/15/2014 04:21:37 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}
 
 
Microsoft Office Sessions:
=========================
Error: (07/21/2014 02:02:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/16/2014 09:56:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/16/2014 09:50:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: WDRulesEngine.exe1.6.4.2505a960fKERNELBASE.dll6.1.7601.1840953159a86e04343520000c42d82001cfa0fb4c7059beC:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exeC:\Windows\syswow64\KERNELBASE.dll25cf26d6-0cf0-11e4-9c66-4c80935a1675
 
Error: (07/16/2014 09:50:28 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: WDRulesEngine.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ObjectDisposedException
Stack:
   at System.Data.SQLite.SQLiteConnection.CheckDisposed()
   at System.Data.SQLite.SQLiteConnection.get_State()
   at BackupRulesDB.Close()
   at BackupRulesDB.Dispose(Boolean)
   at BackupRulesDB.Finalize()
 
Error: (07/16/2014 09:39:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/15/2014 09:41:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/15/2014 04:19:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/15/2014 03:43:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/15/2014 03:33:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/15/2014 03:08:02 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x8007043c
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-07-15 15:17:18.399
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-15 15:17:18.305
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-15 15:17:18.227
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-15 15:17:18.134
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 32%
Total physical RAM: 8086.17 MB
Available physical RAM: 5436.08 MB
Total Pagefile: 16170.52 MB
Available Pagefile: 13558.33 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:685.34 GB) (Free:400.45 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 699 GB) (Disk ID: 593917B1)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=13 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=685 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:40 AM

Posted 22 July 2014 - 06:52 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - DefaultScope value is missing.
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Crusty\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll No File
CHR Plugin: (Google Update) - C:\Users\Crusty\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

How is the computer running now?

#5 crusty1954

crusty1954
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 22 July 2014 - 08:56 AM

Nasdaq,

 

I ran FRST and Security Check; FixLog posted below.

 

The computer overall operation:

- Complete shut down is ~ 12 Seconds; much improved

- Appears to be booting a little faster to login screen - ~33 seconds

- Login to initial Desktop is ~1 minute, to complete Desktop when the HD stops hammering is ~1m 45s; this still seems a little long, but is it me?

 

*** I still cannot download ComboFix.  It is immediately DELETED from my computer when the download is complete.

From an old Bleepingcomputer Post, it was inferred that this was the result of a serious Infection.  

Read the response from the moderator DaChew:

 

http://www.bleepingcomputer.com/forums/t/207650/computer-immediately-deletes-combofix/

 

Also, I get a momentary popup dialog with the Banner: DSD_5904 (not responding) just before Desktop is complete.  This is something new.

Any idea what this is?

 

I know the amount of services that are started impacts Boot time, I tried to attach a screenshot of my process list to see what/if anything can be turned off, but was unsuccessful as Paste Pics did not work and I could not find an Attach Button.

(I know that this may be available from previous logs).

I do not want much of anything pre-launched other than Windows, Network and Security; McAfee.

Any help here stopping unnecessary apps would also be greatly appreciated.

 

Note: Currently I have 9 Chrome Tabs open, but my Processes show 17!

(My current default launch is 6 pinned Tabs)  

Is this indicative of something nefarious?

 

Again, Thanks in Advance for your time and effort.

crusty1954 aka Alan

 

 

 

FixLog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-07-2014
Ran by Crusty at 2014-07-22 08:32:02 Run:1
Running from C:\Users\Crusty\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - DefaultScope value is missing.
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
CHR
Plugin: (Widevine Content Decryption Module) - C:\Users\Crusty\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll No File
CHR Plugin: (Google Update) - C:\Users\Crusty\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
*****************
 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File'=> Key not found.
"FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found.
'HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File'=> Key not found.
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found.
CHR => Error: No automatic fix found for this entry.
Plugin: (Widevine Content Decryption Module) - C:\Users\Crusty\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll No File => Error: No automatic fix found for this entry.
C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll not found.
C:\Users\Crusty\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll not found.
catchme => Service deleted successfully.
 
==== End of Fixlog ====


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:40 AM

Posted 22 July 2014 - 09:57 AM

Try this.

Download ComboFix from any of the links below but rename it to svchost.exe before saving it to your desktop. <- Important.

Link 1
Link 2
==================================
  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

    Double click on the renamed ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RcAuto1.gif


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click combofix's window while it's running. That may cause it to stall
====
 

I get a momentary popup dialog with the Banner: DSD_5904 (not responding) just before Desktop is complete

Will check further is ComboFix does not find it.
===
 

Note: Currently I have 9 Chrome Tabs open, but my Processes show 17!
(My current default launch is 6 pinned Tabs)
Is this indicative of something nefarious?

No, you have many Chrome Plugins and Extensions running.
You can disable those that you do not used often.
===

#7 crusty1954

crusty1954
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 22 July 2014 - 02:10 PM

Nasdaq,

 

Whatever it is, it is nasty!

 

I changed my Chrome download settings so that I could direct the location and rename combofix to svchost.exe.

 "Failed - Download error"

I didabled McAfee and still have the same issue.

The file is completely gone from my computer, i.e. not in the Recycle bin.

Apparently whatever it is, it looks inside the file for a name or attributes that show it is ComboFix.

 

I had previously tried to copy it from a CD/USB stick in this manner and was unsuccessful; ex.: combofix.txt, newfile.exe, newfile.txt

None of these allowed me to copy it to my HD.  The file on the USB stick got removed.

I got a "Read Only" error when trying to copy it from the CD.

 

 

I have a copy of Combofix on a CD from 07/15/2014 which I ran before opening this ticket; Pasted below:

 

Do you want me to run it again from the CD?

I also made a Win7/64 System Recovery Disc from Control Panel.......just in case.

 

Again, Thanks in advance

crusty1954 aka Alan

 

 

ComboFix 14-07-15.03 - Crusty 07/15/2014  15:09:47.10.8 - x64 MINIMAL
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8086.7123 [GMT -4:00]
Running from: D:\ComboFix.exe
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Crusty\AppData\Roaming\Microsoft\Windows\Recent\Marmitek.url
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-15 to 2014-07-15  )))))))))))))))))))))))))))))))
.
.
2014-07-15 19:17 . 2014-07-15 19:17 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-07-15 19:17 . 2014-07-15 19:17 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-07-15 19:17 . 2014-07-15 19:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-15 07:49 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E1217929-3936-4A60-92C9-57924EDB6BAB}\mpengine.dll
2014-07-14 07:49 . 2014-06-05 10:54 10779000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-07-11 07:49 . 2014-05-02 01:08 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CDF2DB6C-8EAE-4DC7-9A1E-E5DF35BB1DB0}\gapaengine.dll
2014-07-05 03:04 . 2014-07-15 18:20 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-05 03:03 . 2014-07-05 03:04 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-07-05 03:03 . 2014-05-12 11:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-06-23 02:15 . 2014-06-23 03:17 -------- d-----w- c:\users\Crusty\AppData\Roaming\PortForward.com
2014-06-23 02:15 . 2014-06-23 02:15 -------- d-----w- c:\program files (x86)\Portforward.com
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-09 07:09 . 2012-09-05 16:54 96441528 ----a-w- c:\windows\system32\MRT.exe
2014-05-12 11:26 . 2013-10-25 14:38 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-12 11:25 . 2012-09-05 18:47 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-08 13:33 . 2012-09-05 00:04 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-08 13:33 . 2012-09-05 00:04 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-02 01:08 . 2013-10-17 22:06 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-04-25 02:34 . 2014-06-11 22:29 801280 ----a-w- c:\windows\system32\usp10.dll
2014-04-25 02:06 . 2014-06-11 22:29 626688 ----a-w- c:\windows\SysWow64\usp10.dll
2001-01-28 03:10 60928 --sha-w- c:\windows\SysWOW64\ntport.dll
2001-01-23 04:23 6080 --sha-w- c:\windows\SysWOW64\zntport.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCShowServer"="c:\users\Crusty\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe" [2013-06-25 1765744]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2014-06-09 122200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 537992]
"WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2012-09-20 5236664]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 537992]
"Malwarebytes Anti-Exploit"="c:\program files (x86)\Malwarebytes Anti-Exploit\mbae.exe" [2014-02-21 1294136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2014-06-09 122200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"{91140000-0011-0000-0000-0000000FF1CE}"="del" [X]
.
c:\users\Crusty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
NexDef Plug-in.lnk - c:\users\Crusty\AppData\Local\Autobahn\nexdef.exe [2013-3-14 15500800]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [x]
R1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 cpextender;Check Point SSL Network Extender;c:\program files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe;c:\program files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe [x]
R2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
R2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
R2 MbaeSvc;Malwarebytes Anti-Exploit Service;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
R2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
R2 WDRulesService;WD Rules;c:\program files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [x]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 DIRECTIO;DIRECTIO;c:\program files\PerformanceTest\DirectIo64.sys;c:\program files\PerformanceTest\DirectIo64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys;c:\windows\SYSNATIVE\drivers\nvstusb.sys [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys;c:\windows\SYSNATIVE\DRIVERS\qicflt.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\DRIVERS\vna.sys;c:\windows\SYSNATIVE\DRIVERS\vna.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]
R3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
R3 XHCIPort;USB-IF xHCI USB Host Controller;c:\windows\system32\DRIVERS\XHCIPort.sys;c:\windows\SYSNATIVE\DRIVERS\XHCIPort.sys [x]
R4 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [x]
R4 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]
R4 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
R4 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [x]
R4 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys;c:\windows\SYSNATIVE\DRIVERS\Accelern.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-10 21:05 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-05 13:33]
.
2014-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-26 15:35]
.
2014-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cf0250dfdef7f2.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-26 15:35]
.
2014-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-642430525-3971105479-3747859108-1001Core.job
- c:\users\Crusty\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-26 15:42]
.
2014-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-642430525-3971105479-3747859108-1001UA1cf6ac2188083b6.job
- c:\users\Crusty\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-26 15:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-11-04 540992]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-09-15 1935120]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-10-12 1464984]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-10-12 2075288]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: dell.com
DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} - hxxp://192.168.1.116:8091/codebase/DVM_IPCam2.ocx
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-07-15  15:21:02
ComboFix Log File.txt  2013-06-24 12:23
ComboFix-quarantined-files.txt  2014-07-15 19:21
ComboFix2.txt  2013-10-05 13:31
ComboFix3.txt  2013-10-05 13:12
ComboFix4.txt  2013-10-05 13:01
ComboFix5.txt  2014-07-15 19:07
.
Pre-Run: 431,424,417,792 bytes free
Post-Run: 431,143,526,400 bytes free
.
- - End Of File - - E22FFFEF4C308128D8422AB2A8D198C4


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:40 AM

Posted 23 July 2014 - 07:52 AM

The ComboFix log is clean.

Run the stand alone uninstaller available. Download it from
here

Run the tool on your Computer.

Try to download a fresh copy.
If the problem persists it might just be that one of your Firewall, active or not is preventing this download.

Since the computer is running find we can just let it go.

We will check on the DSD_5904 issue.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe
  • to run it.
  • Copy and paste the content
  • of the following bold text into the main textfield:

    :filefind
    DSD_5904.*

    :regfind
    DSD_5904
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  • Note: The log can also be found on your Desktop entitled SystemLook.txt.


#9 crusty1954

crusty1954
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 23 July 2014 - 09:47 AM

Nasdaq,

 

I believe I got it, DSD_* (The popup numerals kept changing - 5904, 5396, etc.) was a symptom of the infection.

Here is the sequence of events:

 

1)  I downloaded SystemLook_64 and ran it several times w/different variables:

:filefind                                                :regfind
DSD_5904.*, DSD_*.*                      DSD_5904, DSD_*, DSD_

The LogFile is listed below, it did not show anything.

 

2) I Booted Safe Mode, no Networking

I was then able to successfully copy ComboFix from a USB stick, then ran it; Log Files below.

I then re-Booted in Safe Mode, then Safe Mode w/Networking, and finally Normal Mode: ComboFix WAS NOT DELETED in any case.

 

The Combofix Log Files show a bunch of C:\program data\PCDr dll's.

I don't know how/when these got in, but it appears that this was it.

Put the Safe Mode Booting -> Combofix in your bag of tricks.

 

Should I run ComboFix again, have I missed anything/is there still more to do?

Please let me know.

 

Thanks

Crusty1954 aka Alan

 

 

SystemLook Log:

 

SystemLook 30.07.11 by jpshortstuff
Log created at 09:17 on 23/07/2014 by Crusty
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "DSD_*.*"
No files found.
 
========== regfind ==========
 
Searching for "DSD_"
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\MSC\Telemetry\VSO\ods]
"av_odsd_4"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\McAfee\MSC\Telemetry\VSO\ods]
"av_odsd_4"=""
 
-= EOF =-
 
 
ComboFix.txt:
 
 ComboFix 14-07-15.03 - Crusty 07/23/2014   9:48.12.8 - x64 MINIMAL
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8086.6989 [GMT -4:00]
Running from: c:\users\Crusty\Documents\ComboFix\ComboFix.exe
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6426\AddOnDownloaded\073fb38f-0e69-479d-bca1-4f81ec9dcbf6.dll
c:\programdata\PCDr\6426\AddOnDownloaded\0d06f79c-d0e6-4610-9a2b-d8f1a48f4252.dll
c:\programdata\PCDr\6426\AddOnDownloaded\0d461521-7dbf-4cec-a29e-936c88cdf8c9.dll
c:\programdata\PCDr\6426\AddOnDownloaded\100c3865-0c76-461b-b2fd-042d6d5fa7f6.dll
c:\programdata\PCDr\6426\AddOnDownloaded\14c2ae57-d39d-4154-a95b-3f8a45dcf01e.dll
c:\programdata\PCDr\6426\AddOnDownloaded\173c4dd2-e93c-4725-b006-db1d8f465192.dll
c:\programdata\PCDr\6426\AddOnDownloaded\1b0b3c38-2b97-4f8d-954b-06296209b73d.dll
c:\programdata\PCDr\6426\AddOnDownloaded\1e0aaf9a-9947-4a7b-b1ae-8a89919438ed.dll
c:\programdata\PCDr\6426\AddOnDownloaded\263d6ac9-4f87-466c-947c-bd9af71d7035.dll
c:\programdata\PCDr\6426\AddOnDownloaded\2a6b5d0b-a2fc-4bdd-b3fe-6bbefb85b7e4.dll
c:\programdata\PCDr\6426\AddOnDownloaded\2eccd5d6-e118-4f76-97b6-ba56fb6c597a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\3410f47b-5e8c-47c6-bf2c-234af4121d4c.dll
c:\programdata\PCDr\6426\AddOnDownloaded\378deb7f-049e-4a5e-83b2-5381dcd9e928.dll
c:\programdata\PCDr\6426\AddOnDownloaded\3972fea3-214c-4935-a7d1-96bf66115683.dll
c:\programdata\PCDr\6426\AddOnDownloaded\3b1c7acd-5e3e-4459-ab98-5109117e2341.dll
c:\programdata\PCDr\6426\AddOnDownloaded\4546f2bc-b9d9-4667-abe7-b0bacc90279e.dll
c:\programdata\PCDr\6426\AddOnDownloaded\4804ced5-915b-48a3-a465-b8a5e02714bf.dll
c:\programdata\PCDr\6426\AddOnDownloaded\4818e109-9489-4cd8-9044-44defd8ec187.dll
c:\programdata\PCDr\6426\AddOnDownloaded\50441041-9037-4c34-842c-4a8523e700da.dll
c:\programdata\PCDr\6426\AddOnDownloaded\51fdf16e-ecb9-4fa4-8469-76fc9a22293b.dll
c:\programdata\PCDr\6426\AddOnDownloaded\57d7325c-8462-4866-a9ca-3f9228775fed.dll
c:\programdata\PCDr\6426\AddOnDownloaded\62d1f0b0-bc9a-4f6c-bad7-93b19a91276a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\67c3d4fe-b638-467a-9fe2-c5813ade3330.dll
c:\programdata\PCDr\6426\AddOnDownloaded\6820b110-e483-4f1e-9b48-438f7916f078.dll
c:\programdata\PCDr\6426\AddOnDownloaded\6b5978fa-48d7-4309-a523-7e157768c0d8.dll
c:\programdata\PCDr\6426\AddOnDownloaded\6f4fb483-ce30-493a-8cb4-3e530ab1be5b.dll
c:\programdata\PCDr\6426\AddOnDownloaded\739db3eb-d3cd-4c86-a6ea-01a49984fa3b.dll
c:\programdata\PCDr\6426\AddOnDownloaded\7bd83798-7a02-4f50-83a2-b91cabcbd1f9.dll
c:\programdata\PCDr\6426\AddOnDownloaded\7dbfef1a-6148-4748-a1b3-71627763a45a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\813755dc-2229-47a2-b85b-19d0aaa641c9.dll
c:\programdata\PCDr\6426\AddOnDownloaded\872965c7-08b7-47fc-a74c-ff167590b71a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\8d357f17-07ad-4392-ba06-fb67564c98cd.dll
c:\programdata\PCDr\6426\AddOnDownloaded\934f6059-2d35-4bd9-a130-a17cb5563507.dll
c:\programdata\PCDr\6426\AddOnDownloaded\a61f44a8-21a3-4c4a-a04b-993dfb73bf96.dll
c:\programdata\PCDr\6426\AddOnDownloaded\a9de0c84-9a7c-4638-9653-13aa8cf56e80.dll
c:\programdata\PCDr\6426\AddOnDownloaded\aa188883-7465-4d95-a86a-d8b5632bc167.dll
c:\programdata\PCDr\6426\AddOnDownloaded\ae67b364-b69e-471e-b177-2459120b84d4.dll
c:\programdata\PCDr\6426\AddOnDownloaded\b2152f30-7380-4987-8fcf-e4c06952615d.dll
c:\programdata\PCDr\6426\AddOnDownloaded\b4cc2a4a-87f5-49cd-935c-18f1a80e65b7.dll
c:\programdata\PCDr\6426\AddOnDownloaded\ba005e12-3139-4327-9f7a-9f2ea6a6c841.dll
c:\programdata\PCDr\6426\AddOnDownloaded\bc6fc708-5b6b-4a72-b336-09b3089baa7a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\bea3f575-677a-4c92-89ca-7be8480c11a9.dll
c:\programdata\PCDr\6426\AddOnDownloaded\bf647bd7-dfb5-4746-a6b4-b7c2fdbbf3b1.dll
c:\programdata\PCDr\6426\AddOnDownloaded\c4211805-b43b-471d-81af-4e0589f8607b.dll
c:\programdata\PCDr\6426\AddOnDownloaded\c4553126-8176-4250-ad3c-b6a89d558337.dll
c:\programdata\PCDr\6426\AddOnDownloaded\c6bf01ba-05a7-4930-b8dd-7c5fd03e97ac.dll
c:\programdata\PCDr\6426\AddOnDownloaded\cdda52ec-6ccd-425a-8c72-b7bbdc8b3acd.dll
c:\programdata\PCDr\6426\AddOnDownloaded\d1f4dc82-bc4c-4916-b37c-3ab9c30ae468.dll
c:\programdata\PCDr\6426\AddOnDownloaded\d34c0cf7-889f-43dd-9283-b2b6f442aae3.dll
c:\programdata\PCDr\6426\AddOnDownloaded\ddb9fe5d-525c-4d5d-ac37-0bd10f2864f8.dll
c:\programdata\PCDr\6426\AddOnDownloaded\dfc97e68-74cd-4807-807f-ac146d81ec5d.dll
c:\programdata\PCDr\6426\AddOnDownloaded\e45cd45a-4d7c-4802-881f-74582b847e5c.dll
c:\programdata\PCDr\6426\AddOnDownloaded\e5a71f43-c979-4b3d-a544-9ed1dc6dc4c8.dll
c:\programdata\PCDr\6426\AddOnDownloaded\ef78c3e8-1d94-4219-8070-7617e119bba4.dll
c:\programdata\PCDr\6426\AddOnDownloaded\f06c5597-1a85-4d1f-ac16-a6fdd2a6bedc.dll
c:\programdata\PCDr\6426\AddOnDownloaded\f12de547-df4d-4236-9129-baac054f90ab.dll
c:\programdata\PCDr\6426\AddOnDownloaded\f9dc840b-c6f7-42a5-acec-50cc7a2827fd.dll
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-23 to 2014-07-23  )))))))))))))))))))))))))))))))
.
.
2014-07-23 13:05 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{52FFD3CE-90C9-48A4-8C9E-1F148337C947}\mpengine.dll
2014-07-23 12:45 . 2014-07-23 12:46 -------- d-----w- c:\users\Crusty\Books - pdf
2014-07-23 05:48 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-07-21 18:04 . 2014-07-22 12:32 -------- d-----w- C:\FRST
2014-07-21 17:53 . 2010-08-30 12:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-07-21 14:09 . 2014-05-02 01:08 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AEEB182F-5595-4A93-8DB5-52EA4BA7BA4D}\gapaengine.dll
2014-07-16 14:06 . 2014-07-16 14:06 -------- d-----w- c:\users\Crusty\AppData\Local\Western Digital
2014-07-16 14:06 . 2014-07-16 14:06 -------- d-----w- c:\users\Crusty\AppData\Local\Western_Digital_Technolog
2014-07-16 13:50 . 2014-07-16 13:50 -------- d-----w- c:\program files\Western Digital
2014-07-16 13:50 . 2014-07-16 13:50 -------- d-----w- c:\program files\Common Files\Western Digital
2014-07-16 13:48 . 2014-07-16 13:48 -------- d-----w- c:\program files (x86)\Common Files\Western Digital
2014-07-15 20:55 . 2014-07-15 20:55 -------- d-----w- c:\users\Crusty\AppData\Roaming\Dell
2014-07-15 20:54 . 2014-07-22 18:51 -------- d-----w- c:\programdata\PCDr
2014-07-15 20:54 . 2014-07-15 20:54 -------- d-----w- c:\programdata\PC-Doctor for Windows
2014-07-15 20:54 . 2014-07-15 20:54 -------- d-----w- c:\program files\Dell Support Center
2014-07-15 20:54 . 2014-07-15 20:54 -------- d-----w- c:\program files\My Dell
2014-07-15 20:52 . 2014-07-22 18:53 -------- d-----w- c:\users\Crusty\AppData\Roaming\PCDr
2014-07-15 20:52 . 2014-07-15 21:01 -------- d-----w- C:\temp
2014-07-05 03:04 . 2014-07-16 10:37 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-05 03:03 . 2014-07-05 03:04 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-07-05 03:03 . 2014-05-12 11:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-09 07:09 . 2012-09-05 16:54 96441528 ----a-w- c:\windows\system32\MRT.exe
2014-05-12 11:26 . 2013-10-25 14:38 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-12 11:25 . 2012-09-05 18:47 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-08 13:33 . 2012-09-05 00:04 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-08 13:33 . 2012-09-05 00:04 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-02 01:08 . 2013-10-17 22:06 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-04-25 02:34 . 2014-06-11 22:29 801280 ----a-w- c:\windows\system32\usp10.dll
2014-04-25 02:06 . 2014-06-11 22:29 626688 ----a-w- c:\windows\SysWow64\usp10.dll
2001-01-28 03:10 60928 --sha-w- c:\windows\SysWOW64\ntport.dll
2001-01-23 04:23 6080 --sha-w- c:\windows\SysWOW64\zntport.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCShowServer"="c:\users\Crusty\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe" [2013-06-25 1765744]
"DellSystemDetect"="c:\users\Crusty\AppData\Local\Apps\2.0\E246BOXT.WPC\A2Q8G4HY.2Z9\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe" [2014-07-15 262720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 537992]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 537992]
"WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2013-06-19 5524336]
"WD Drive Unlocker"="c:\program files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe" [2014-05-23 1694048]
"DriveUtilitiesHelper"="c:\program files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe" [2014-05-23 1852264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2014-06-09 122200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"{91140000-0011-0000-0000-0000000FF1CE}"="del" [X]
.
c:\users\Crusty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
NexDef Plug-in.lnk - c:\users\Crusty\AppData\Local\Autobahn\nexdef.exe [2013-3-14 15500800]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [x]
R1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 cpextender;Check Point SSL Network Extender;c:\program files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe;c:\program files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe [x]
R2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
R2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
R2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [x]
R2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 DIRECTIO;DIRECTIO;c:\program files\PerformanceTest\DirectIo64.sys;c:\program files\PerformanceTest\DirectIo64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys;c:\windows\SYSNATIVE\drivers\nvstusb.sys [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys;c:\windows\SYSNATIVE\DRIVERS\qicflt.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\DRIVERS\vna.sys;c:\windows\SYSNATIVE\DRIVERS\vna.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
R3 XHCIPort;USB-IF xHCI USB Host Controller;c:\windows\system32\DRIVERS\XHCIPort.sys;c:\windows\SYSNATIVE\DRIVERS\XHCIPort.sys [x]
R4 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [x]
R4 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]
R4 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
R4 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
R4 MbaeSvc;Malwarebytes Anti-Exploit Service;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [x]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R4 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [x]
R4 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys;c:\windows\SYSNATIVE\DRIVERS\Accelern.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-18 14:10 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-05 13:33]
.
2014-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-26 15:35]
.
2014-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cf0250dfdef7f2.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-26 15:35]
.
2014-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-642430525-3971105479-3747859108-1001Core.job
- c:\users\Crusty\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-26 15:42]
.
2014-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-642430525-3971105479-3747859108-1001UA1cf6ac2188083b6.job
- c:\users\Crusty\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-26 15:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-11-04 540992]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-09-15 1935120]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-10-12 1464984]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-10-12 2075288]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: dell.com
TCP: DhcpNameServer = 192.168.1.254
DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} - hxxp://192.168.1.116:8091/codebase/DVM_IPCam2.ocx
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-07-23  09:56:23
ComboFix-quarantined-files.txt  2014-07-23 13:56
ComboFix2.txt  2014-07-15 20:06
.
Pre-Run: 430,696,828,928 bytes free
Post-Run: 430,591,930,368 bytes free
.
- - End Of File - - FC78F41417A2C119E717D6156361BADA
 
ComboFix Quarantine Log (Qoobox):
 
2014-07-23 13:55:19 . 2014-07-23 13:55:19               80 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-SynTPEnh.reg.dat
2014-07-23 13:55:17 . 2014-07-23 13:55:17              377 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47}.reg.dat
2014-07-23 13:55:07 . 2014-07-23 13:55:07              104 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-Locked.reg.dat
2014-07-23 13:52:22 . 2014-07-23 13:52:22           20,677 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2014-07-23 13:47:24 . 2014-07-23 13:47:24               51 ----a-w-  C:\Qoobox\Quarantine\catchme.log
2014-07-22 18:53:10 . 2014-07-14 21:34:01           66,296 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\14c2ae57-d39d-4154-a95b-3f8a45dcf01e.dll.vir
2014-07-22 18:53:10 . 2014-07-14 21:11:42           66,296 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\aa188883-7465-4d95-a86a-d8b5632bc167.dll.vir
2014-07-22 18:53:10 . 2014-07-14 21:01:24           66,296 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\c4553126-8176-4250-ad3c-b6a89d558337.dll.vir
2014-07-22 18:53:09 . 2014-04-25 20:26:36           82,680 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\c6bf01ba-05a7-4930-b8dd-7c5fd03e97ac.dll.vir
2014-07-22 18:53:09 . 2014-03-07 18:32:13           45,816 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\57d7325c-8462-4866-a9ca-3f9228775fed.dll.vir
2014-07-22 18:53:09 . 2014-03-06 01:01:07           45,816 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\51fdf16e-ecb9-4fa4-8469-76fc9a22293b.dll.vir
2014-07-22 18:53:09 . 2013-11-05 18:49:25           58,104 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\073fb38f-0e69-479d-bca1-4f81ec9dcbf6.dll.vir
2014-07-22 18:53:09 . 2013-10-28 16:05:41           49,912 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\2a6b5d0b-a2fc-4bdd-b3fe-6bbefb85b7e4.dll.vir
2014-07-22 18:53:09 . 2013-10-12 00:32:45           49,912 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\f12de547-df4d-4236-9129-baac054f90ab.dll.vir
2014-07-22 18:53:08 . 2013-08-26 23:33:18           45,816 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\50441041-9037-4c34-842c-4a8523e700da.dll.vir
2014-07-22 18:53:08 . 2013-07-08 20:14:04           49,912 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\0d06f79c-d0e6-4610-9a2b-d8f1a48f4252.dll.vir
2014-07-22 18:53:08 . 2013-06-12 17:02:30           39,984 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\ba005e12-3139-4327-9f7a-9f2ea6a6c841.dll.vir
2014-07-22 18:53:08 . 2013-05-06 18:18:56           44,080 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\1b0b3c38-2b97-4f8d-954b-06296209b73d.dll.vir
2014-07-22 18:53:08 . 2013-04-30 20:37:39           44,080 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\bea3f575-677a-4c92-89ca-7be8480c11a9.dll.vir
2014-07-22 18:53:07 . 2013-04-24 00:39:13           39,984 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\2eccd5d6-e118-4f76-97b6-ba56fb6c597a.dll.vir
2014-07-22 18:53:07 . 2013-02-20 23:36:47           52,272 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\e5a71f43-c979-4b3d-a544-9ed1dc6dc4c8.dll.vir
2014-07-22 18:53:07 . 2013-01-31 21:57:03           44,080 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\dfc97e68-74cd-4807-807f-ac146d81ec5d.dll.vir
2014-07-22 18:53:06 . 2012-01-19 21:45:33           26,192 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\8d357f17-07ad-4392-ba06-fb67564c98cd.dll.vir
2014-07-22 18:53:05 . 2012-01-19 21:27:18           35,408 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\d1f4dc82-bc4c-4916-b37c-3ab9c30ae468.dll.vir
2014-07-22 18:53:05 . 2011-09-30 20:04:38           47,696 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\f9dc840b-c6f7-42a5-acec-50cc7a2827fd.dll.vir
2014-07-22 18:53:05 . 2011-07-19 22:58:09           31,312 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\ae67b364-b69e-471e-b177-2459120b84d4.dll.vir
2014-07-22 18:53:05 . 2011-06-08 15:58:11           23,632 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\3972fea3-214c-4935-a7d1-96bf66115683.dll.vir
2014-07-22 18:53:05 . 2011-05-19 15:43:17           26,192 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\7dbfef1a-6148-4748-a1b3-71627763a45a.dll.vir
2014-07-22 18:53:05 . 2011-05-17 20:45:07           26,704 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\bf647bd7-dfb5-4746-a6b4-b7c2fdbbf3b1.dll.vir
2014-07-22 18:53:05 . 2011-05-03 15:53:41           26,192 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\f06c5597-1a85-4d1f-ac16-a6fdd2a6bedc.dll.vir
2014-07-22 18:53:04 . 2011-05-03 15:47:20           26,192 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\813755dc-2229-47a2-b85b-19d0aaa641c9.dll.vir
2014-07-22 18:53:04 . 2011-05-06 19:56:12           39,504 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\6820b110-e483-4f1e-9b48-438f7916f078.dll.vir
2014-07-22 18:53:04 . 2011-05-06 15:01:51           39,504 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\4546f2bc-b9d9-4667-abe7-b0bacc90279e.dll.vir
2014-07-22 18:53:03 . 2011-04-26 19:48:08           26,704 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\1e0aaf9a-9947-4a7b-b1ae-8a89919438ed.dll.vir
2014-07-22 18:53:03 . 2011-04-26 19:41:21           26,704 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\cdda52ec-6ccd-425a-8c72-b7bbdc8b3acd.dll.vir
2014-07-22 18:53:03 . 2011-04-19 23:28:55           26,704 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\a9de0c84-9a7c-4638-9653-13aa8cf56e80.dll.vir
2014-07-22 18:53:03 . 2011-04-19 22:35:27           26,704 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\6f4fb483-ce30-493a-8cb4-3e530ab1be5b.dll.vir
2014-07-22 18:53:03 . 2011-04-19 22:27:55           26,704 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\263d6ac9-4f87-466c-947c-bd9af71d7035.dll.vir
2014-07-22 18:53:02 . 2011-04-14 19:50:42           26,704 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\4818e109-9489-4cd8-9044-44defd8ec187.dll.vir
2014-07-22 18:53:02 . 2011-04-14 18:13:04           26,704 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\6b5978fa-48d7-4309-a523-7e157768c0d8.dll.vir
2014-07-22 18:53:02 . 2011-04-14 17:43:30           26,704 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\872965c7-08b7-47fc-a74c-ff167590b71a.dll.vir
2014-07-22 18:53:02 . 2011-04-12 20:44:49           26,704 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\e45cd45a-4d7c-4802-881f-74582b847e5c.dll.vir
2014-07-22 18:53:01 . 2011-04-11 16:48:37           26,192 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\67c3d4fe-b638-467a-9fe2-c5813ade3330.dll.vir
2014-07-22 18:53:01 . 2011-04-11 16:41:44           26,704 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\ef78c3e8-1d94-4219-8070-7617e119bba4.dll.vir
2014-07-22 18:53:01 . 2011-04-11 16:16:57           26,704 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\3b1c7acd-5e3e-4459-ab98-5109117e2341.dll.vir
2014-07-22 18:53:00 . 2011-04-11 16:12:06           26,704 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\c4211805-b43b-471d-81af-4e0589f8607b.dll.vir
2014-07-22 18:52:59 . 2011-04-11 16:07:14           26,192 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\0d461521-7dbf-4cec-a29e-936c88cdf8c9.dll.vir
2014-07-22 18:52:59 . 2011-04-11 16:01:58           26,192 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\b4cc2a4a-87f5-49cd-935c-18f1a80e65b7.dll.vir
2014-07-22 18:52:59 . 2011-04-11 15:52:23           26,192 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\100c3865-0c76-461b-b2fd-042d6d5fa7f6.dll.vir
2014-07-22 18:52:59 . 2011-04-08 20:42:57           26,192 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\b2152f30-7380-4987-8fcf-e4c06952615d.dll.vir
2014-07-22 18:52:58 . 2011-04-08 20:20:45           26,704 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\bc6fc708-5b6b-4a72-b336-09b3089baa7a.dll.vir
2014-07-22 18:52:58 . 2011-04-08 20:12:16           26,192 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\3410f47b-5e8c-47c6-bf2c-234af4121d4c.dll.vir
2014-07-22 18:52:58 . 2011-04-08 20:04:03           26,704 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\d34c0cf7-889f-43dd-9283-b2b6f442aae3.dll.vir
2014-07-22 18:52:58 . 2011-04-08 19:56:03           26,192 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\4804ced5-915b-48a3-a465-b8a5e02714bf.dll.vir
2014-07-22 18:52:57 . 2011-04-08 18:27:10           26,192 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\378deb7f-049e-4a5e-83b2-5381dcd9e928.dll.vir
2014-07-22 18:52:57 . 2011-04-08 18:12:56           26,704 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\62d1f0b0-bc9a-4f6c-bad7-93b19a91276a.dll.vir
2014-07-22 18:52:57 . 2011-04-08 17:57:00           26,192 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\934f6059-2d35-4bd9-a130-a17cb5563507.dll.vir
2014-07-22 18:52:56 . 2011-04-08 17:28:00           26,704 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\173c4dd2-e93c-4725-b006-db1d8f465192.dll.vir
2014-07-22 18:52:55 . 2011-04-08 16:59:03           26,192 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\739db3eb-d3cd-4c86-a6ea-01a49984fa3b.dll.vir
2014-07-22 18:52:55 . 2011-04-07 00:24:19           26,192 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\ddb9fe5d-525c-4d5d-ac37-0bd10f2864f8.dll.vir
2014-07-22 18:52:55 . 2011-04-07 00:09:39           26,192 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\7bd83798-7a02-4f50-83a2-b91cabcbd1f9.dll.vir
2014-07-22 18:52:54 . 2011-03-24 17:41:34          719,440 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\a61f44a8-21a3-4c4a-a04b-993dfb73bf96.dll.vir
 


#10 crusty1954

crusty1954
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 23 July 2014 - 10:12 AM

Nasdaq,

 

Update to previous post this morning:

 

I Deleted PCDr and Package Cache from Program Files and Program Data.

It was not listed in Programs under Control Panel.

 

I rebooted and again verified that I can still download ComboFix - successful.

Should I run it again in Safe Mode?

 

Thanks

crusty1954



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:40 AM

Posted 23 July 2014 - 12:57 PM

No need to run ComboFix in safe mode.
It's best run in Normal Mode.


With respect to DSD_5904
I found this one Google.
http://www.flickr.com/photos/8913711@N03/578538543/

Did you ever used that flicker.com site?

#12 crusty1954

crusty1954
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 23 July 2014 - 02:47 PM

Nasdaq,

 

Someone could have used my computer and followed a news link or other to end up @ Flicker.

If that was the source of the infection, I will avoid it.

 

Running ComboFix in Normal Mode from a CD DID NOT find the problem.

ONLY after running ComboFix in Safe Mode from my Desktop was I able to find and remove the apparent problem; PCDr.

How that got on my machine is a mystery, but since it's removal I can now download ComboFix to my computer.

Apparently PCDr does not like ComboFix and deletes it completely w/out any warning EVERYWHERE it finds it.

 

Did you see the Combofix files posted this morning?

Should I run ComboFix again just to make sure?

 

Thanks

 

Crusty1954



#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:40 AM

Posted 24 July 2014 - 06:50 AM

Yes please run it again and post the log for my review.

#14 crusty1954

crusty1954
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 24 July 2014 - 08:45 PM

Nasdaq,

 

I ran it again in Safe Mode w/Networking and it found new c:\program data\PCDr dll's.....and deleted them.

But, I could not find PCDr in Program Files.

 

From an internet search, someone said that Dell uses PCDr to gather system information, so I went into msconfig and turned off the Dell System Detect.

After re-booting, there were no more PCDr dll's.

 

The Combofix Log and Quarantine files are listed below.

As a note, the top file in the Quarantine file has TOMORROW's date!  something related to Garmin which I have removed and turned off.

Does this indicate anything?

I will post another Combofix log file soon to see if the PCDr dll's are not found.

 

Thanks

crusty1954

 

 

ComboFix Log in Safe Mode w/Networking:

 

ComboFix 14-07-15.03 - Crusty 07/23/2014   9:48.12.8 - x64 MINIMAL
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8086.6989 [GMT -4:00]
Running from: c:\users\Crusty\Documents\ComboFix\ComboFix.exe
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6426\AddOnDownloaded\073fb38f-0e69-479d-bca1-4f81ec9dcbf6.dll
c:\programdata\PCDr\6426\AddOnDownloaded\0d06f79c-d0e6-4610-9a2b-d8f1a48f4252.dll
c:\programdata\PCDr\6426\AddOnDownloaded\0d461521-7dbf-4cec-a29e-936c88cdf8c9.dll
c:\programdata\PCDr\6426\AddOnDownloaded\100c3865-0c76-461b-b2fd-042d6d5fa7f6.dll
c:\programdata\PCDr\6426\AddOnDownloaded\14c2ae57-d39d-4154-a95b-3f8a45dcf01e.dll
c:\programdata\PCDr\6426\AddOnDownloaded\173c4dd2-e93c-4725-b006-db1d8f465192.dll
c:\programdata\PCDr\6426\AddOnDownloaded\1b0b3c38-2b97-4f8d-954b-06296209b73d.dll
c:\programdata\PCDr\6426\AddOnDownloaded\1e0aaf9a-9947-4a7b-b1ae-8a89919438ed.dll
c:\programdata\PCDr\6426\AddOnDownloaded\263d6ac9-4f87-466c-947c-bd9af71d7035.dll
c:\programdata\PCDr\6426\AddOnDownloaded\2a6b5d0b-a2fc-4bdd-b3fe-6bbefb85b7e4.dll
c:\programdata\PCDr\6426\AddOnDownloaded\2eccd5d6-e118-4f76-97b6-ba56fb6c597a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\3410f47b-5e8c-47c6-bf2c-234af4121d4c.dll
c:\programdata\PCDr\6426\AddOnDownloaded\378deb7f-049e-4a5e-83b2-5381dcd9e928.dll
c:\programdata\PCDr\6426\AddOnDownloaded\3972fea3-214c-4935-a7d1-96bf66115683.dll
c:\programdata\PCDr\6426\AddOnDownloaded\3b1c7acd-5e3e-4459-ab98-5109117e2341.dll
c:\programdata\PCDr\6426\AddOnDownloaded\4546f2bc-b9d9-4667-abe7-b0bacc90279e.dll
c:\programdata\PCDr\6426\AddOnDownloaded\4804ced5-915b-48a3-a465-b8a5e02714bf.dll
c:\programdata\PCDr\6426\AddOnDownloaded\4818e109-9489-4cd8-9044-44defd8ec187.dll
c:\programdata\PCDr\6426\AddOnDownloaded\50441041-9037-4c34-842c-4a8523e700da.dll
c:\programdata\PCDr\6426\AddOnDownloaded\51fdf16e-ecb9-4fa4-8469-76fc9a22293b.dll
c:\programdata\PCDr\6426\AddOnDownloaded\57d7325c-8462-4866-a9ca-3f9228775fed.dll
c:\programdata\PCDr\6426\AddOnDownloaded\62d1f0b0-bc9a-4f6c-bad7-93b19a91276a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\67c3d4fe-b638-467a-9fe2-c5813ade3330.dll
c:\programdata\PCDr\6426\AddOnDownloaded\6820b110-e483-4f1e-9b48-438f7916f078.dll
c:\programdata\PCDr\6426\AddOnDownloaded\6b5978fa-48d7-4309-a523-7e157768c0d8.dll
c:\programdata\PCDr\6426\AddOnDownloaded\6f4fb483-ce30-493a-8cb4-3e530ab1be5b.dll
c:\programdata\PCDr\6426\AddOnDownloaded\739db3eb-d3cd-4c86-a6ea-01a49984fa3b.dll
c:\programdata\PCDr\6426\AddOnDownloaded\7bd83798-7a02-4f50-83a2-b91cabcbd1f9.dll
c:\programdata\PCDr\6426\AddOnDownloaded\7dbfef1a-6148-4748-a1b3-71627763a45a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\813755dc-2229-47a2-b85b-19d0aaa641c9.dll
c:\programdata\PCDr\6426\AddOnDownloaded\872965c7-08b7-47fc-a74c-ff167590b71a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\8d357f17-07ad-4392-ba06-fb67564c98cd.dll
c:\programdata\PCDr\6426\AddOnDownloaded\934f6059-2d35-4bd9-a130-a17cb5563507.dll
c:\programdata\PCDr\6426\AddOnDownloaded\a61f44a8-21a3-4c4a-a04b-993dfb73bf96.dll
c:\programdata\PCDr\6426\AddOnDownloaded\a9de0c84-9a7c-4638-9653-13aa8cf56e80.dll
c:\programdata\PCDr\6426\AddOnDownloaded\aa188883-7465-4d95-a86a-d8b5632bc167.dll
c:\programdata\PCDr\6426\AddOnDownloaded\ae67b364-b69e-471e-b177-2459120b84d4.dll
c:\programdata\PCDr\6426\AddOnDownloaded\b2152f30-7380-4987-8fcf-e4c06952615d.dll
c:\programdata\PCDr\6426\AddOnDownloaded\b4cc2a4a-87f5-49cd-935c-18f1a80e65b7.dll
c:\programdata\PCDr\6426\AddOnDownloaded\ba005e12-3139-4327-9f7a-9f2ea6a6c841.dll
c:\programdata\PCDr\6426\AddOnDownloaded\bc6fc708-5b6b-4a72-b336-09b3089baa7a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\bea3f575-677a-4c92-89ca-7be8480c11a9.dll
c:\programdata\PCDr\6426\AddOnDownloaded\bf647bd7-dfb5-4746-a6b4-b7c2fdbbf3b1.dll
c:\programdata\PCDr\6426\AddOnDownloaded\c4211805-b43b-471d-81af-4e0589f8607b.dll
c:\programdata\PCDr\6426\AddOnDownloaded\c4553126-8176-4250-ad3c-b6a89d558337.dll
c:\programdata\PCDr\6426\AddOnDownloaded\c6bf01ba-05a7-4930-b8dd-7c5fd03e97ac.dll
c:\programdata\PCDr\6426\AddOnDownloaded\cdda52ec-6ccd-425a-8c72-b7bbdc8b3acd.dll
c:\programdata\PCDr\6426\AddOnDownloaded\d1f4dc82-bc4c-4916-b37c-3ab9c30ae468.dll
c:\programdata\PCDr\6426\AddOnDownloaded\d34c0cf7-889f-43dd-9283-b2b6f442aae3.dll
c:\programdata\PCDr\6426\AddOnDownloaded\ddb9fe5d-525c-4d5d-ac37-0bd10f2864f8.dll
c:\programdata\PCDr\6426\AddOnDownloaded\dfc97e68-74cd-4807-807f-ac146d81ec5d.dll
c:\programdata\PCDr\6426\AddOnDownloaded\e45cd45a-4d7c-4802-881f-74582b847e5c.dll
c:\programdata\PCDr\6426\AddOnDownloaded\e5a71f43-c979-4b3d-a544-9ed1dc6dc4c8.dll
c:\programdata\PCDr\6426\AddOnDownloaded\ef78c3e8-1d94-4219-8070-7617e119bba4.dll
c:\programdata\PCDr\6426\AddOnDownloaded\f06c5597-1a85-4d1f-ac16-a6fdd2a6bedc.dll
c:\programdata\PCDr\6426\AddOnDownloaded\f12de547-df4d-4236-9129-baac054f90ab.dll
c:\programdata\PCDr\6426\AddOnDownloaded\f9dc840b-c6f7-42a5-acec-50cc7a2827fd.dll
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-23 to 2014-07-23  )))))))))))))))))))))))))))))))
.
.
2014-07-23 13:05 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{52FFD3CE-90C9-48A4-8C9E-1F148337C947}\mpengine.dll
2014-07-23 12:45 . 2014-07-23 12:46 -------- d-----w- c:\users\Crusty\Books - pdf
2014-07-23 05:48 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-07-21 18:04 . 2014-07-22 12:32 -------- d-----w- C:\FRST
2014-07-21 17:53 . 2010-08-30 12:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-07-21 14:09 . 2014-05-02 01:08 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AEEB182F-5595-4A93-8DB5-52EA4BA7BA4D}\gapaengine.dll
2014-07-16 14:06 . 2014-07-16 14:06 -------- d-----w- c:\users\Crusty\AppData\Local\Western Digital
2014-07-16 14:06 . 2014-07-16 14:06 -------- d-----w- c:\users\Crusty\AppData\Local\Western_Digital_Technolog
2014-07-16 13:50 . 2014-07-16 13:50 -------- d-----w- c:\program files\Western Digital
2014-07-16 13:50 . 2014-07-16 13:50 -------- d-----w- c:\program files\Common Files\Western Digital
2014-07-16 13:48 . 2014-07-16 13:48 -------- d-----w- c:\program files (x86)\Common Files\Western Digital
2014-07-15 20:55 . 2014-07-15 20:55 -------- d-----w- c:\users\Crusty\AppData\Roaming\Dell
2014-07-15 20:54 . 2014-07-22 18:51 -------- d-----w- c:\programdata\PCDr
2014-07-15 20:54 . 2014-07-15 20:54 -------- d-----w- c:\programdata\PC-Doctor for Windows
2014-07-15 20:54 . 2014-07-15 20:54 -------- d-----w- c:\program files\Dell Support Center
2014-07-15 20:54 . 2014-07-15 20:54 -------- d-----w- c:\program files\My Dell
2014-07-15 20:52 . 2014-07-22 18:53 -------- d-----w- c:\users\Crusty\AppData\Roaming\PCDr
2014-07-15 20:52 . 2014-07-15 21:01 -------- d-----w- C:\temp
2014-07-05 03:04 . 2014-07-16 10:37 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-05 03:03 . 2014-07-05 03:04 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-07-05 03:03 . 2014-05-12 11:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-09 07:09 . 2012-09-05 16:54 96441528 ----a-w- c:\windows\system32\MRT.exe
2014-05-12 11:26 . 2013-10-25 14:38 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-12 11:25 . 2012-09-05 18:47 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-08 13:33 . 2012-09-05 00:04 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-08 13:33 . 2012-09-05 00:04 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-02 01:08 . 2013-10-17 22:06 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-04-25 02:34 . 2014-06-11 22:29 801280 ----a-w- c:\windows\system32\usp10.dll
2014-04-25 02:06 . 2014-06-11 22:29 626688 ----a-w- c:\windows\SysWow64\usp10.dll
2001-01-28 03:10 60928 --sha-w- c:\windows\SysWOW64\ntport.dll
2001-01-23 04:23 6080 --sha-w- c:\windows\SysWOW64\zntport.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCShowServer"="c:\users\Crusty\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe" [2013-06-25 1765744]
"DellSystemDetect"="c:\users\Crusty\AppData\Local\Apps\2.0\E246BOXT.WPC\A2Q8G4HY.2Z9\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe" [2014-07-15 262720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 537992]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 537992]
"WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2013-06-19 5524336]
"WD Drive Unlocker"="c:\program files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe" [2014-05-23 1694048]
"DriveUtilitiesHelper"="c:\program files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe" [2014-05-23 1852264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2014-06-09 122200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"{91140000-0011-0000-0000-0000000FF1CE}"="del" [X]
.
c:\users\Crusty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
NexDef Plug-in.lnk - c:\users\Crusty\AppData\Local\Autobahn\nexdef.exe [2013-3-14 15500800]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [x]
R1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 cpextender;Check Point SSL Network Extender;c:\program files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe;c:\program files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe [x]
R2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
R2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
R2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [x]
R2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 DIRECTIO;DIRECTIO;c:\program files\PerformanceTest\DirectIo64.sys;c:\program files\PerformanceTest\DirectIo64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys;c:\windows\SYSNATIVE\drivers\nvstusb.sys [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys;c:\windows\SYSNATIVE\DRIVERS\qicflt.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\DRIVERS\vna.sys;c:\windows\SYSNATIVE\DRIVERS\vna.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
R3 XHCIPort;USB-IF xHCI USB Host Controller;c:\windows\system32\DRIVERS\XHCIPort.sys;c:\windows\SYSNATIVE\DRIVERS\XHCIPort.sys [x]
R4 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [x]
R4 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]
R4 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
R4 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
R4 MbaeSvc;Malwarebytes Anti-Exploit Service;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [x]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R4 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [x]
R4 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys;c:\windows\SYSNATIVE\DRIVERS\Accelern.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-18 14:10 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-05 13:33]
.
2014-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-26 15:35]
.
2014-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cf0250dfdef7f2.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-26 15:35]
.
2014-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-642430525-3971105479-3747859108-1001Core.job
- c:\users\Crusty\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-26 15:42]
.
2014-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-642430525-3971105479-3747859108-1001UA1cf6ac2188083b6.job
- c:\users\Crusty\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-26 15:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-11-04 540992]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-09-15 1935120]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-10-12 1464984]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-10-12 2075288]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: dell.com
TCP: DhcpNameServer = 192.168.1.254
DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} - hxxp://192.168.1.116:8091/codebase/DVM_IPCam2.ocx
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-07-23  09:56:23
ComboFix-quarantined-files.txt  2014-07-23 13:56
ComboFix2.txt  2014-07-15 20:06
.
Pre-Run: 430,696,828,928 bytes free
Post-Run: 430,591,930,368 bytes free
.
- - End Of File - - FC78F41417A2C119E717D6156361BADA
 
 
 
ComboFix Quarantine file:
 
2014-07-25 01:02:30 . 2014-07-25 01:02:30              174 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKU-Default-Run-GarminExpressTrayApp.reg.dat
2014-07-24 20:01:47 . 2014-07-23 17:40:05           66,296 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\edc945f3-3954-45e7-9a70-30ec3406dc28.dll.vir
2014-07-24 20:01:47 . 2014-07-23 17:07:32           66,296 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\aad72ad9-b2a9-499c-b5f3-aefdb7159aef.dll.vir
2014-07-24 20:01:47 . 2014-07-23 16:52:00           66,296 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\c98a4b24-626c-4736-8d18-dd5b3e47d741.dll.vir
2014-07-23 20:42:45 . 2014-07-14 21:34:01           66,296 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\14c2ae57-d39d-4154-a95b-3f8a45dcf01e.dll.vir
2014-07-23 20:42:44 . 2014-07-14 21:11:42           66,296 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\aa188883-7465-4d95-a86a-d8b5632bc167.dll.vir
2014-07-23 20:42:44 . 2014-07-14 21:01:24           66,296 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\c4553126-8176-4250-ad3c-b6a89d558337.dll.vir
2014-07-23 20:42:43 . 2014-04-25 20:26:36           82,680 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\c6bf01ba-05a7-4930-b8dd-7c5fd03e97ac.dll.vir
2014-07-23 20:42:43 . 2014-03-07 18:32:13           45,816 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\57d7325c-8462-4866-a9ca-3f9228775fed.dll.vir
2014-07-23 20:42:43 . 2014-03-06 01:01:07           45,816 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\51fdf16e-ecb9-4fa4-8469-76fc9a22293b.dll.vir
2014-07-23 20:42:43 . 2013-11-05 18:49:25           58,104 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\073fb38f-0e69-479d-bca1-4f81ec9dcbf6.dll.vir
2014-07-23 20:42:43 . 2013-10-28 16:05:41           49,912 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\2a6b5d0b-a2fc-4bdd-b3fe-6bbefb85b7e4.dll.vir
2014-07-23 20:42:42 . 2013-10-12 00:32:45           49,912 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\f12de547-df4d-4236-9129-baac054f90ab.dll.vir
2014-07-23 20:42:42 . 2013-08-26 23:33:18           45,816 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\50441041-9037-4c34-842c-4a8523e700da.dll.vir
2014-07-23 20:42:42 . 2013-07-08 20:14:04           49,912 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\0d06f79c-d0e6-4610-9a2b-d8f1a48f4252.dll.vir
2014-07-23 20:42:42 . 2013-06-12 17:02:30           39,984 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\ba005e12-3139-4327-9f7a-9f2ea6a6c841.dll.vir
2014-07-23 20:42:42 . 2013-05-06 18:18:56           44,080 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\1b0b3c38-2b97-4f8d-954b-06296209b73d.dll.vir
2014-07-23 20:42:41 . 2013-04-30 20:37:39           44,080 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\bea3f575-677a-4c92-89ca-7be8480c11a9.dll.vir
2014-07-23 20:42:41 . 2013-04-24 00:39:13           39,984 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\2eccd5d6-e118-4f76-97b6-ba56fb6c597a.dll.vir
2014-07-23 20:42:40 . 2013-02-20 23:36:47           52,272 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\e5a71f43-c979-4b3d-a544-9ed1dc6dc4c8.dll.vir
2014-07-23 20:42:40 . 2013-01-31 21:57:03           44,080 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\dfc97e68-74cd-4807-807f-ac146d81ec5d.dll.vir
2014-07-23 20:42:40 . 2012-01-19 21:45:33           26,192 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\8d357f17-07ad-4392-ba06-fb67564c98cd.dll.vir
2014-07-23 20:42:40 . 2012-01-19 21:27:18           35,408 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\d1f4dc82-bc4c-4916-b37c-3ab9c30ae468.dll.vir
2014-07-23 20:42:40 . 2011-09-30 20:04:38           47,696 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\f9dc840b-c6f7-42a5-acec-50cc7a2827fd.dll.vir
2014-07-23 20:42:40 . 2011-07-19 22:58:09           31,312 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\ae67b364-b69e-471e-b177-2459120b84d4.dll.vir
2014-07-23 20:42:39 . 2011-06-08 15:58:11           23,632 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\3972fea3-214c-4935-a7d1-96bf66115683.dll.vir
2014-07-23 20:42:39 . 2011-05-19 15:43:17           26,192 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\7dbfef1a-6148-4748-a1b3-71627763a45a.dll.vir
2014-07-23 20:42:39 . 2011-05-17 20:45:07           26,704 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\bf647bd7-dfb5-4746-a6b4-b7c2fdbbf3b1.dll.vir
2014-07-23 20:42:38 . 2011-05-03 15:53:41           26,192 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\f06c5597-1a85-4d1f-ac16-a6fdd2a6bedc.dll.vir
2014-07-23 20:42:38 . 2011-05-03 15:47:20           26,192 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\813755dc-2229-47a2-b85b-19d0aaa641c9.dll.vir
2014-07-23 20:42:37 . 2011-05-06 19:56:12           39,504 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\6820b110-e483-4f1e-9b48-438f7916f078.dll.vir
2014-07-23 20:42:37 . 2011-05-06 15:01:51           39,504 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\4546f2bc-b9d9-4667-abe7-b0bacc90279e.dll.vir
2014-07-23 20:42:37 . 2011-04-26 19:48:08           26,704 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\1e0aaf9a-9947-4a7b-b1ae-8a89919438ed.dll.vir
2014-07-23 20:42:37 . 2011-04-26 19:41:21           26,704 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\cdda52ec-6ccd-425a-8c72-b7bbdc8b3acd.dll.vir
2014-07-23 20:42:37 . 2011-04-19 23:28:55           26,704 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\a9de0c84-9a7c-4638-9653-13aa8cf56e80.dll.vir
2014-07-23 20:42:36 . 2011-04-19 22:35:27           26,704 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\6f4fb483-ce30-493a-8cb4-3e530ab1be5b.dll.vir
2014-07-23 20:42:36 . 2011-04-19 22:27:55           26,704 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\263d6ac9-4f87-466c-947c-bd9af71d7035.dll.vir
2014-07-23 20:42:35 . 2011-04-14 19:50:42           26,704 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\4818e109-9489-4cd8-9044-44defd8ec187.dll.vir
2014-07-23 20:42:35 . 2011-04-14 18:13:04           26,704 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\6b5978fa-48d7-4309-a523-7e157768c0d8.dll.vir
2014-07-23 20:42:35 . 2011-04-14 17:43:30           26,704 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\872965c7-08b7-47fc-a74c-ff167590b71a.dll.vir
2014-07-23 20:42:35 . 2011-04-12 20:44:49           26,704 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\e45cd45a-4d7c-4802-881f-74582b847e5c.dll.vir
2014-07-23 20:42:35 . 2011-04-11 16:48:37           26,192 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\67c3d4fe-b638-467a-9fe2-c5813ade3330.dll.vir
2014-07-23 20:42:34 . 2011-04-11 16:41:44           26,704 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\ef78c3e8-1d94-4219-8070-7617e119bba4.dll.vir
2014-07-23 20:42:34 . 2011-04-11 16:16:57           26,704 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\3b1c7acd-5e3e-4459-ab98-5109117e2341.dll.vir
2014-07-23 20:42:34 . 2011-04-11 16:12:06           26,704 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\c4211805-b43b-471d-81af-4e0589f8607b.dll.vir
2014-07-23 20:42:33 . 2011-04-11 16:07:14           26,192 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\0d461521-7dbf-4cec-a29e-936c88cdf8c9.dll.vir
2014-07-23 20:42:33 . 2011-04-11 16:01:58           26,192 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\b4cc2a4a-87f5-49cd-935c-18f1a80e65b7.dll.vir
2014-07-23 20:42:33 . 2011-04-11 15:52:23           26,192 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\100c3865-0c76-461b-b2fd-042d6d5fa7f6.dll.vir
2014-07-23 20:42:33 . 2011-04-08 20:42:57           26,192 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\b2152f30-7380-4987-8fcf-e4c06952615d.dll.vir
2014-07-23 20:42:32 . 2011-04-08 20:20:45           26,704 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\bc6fc708-5b6b-4a72-b336-09b3089baa7a.dll.vir
2014-07-23 20:42:32 . 2011-04-08 20:12:16           26,192 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\3410f47b-5e8c-47c6-bf2c-234af4121d4c.dll.vir
2014-07-23 20:42:32 . 2011-04-08 20:04:03           26,704 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\d34c0cf7-889f-43dd-9283-b2b6f442aae3.dll.vir
2014-07-23 20:42:31 . 2011-04-08 19:56:03           26,192 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\4804ced5-915b-48a3-a465-b8a5e02714bf.dll.vir
2014-07-23 20:42:31 . 2011-04-08 18:27:10           26,192 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\378deb7f-049e-4a5e-83b2-5381dcd9e928.dll.vir
2014-07-23 20:42:31 . 2011-04-08 18:12:56           26,704 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\62d1f0b0-bc9a-4f6c-bad7-93b19a91276a.dll.vir
2014-07-23 20:42:31 . 2011-04-08 17:57:00           26,192 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\934f6059-2d35-4bd9-a130-a17cb5563507.dll.vir
2014-07-23 20:42:31 . 2011-04-08 17:28:00           26,704 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\173c4dd2-e93c-4725-b006-db1d8f465192.dll.vir
2014-07-23 20:42:30 . 2011-04-08 16:59:03           26,192 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\739db3eb-d3cd-4c86-a6ea-01a49984fa3b.dll.vir
2014-07-23 20:42:30 . 2011-04-07 00:24:19           26,192 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\ddb9fe5d-525c-4d5d-ac37-0bd10f2864f8.dll.vir
2014-07-23 20:42:30 . 2011-04-07 00:09:39           26,192 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\7bd83798-7a02-4f50-83a2-b91cabcbd1f9.dll.vir
2014-07-23 20:42:29 . 2011-03-24 17:41:34          719,440 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\a61f44a8-21a3-4c4a-a04b-993dfb73bf96.dll.vir
2014-07-23 13:56:23 . 2014-07-23 13:56:23                0 ----a-w-  C:\Qoobox\Quarantine\MBR_HardDisk0.mbr
2014-07-23 13:55:19 . 2014-07-23 13:55:19               80 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-SynTPEnh.reg.dat
2014-07-23 13:55:17 . 2014-07-23 13:55:17              377 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47}.reg.dat
2014-07-23 13:55:07 . 2014-07-25 01:02:28              208 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-Locked.reg.dat
2014-07-23 13:52:22 . 2014-07-25 00:59:37           20,677 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2014-07-23 13:47:24 . 2014-07-25 00:52:40              102 ----a-w-  C:\Qoobox\Quarantine\catchme.log
 


#15 crusty1954

crusty1954
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 24 July 2014 - 09:23 PM

Nasdaq,

 

I ran ComboFix again in Safe Mode w/Networking; it appears that turning off Dell System Detect has prevented creation of the PCDr dll's.

 

The Quarantine File was not updated on this run.

The ComboFix Log File is pasted below.

**NOTE:  The date stamp on the Quatantine file and ComboFix2.txt on my machine DO NOT MATCH the date stamp at the bottom of the ComboFix Log file pasted here.  They are dated 2014-07-24 on my machine, but in the Log File they are listed as 2014-07-25; strange

 

Thanks

crusty1954

 

ComboFixLog, 2nd run:

 

ComboFix 14-07-24.01 - Crusty 07/24/2014  21:49:06.14.8 - x64 NETWORK
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8086.6667 [GMT -4:00]
Running from: c:\users\Crusty\Documents\ComboFix\ComboFix.exe
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-25 to 2014-07-25  )))))))))))))))))))))))))))))))
.
.
2014-07-25 01:56 . 2014-07-25 01:56 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-07-25 01:56 . 2014-07-25 01:56 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-07-25 01:56 . 2014-07-25 01:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-24 15:15 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D558F88E-5BDD-4053-857F-6D68B5EA61F0}\mpengine.dll
2014-07-23 13:05 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-07-23 12:45 . 2014-07-23 12:46 -------- d-----w- c:\users\Crusty\Books - pdf
2014-07-21 18:04 . 2014-07-22 12:32 -------- d-----w- C:\FRST
2014-07-21 17:53 . 2010-08-30 12:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-07-21 14:09 . 2014-05-02 01:08 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AEEB182F-5595-4A93-8DB5-52EA4BA7BA4D}\gapaengine.dll
2014-07-16 14:06 . 2014-07-16 14:06 -------- d-----w- c:\users\Crusty\AppData\Local\Western Digital
2014-07-16 14:06 . 2014-07-16 14:06 -------- d-----w- c:\users\Crusty\AppData\Local\Western_Digital_Technolog
2014-07-16 13:50 . 2014-07-16 13:50 -------- d-----w- c:\program files\Western Digital
2014-07-16 13:50 . 2014-07-16 13:50 -------- d-----w- c:\program files\Common Files\Western Digital
2014-07-16 13:48 . 2014-07-16 13:48 -------- d-----w- c:\program files (x86)\Common Files\Western Digital
2014-07-15 20:55 . 2014-07-15 20:55 -------- d-----w- c:\users\Crusty\AppData\Roaming\Dell
2014-07-15 20:54 . 2014-07-15 20:54 -------- d-----w- c:\program files\Dell Support Center
2014-07-15 20:54 . 2014-07-15 20:54 -------- d-----w- c:\program files\My Dell
2014-07-15 20:52 . 2014-07-22 18:53 -------- d-----w- c:\users\Crusty\AppData\Roaming\PCDr
2014-07-15 20:52 . 2014-07-15 21:01 -------- d-----w- C:\temp
2014-07-05 03:04 . 2014-07-16 10:37 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-05 03:03 . 2014-07-05 03:04 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-07-05 03:03 . 2014-05-12 11:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-09 07:09 . 2012-09-05 16:54 96441528 ----a-w- c:\windows\system32\MRT.exe
2014-05-12 11:26 . 2013-10-25 14:38 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-12 11:25 . 2012-09-05 18:47 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-08 13:33 . 2012-09-05 00:04 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-08 13:33 . 2012-09-05 00:04 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-02 01:08 . 2013-10-17 22:06 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2001-01-28 03:10 60928 --sha-w- c:\windows\SysWOW64\ntport.dll
2001-01-23 04:23 6080 --sha-w- c:\windows\SysWOW64\zntport.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCShowServer"="c:\users\Crusty\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe" [2013-06-25 1765744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 537992]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 537992]
"WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2013-06-19 5524336]
"WD Drive Unlocker"="c:\program files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe" [2014-05-23 1694048]
"DriveUtilitiesHelper"="c:\program files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe" [2014-05-23 1852264]
"Malwarebytes Anti-Exploit"="c:\program files (x86)\Malwarebytes Anti-Exploit\mbae.exe" [2014-02-21 1294136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"{91140000-0011-0000-0000-0000000FF1CE}"="del" [X]
.
c:\users\Crusty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
NexDef Plug-in.lnk - c:\users\Crusty\AppData\Local\Autobahn\nexdef.exe [2013-3-14 15500800]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [x]
R1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 cpextender;Check Point SSL Network Extender;c:\program files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe;c:\program files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe [x]
R2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
R2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
R2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [x]
R2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 DIRECTIO;DIRECTIO;c:\program files\PerformanceTest\DirectIo64.sys;c:\program files\PerformanceTest\DirectIo64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys;c:\windows\SYSNATIVE\drivers\nvstusb.sys [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys;c:\windows\SYSNATIVE\DRIVERS\qicflt.sys [x]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
R3 XHCIPort;USB-IF xHCI USB Host Controller;c:\windows\system32\DRIVERS\XHCIPort.sys;c:\windows\SYSNATIVE\DRIVERS\XHCIPort.sys [x]
R4 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [x]
R4 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]
R4 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
R4 MbaeSvc;Malwarebytes Anti-Exploit Service;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [x]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R4 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [x]
R4 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys;c:\windows\SYSNATIVE\DRIVERS\Accelern.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\DRIVERS\vna.sys;c:\windows\SYSNATIVE\DRIVERS\vna.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-18 14:10 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-05 13:33]
.
2014-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-26 15:35]
.
2014-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cf0250dfdef7f2.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-26 15:35]
.
2014-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-642430525-3971105479-3747859108-1001Core.job
- c:\users\Crusty\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-26 15:42]
.
2014-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-642430525-3971105479-3747859108-1001UA1cf6ac2188083b6.job
- c:\users\Crusty\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-26 15:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-11-04 540992]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-09-15 1935120]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-10-12 1464984]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-10-12 2075288]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: dell.com
TCP: DhcpNameServer = 192.168.1.254
DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} - hxxp://192.168.1.116:8091/codebase/DVM_IPCam2.ocx
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-07-24  21:59:05
ComboFix-quarantined-files.txt  2014-07-25 01:59
ComboFix2.txt  2014-07-25 01:03
ComboFix3.txt  2014-07-23 13:56
ComboFix4.txt  2014-07-15 20:06
.
Pre-Run: 434,216,067,072 bytes free
Post-Run: 434,041,655,296 bytes free
.
- - End Of File - - 8C61519DC7EC6609A288AA1D0A58A9C7





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users