Jump to content

jdo44

Members
 View Profile  See their activity

  • Posts

    4

  • Joined

  • Last visited

 Content Type 

Posts posted by jdo44

    RogueHDD infection

    in Resolved Malware Removal Logs

    Posted

    Attach:

    .

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

    .

    DDS (Ver_2011-08-26.01)

    .

    Microsoft Windows 7 Home Premium

    Boot Device: \Device\HarddiskVolume2

    Install Date: 3/29/2012 6:31:35 AM

    System Uptime: 6/30/2012 3:11:21 PM (0 hours ago)

    .

    Motherboard: Dell Inc. | | 0YR8NN

    Processor: Intel® Core i7-2670QM CPU @ 2.20GHz | CPU | 2201/100mhz

    .

    ==== Disk Partitions =========================

    .

    C: is FIXED (NTFS) - 912 GiB total, 859.977 GiB free.

    D: is CDROM ()

    .

    ==== Disabled Device Manager Items =============

    .

    ==== System Restore Points ===================

    .

    RP35: 5/21/2012 6:54:54 AM - Windows Backup

    RP36: 5/31/2012 6:23:21 PM - Windows Backup

    RP37: 6/5/2012 3:00:12 AM - Windows Update

    RP38: 6/10/2012 7:25:49 PM - Windows Backup

    RP39: 6/14/2012 7:35:38 PM - Windows Update

    RP40: 6/17/2012 9:44:01 PM - Windows Backup

    RP41: 6/30/2012 2:15:27 PM - Windows Update

    RP42: 6/30/2012 2:18:55 PM - Windows Backup

    .

    ==== Installed Programs ======================

    .

    AccelerometerP11

    Accidental Damage Services Agreement

    Adobe AIR

    Adobe Reader X MUI

    Advanced Audio FX Engine

    Apple Application Support

    Apple Software Update

    Bing Bar

    Blio

    Cisco Connect

    Consumer In-Home Service Agreement

    Coupon Printer for Windows

    Cozi

    D3DX10

    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

    Dell DataSafe Local Backup

    Dell DataSafe Local Backup - Support Software

    Dell DataSafe Online

    Dell Getting Started Guide

    Dell MusicStage

    Dell PhotoStage

    Dell Stage

    Dell VideoStage

    Dell Webcam Central

    DirectX 9 Runtime

    eBay

    High-Definition Video Playback

    HP Deskjet 1000 J110 series Help

    HP Photo Creations

    HP Update

    Install LoJack for Laptops

    Intel PROSet Wireless

    Intel® Control Center

    Intel® Management Engine Components

    Intel® Processor Graphics

    Intel® WiDi

    Java Auto Updater

    Java 7 Update 1

    Junk Mail filter update

    Malwarebytes Anti-Malware version 1.61.0.1400

    McAfee SecurityCenter

    Mesh Runtime

    Microsoft Office 2010 Service Pack 1 (SP1)

    Microsoft Office Access MUI (English) 2010

    Microsoft Office Access Setup Metadata MUI (English) 2010

    Microsoft Office Excel MUI (English) 2010

    Microsoft Office Home and Student 2010

    Microsoft Office OneNote MUI (English) 2010

    Microsoft Office Outlook MUI (English) 2010

    Microsoft Office PowerPoint MUI (English) 2010

    Microsoft Office Proof (English) 2010

    Microsoft Office Proof (French) 2010

    Microsoft Office Proof (Spanish) 2010

    Microsoft Office Proofing (English) 2010

    Microsoft Office Publisher MUI (English) 2010

    Microsoft Office Shared MUI (English) 2010

    Microsoft Office Shared Setup Metadata MUI (English) 2010

    Microsoft Office Single Image 2010

    Microsoft Office Word MUI (English) 2010

    Microsoft Silverlight

    Microsoft SQL Server 2005 Compact Edition [ENU]

    Microsoft Visual C++ 2005 Redistributable

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

    MSVCRT

    MSVCRT_amd64

    MSXML 4.0 SP2 (KB954430)

    MSXML 4.0 SP2 (KB973688)

    Nero 10 Movie ThemePack Basic

    Nero Control Center 10

    Nero ControlCenter 10 Help (CHM)

    Nero Core Components 10

    Nero Update

    NVIDIA Stereoscopic 3D Driver

    PhotoShowExpress

    PlayReady PC Runtime x86

    Realtek High Definition Audio Driver

    Roxio Activation Module

    Roxio BackOnTrack

    Roxio Burn

    Roxio Creator Starter

    Roxio Express Labeler 3

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

    Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

    Security Update for Microsoft Office 2010 (KB2553091)

    Security Update for Microsoft Office 2010 (KB2553096)

    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

    Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition

    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

    Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition

    Skype™ 5.5

    Sonic CinePlayer Decoder Pack

    SyncUP

    TrustedID

    TrustedID IDMonitor Identity Protection

    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

    Update for Microsoft .NET Framework 4 Extended (KB2468871)

    Update for Microsoft .NET Framework 4 Extended (KB2533523)

    Update for Microsoft .NET Framework 4 Extended (KB2600217)

    Update for Microsoft Office 2010 (KB2553065)

    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

    Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

    Update for Microsoft Office 2010 (KB2566458)

    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

    Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

    Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

    Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

    Windows Live Communications Platform

    Windows Live Essentials

    Windows Live Installer

    Windows Live Mail

    Windows Live Mesh

    Windows Live Mesh ActiveX Control for Remote Connections

    Windows Live Messenger

    Windows Live Movie Maker

    Windows Live Photo Common

    Windows Live Photo Gallery

    Windows Live PIMT Platform

    Windows Live SOXE

    Windows Live SOXE Definitions

    Windows Live UX Platform

    Windows Live UX Platform Language Pack

    Windows Live Writer

    Windows Live Writer Resources

    Zinio Reader 4

    .

    ==== Event Viewer Messages From Past Week ========

    .

    6/30/2012 3:13:04 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

    6/30/2012 2:12:58 PM, Error: Service Control Manager [7034] - The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s).

    6/30/2012 2:10:44 PM, Error: Service Control Manager [7022] - The SSDP Discovery service hung on starting.

    6/30/2012 2:10:44 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: After starting, the service hung in a start-pending state.

    6/30/2012 2:10:33 PM, Error: Service Control Manager [7022] - The Function Discovery Resource Publication service hung on starting.

    6/30/2012 2:10:05 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

    .

    ==== End Of File ===========================

    RogueHDD infection

    in Resolved Malware Removal Logs

    Posted

    DDS

    .

    DDS (Ver_2011-08-26.01) - NTFSAMD64

    Internet Explorer: 9.0.8112.16421

    Run by Greatness at 15:18:19 on 2012-06-30

    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8086.5725 [GMT -4:00]

    .

    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

    .

    ============== Running Processes ===============

    .

    C:\Windows\system32\wininit.exe

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\nvvsvc.exe

    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

    C:\Windows\system32\svchost.exe -k RPCSS

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\servicing\TrustedInstaller.exe

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Windows\system32\WLANExt.exe

    C:\Windows\system32\conhost.exe

    C:\Windows\System32\spoolsv.exe

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

    C:\Program Files\Bonjour\mDNSResponder.exe

    C:\Program Files\Intel\WiFi\bin\EvtEng.exe

    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

    C:\Windows\system32\mfevtps.exe

    C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe

    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

    C:\Windows\system32\rundll32.exe

    C:\Windows\system32\rundll32.exe

    C:\Windows\SysWOW64\rundll32.exe

    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

    C:\Windows\system32\svchost.exe -k imgsvc

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

    C:\Windows\system32\wbem\unsecapp.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

    C:\Windows\system32\nvvsvc.exe

    C:\Windows\system32\taskhost.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

    C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

    C:\Windows\System32\hkcmd.exe

    C:\Windows\System32\igfxpers.exe

    C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

    C:\Program Files\Dell\QuickSet\quickset.exe

    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

    C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe

    C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    C:\Program Files (x86)\iTunes\iTunesHelper.exe

    C:\Program Files\McAfee.com\Agent\mcagent.exe

    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

    C:\Windows\system32\wbem\unsecapp.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\Windows\system32\SearchIndexer.exe

    C:\Windows\system32\SearchProtocolHost.exe

    C:\Program Files\Windows Media Player\wmpnetwk.exe

    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

    C:\Windows\System32\svchost.exe -k LocalServicePeerNet

    C:\Windows\system32\DllHost.exe

    C:\Windows\system32\taskeng.exe

    C:\Program Files (x86)\Absolute Software\Absolute Reminder\AbsoluteReminder.exe

    C:\Windows\system32\vssvc.exe

    C:\Program Files\Intel\TurboBoost\TurboBoost.exe

    C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

    C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

    C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

    C:\Windows\system32\taskeng.exe

    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

    C:\Windows\System32\svchost.exe -k swprv

    C:\Program Files (x86)\Internet Explorer\iexplore.exe

    C:\Program Files (x86)\Nero\Update\NASvc.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

    C:\Windows\system32\sppsvc.exe

    \\?\C:\Windows\system32\wbem\WMIADAP.EXE

    C:\Program Files\Common Files\McAfee\Core\mchost.exe

    c:\PROGRA~2\mcafee\SITEAD~1\saui.exe

    C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

    C:\Windows\system32\svchost.exe -k SDRSVC

    C:\Windows\system32\SearchFilterHost.exe

    C:\Windows\system32\igfxsrvc.exe

    C:\Windows\system32\DllHost.exe

    C:\Windows\system32\DllHost.exe

    C:\Windows\system32\DllHost.exe

    C:\Windows\SysWOW64\cmd.exe

    C:\Windows\system32\conhost.exe

    C:\Windows\SysWOW64\cscript.exe

    .

    ============== Pseudo HJT Report ===============

    .

    uInternet Settings,ProxyOverride = *.local

    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

    mWinlogon: Userinit=userinit.exe,

    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120630142207.dll

    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

    BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

    uRun: [MQtvEpTILjvJre.exe] C:\ProgramData\MQtvEpTILjvJre.exe

    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

    mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe

    mRun: [<NO NAME>]

    mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

    mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"

    mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900

    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

    mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup

    mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

    StartupFolder: C:\Users\GREATN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\INTEL(~1.LNK - C:\Program Files (x86)\Intel\TurboBoost\SignalIslandUi.exe

    mPolicies-explorer: NoActiveDesktop = 1 (0x1)

    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

    DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

    TCP: DhcpNameServer = 65.32.5.111 65.32.5.112

    TCP: Interfaces\{D945EA08-C32A-4ACF-9BAB-EE82A1F689C6} : DhcpNameServer = 172.26.38.1 172.26.38.2

    TCP: Interfaces\{F612AB27-6BED-4733-8E90-26E995291D6A} : DhcpNameServer = 65.32.5.111 65.32.5.112

    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll

    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

    Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll

    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

    AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll

    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    BHO-X64: AcroIEHelperStub - No File

    BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120630142207.dll

    BHO-X64: scriptproxy - No File

    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

    BHO-X64: URLRedirectionBHO - No File

    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

    BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

    TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

    mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe

    mRun-x64: [(Default)]

    mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

    mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"

    mRun-x64: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900

    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

    mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup

    mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

    mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

    AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll

    .

    ============= SERVICES / DRIVERS ===============

    .

    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

    R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

    R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]

    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

    R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]

    R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]

    R1 nvkflt;nvkflt;C:\Windows\system32\DRIVERS\nvkflt.sys --> C:\Windows\system32\DRIVERS\nvkflt.sys [?]

    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

    R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-3-22 98208]

    R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504]

    R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]

    R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-20 135440]

    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-6-6 249936]

    R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-6-6 249936]

    R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-6-6 249936]

    R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-6-6 249936]

    R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\SystemCore\mcshield.exe [2012-6-6 199272]

    R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe [2012-6-6 210584]

    R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]

    R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]

    R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]

    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-3-22 2253120]

    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-3-22 1692480]

    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-11-3 381248]

    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]

    R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-3-22 2656280]

    R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]

    R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\system32\DRIVERS\AMPPAL.sys --> C:\Windows\system32\DRIVERS\AMPPAL.sys [?]

    R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]

    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]

    R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

    R3 iwdbus;IWD Bus Enumerator;C:\Windows\system32\DRIVERS\iwdbus.sys --> C:\Windows\system32\DRIVERS\iwdbus.sys [?]

    R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

    R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]

    R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]

    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

    R3 qicflt;upper Device Filter Driver;C:\Windows\system32\DRIVERS\qicflt.sys --> C:\Windows\system32\DRIVERS\qicflt.sys [?]

    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

    R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

    S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-15 257696]

    S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\system32\DRIVERS\amppal.sys --> C:\Windows\system32\DRIVERS\amppal.sys [?]

    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]

    S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]

    S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\system32\drivers\intelaud.sys --> C:\Windows\system32\drivers\intelaud.sys [?]

    S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-1 340240]

    S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]

    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

    S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\system32\drivers\nvstusb.sys --> C:\Windows\system32\drivers\nvstusb.sys [?]

    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

    S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

    .

    =============== Created Last 30 ================

    .

    2012-06-30 18:16:59 2622464 ----a-w- C:\Windows\System32\wucltux.dll

    2012-06-30 18:16:28 99840 ----a-w- C:\Windows\System32\wudriver.dll

    2012-06-30 18:16:06 36864 ----a-w- C:\Windows\System32\wuapp.exe

    2012-06-30 18:16:06 186752 ----a-w- C:\Windows\System32\wuwebv.dll

    2012-06-30 18:15:01 -------- d-----w- C:\Users\Greatness\AppData\Roaming\Malwarebytes

    2012-06-30 18:14:44 -------- d-----w- C:\ProgramData\Malwarebytes

    2012-06-30 18:14:39 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

    2012-06-19 23:58:46 -------- d--h--w- C:\ProgramData\HP Photo Creations

    2012-06-19 23:58:46 -------- d-----w- C:\Program Files (x86)\HP Photo Creations

    2012-06-19 23:58:42 -------- d-----w- C:\Program Files (x86)\Coupons

    2012-06-19 23:58:33 -------- d-----w- C:\Users\Greatness\AppData\Roaming\HpUpdate

    2012-06-19 23:57:43 -------- d-----w- C:\Program Files (x86)\HP

    2012-06-19 23:56:46 -------- d-----w- C:\Program Files\HP

    2012-06-19 23:56:23 -------- d-----w- C:\Users\Greatness\AppData\Local\HP

    2012-06-14 00:46:02 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

    2012-06-14 00:46:02 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

    2012-06-14 00:46:02 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

    2012-06-07 02:13:43 -------- d-----w- C:\Program Files (x86)\McAfee.com

    2012-06-07 02:13:35 10248 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys

    2012-06-07 02:13:29 75936 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys

    2012-06-07 02:13:29 65264 ----a-w- C:\Windows\System32\drivers\cfwids.sys

    2012-06-07 02:13:29 487296 ----a-w- C:\Windows\System32\drivers\mfefirek.sys

    2012-06-07 02:13:29 289664 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys

    2012-06-07 02:13:29 229528 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys

    2012-06-07 02:13:29 100912 ----a-w- C:\Windows\System32\drivers\mferkdet.sys

    2012-06-07 02:13:22 -------- d-----w- C:\Program Files\McAfee.com

    2012-06-07 02:13:22 -------- d-----w- C:\Program Files\McAfee

    .

    ==================== Find3M ====================

    .

    2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll

    2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll

    2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

    2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

    2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

    2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

    2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

    2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

    2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

    2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

    2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys

    2012-05-05 12:49:23 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

    2012-05-05 12:49:23 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

    2012-05-05 12:49:12 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

    2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

    2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

    2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

    2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll

    2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

    2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

    2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll

    2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll

    2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

    2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

    2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

    2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll

    2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll

    .

    ============= FINISH: 15:26:29.96 ===============

    RogueHDD infection

    in Resolved Malware Removal Logs

    Posted

    Ran MBytes and it got this:

    Malwarebytes Anti-Malware 1.61.0.1400

    www.malwarebytes.org

    Database version: v2012.06.30.06

    Windows 7 Service Pack 1 x64 NTFS

    Internet Explorer 9.0.8112.16421

    Greatness :: GREATNESS-PC [administrator]

    6/30/2012 2:15:34 PM

    mbam-log-2012-06-30 (14-15-34).txt

    Scan type: Full scan

    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

    Scan options disabled: P2P

    Objects scanned: 344382

    Time elapsed: 51 minute(s), 26 second(s)

    Memory Processes Detected: 0

    (No malicious items detected)

    Memory Modules Detected: 0

    (No malicious items detected)

    Registry Keys Detected: 0

    (No malicious items detected)

    Registry Values Detected: 0

    (No malicious items detected)

    Registry Data Items Detected: 2

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

    Folders Detected: 0

    (No malicious items detected)

    Files Detected: 1

    C:\Users\Greatness\Desktop\Data_Recovery.lnk (Rogue.FakeHDD) -> Quarantined and deleted successfully.

    (end)

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.