Jump to content

scfindy

Members
  • Posts

    12
  • Joined

  • Last visited

Everything posted by scfindy

  1. Seems really good - I really appreciate the help - how much do people usually donate?
  2. Looking good: RogueKiller V7.6.3 [07/08/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: stephenfoster [Admin rights] Mode: Scan -- Date: 07/14/2012 18:08:51 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ARRAY +++++ --- User --- [MBR] 0597f046e1f1ad45118cbc28147d5fef [bSP] 0365c8b2292e2229bf224291cd7e8d53 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 752 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1622016 | Size: 487596 Mo User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive1: Imation Clip USB Device +++++ --- User --- [MBR] e8ffd47596037ef2ade2d45ba65ab170 [bSP] 2c7464b20ab84ef39116f9eb52e01397 : MBR Code unknown Partition table: 0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 32 | Size: 1966 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[7].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt
  3. If it is helpful to know I have been a software developer for over 20 years and am very comfortable following any instructions you may give regardless of how technical they are. I am not a virus/malware expert but my familiarity with systems is higher than most.
  4. Thank you, I wondered how you were doing with the foreign language - here is the english report info: RogueKiller V7.6.3 [07/08/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: stephenfoster [Admin rights] Mode: Scan -- Date: 07/14/2012 17:49:34 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 2 ¤¤¤ [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FOLDER] U : c:\windows\installer\{07ce81ea-b702-9030-8176-c4f19f405c4c}\U --> FOUND [ZeroAccess][FOLDER] L : c:\windows\installer\{07ce81ea-b702-9030-8176-c4f19f405c4c}\L --> FOUND [ZeroAccess][FILE] @ : c:\users\stephenfoster\appdata\local\{07ce81ea-b702-9030-8176-c4f19f405c4c}\@ --> FOUND [ZeroAccess][FOLDER] U : c:\users\stephenfoster\appdata\local\{07ce81ea-b702-9030-8176-c4f19f405c4c}\U --> FOUND [ZeroAccess][FOLDER] L : c:\users\stephenfoster\appdata\local\{07ce81ea-b702-9030-8176-c4f19f405c4c}\L --> FOUND ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ARRAY +++++ --- User --- [MBR] 0597f046e1f1ad45118cbc28147d5fef [bSP] 0365c8b2292e2229bf224291cd7e8d53 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 752 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1622016 | Size: 487596 Mo User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive1: Imation Clip USB Device +++++ --- User --- [MBR] e8ffd47596037ef2ade2d45ba65ab170 [bSP] 2c7464b20ab84ef39116f9eb52e01397 : MBR Code unknown Partition table: 0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 32 | Size: 1966 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[4].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt
  5. I'm sorry, I didn' worry about the results because I thought they would be in the log file. Unfortunately this was the only thing in the log file: ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK I did clean four things off but I don't recall the details.
  6. Sorry, my flash drive is not available in System Recovery - do you know how I can load those drivers? I tried a few of the USB drivers in the system32 directory with no luck.
  7. Thanks, here it is: ¤¤¤ Entrees de registre: 2 ¤¤¤ [ZeroAccess] HKCR\[...]\InprocServer32 : (\\.\globalroot\systemroot\Installer\{848ec4ef-b4fb-6501-ab69-678738a3a5c6}\n.) -> REPLACED (c:\windows\system32\wbem\wbemess.dll) [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ [ZeroAccess][FILE] n : c:\windows\installer\{848ec4ef-b4fb-6501-ab69-678738a3a5c6}\n --> REMOVED [ZeroAccess][FILE] @ : c:\windows\installer\{848ec4ef-b4fb-6501-ab69-678738a3a5c6}\@ --> REMOVED AT REBOOT [Del.Parent][FILE] 00000001.@ : c:\windows\installer\{848ec4ef-b4fb-6501-ab69-678738a3a5c6}\U\00000001.@ --> REMOVED [Del.Parent][FILE] 80000000.@ : c:\windows\installer\{848ec4ef-b4fb-6501-ab69-678738a3a5c6}\U\80000000.@ --> REMOVED [Del.Parent][FILE] 800000cb.@ : c:\windows\installer\{848ec4ef-b4fb-6501-ab69-678738a3a5c6}\U\800000cb.@ --> REMOVED [ZeroAccess][FOLDER] U : c:\windows\installer\{848ec4ef-b4fb-6501-ab69-678738a3a5c6}\U --> REMOVED [ZeroAccess][FILE] n : c:\documents and settings\tigzy\local settings\application data\{848ec4ef-b4fb-6501-ab69-678738a3a5c6}\n --> REMOVED [ZeroAccess][FILE] @ : c:\documents and settings\tigzy\local settings\application data\{848ec4ef-b4fb-6501-ab69-678738a3a5c6}\@ --> REMOVED ¤¤¤ Driver: [CHARGE] ¤¤¤ SSDT[98] : NtLoadKey @ 0x8061C482 -> HOOKED (Unknown @ 0xF8CD30E2) SSDT[122] : NtOpenProcess @ 0x805C1296 -> HOOKED (Unknown @ 0xF8CD30B0) SSDT[128] : NtOpenThread @ 0x805C1522 -> HOOKED (Unknown @ 0xF8CD30B5) SSDT[193] : NtReplaceKey @ 0x8061C332 -> HOOKED (Unknown @ 0xF8CD30EC) SSDT[204] : NtRestoreKey @ 0x8061BC3E -> HOOKED (Unknown @ 0xF8CD30E7) ¤¤¤ Infection : ZeroAccess ¤¤¤ [...] Type d'examen: Examen complet Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM Options d'examen désactivées: P2P Elément(s) analysé(s): 189868 Temps écoulé: 7 minute(s), 1 seconde(s) Processus mémoire détecté(s): 0 (Aucun élément nuisible détecté) Module(s) mémoire détecté(s): 0 (Aucun élément nuisible détecté) Clé(s) du Registre détectée(s): 1 HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Mis en quarantaine et supprimé avec succès. Valeur(s) du Registre détectée(s): 1 HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Données: C:\Documents and Settings\tigzy\Local Settings\Application Data\{848ec4ef-b4fb-6501-ab69-678738a3a5c6}\n. -> Mis en quarantaine et supprimé avec succès. Elément(s) de données du Registre détecté(s): 0 (Aucun élément nuisible détecté) Dossier(s) détecté(s): 0 (Aucun élément nuisible détecté) Fichier(s) détecté(s): 5 C:\Documents and Settings\tigzy\Bureau\LogicielsDesinfection\HideProc(v1.0)\HideProcDrv.sys (Rootkit.Agent) -> Aucune action effectuée. C:\Documents and Settings\tigzy\Bureau\RK_Quarantine\00000001.@.vir (Trojan.Small) -> Mis en quarantaine et supprimé avec succès. C:\Documents and Settings\tigzy\Bureau\RK_Quarantine\80000000.@.vir (Trojan.Sirefef) -> Mis en quarantaine et supprimé avec succès. C:\Documents and Settings\tigzy\Bureau\RK_Quarantine\800000cb.@.vir (Rootkit.0Access) -> Mis en quarantaine et supprimé avec succès. C:\Documents and Settings\tigzy\Bureau\RK_Quarantine\n.vir (Trojan.Dropper.PE4) -> Mis en quarantaine et supprimé avec succès. (fin)
  8. Thank you, here is the log from MBAM: Malwarebytes Anti-Malware (PRO) 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.14.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 stephenfoster :: W3W19029 [administrator] Protection: Enabled 7/14/2012 1:32:31 PM mbam-log-2012-07-14 (13-32-31).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 306652 Time elapsed: 46 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Here is the report from RogueKiller: ¤¤¤ Entrees de registre: 2 ¤¤¤ [ZeroAccess] HKCR\[...]\InprocServer32 : (\\.\globalroot\systemroot\Installer\{848ec4ef-b4fb-6501-ab69-678738a3a5c6}\n.) -> REPLACED (c:\windows\system32\wbem\wbemess.dll) [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ [ZeroAccess][FILE] n : c:\windows\installer\{848ec4ef-b4fb-6501-ab69-678738a3a5c6}\n --> REMOVED [ZeroAccess][FILE] @ : c:\windows\installer\{848ec4ef-b4fb-6501-ab69-678738a3a5c6}\@ --> REMOVED AT REBOOT [Del.Parent][FILE] 00000001.@ : c:\windows\installer\{848ec4ef-b4fb-6501-ab69-678738a3a5c6}\U\00000001.@ --> REMOVED [Del.Parent][FILE] 80000000.@ : c:\windows\installer\{848ec4ef-b4fb-6501-ab69-678738a3a5c6}\U\80000000.@ --> REMOVED [Del.Parent][FILE] 800000cb.@ : c:\windows\installer\{848ec4ef-b4fb-6501-ab69-678738a3a5c6}\U\800000cb.@ --> REMOVED [ZeroAccess][FOLDER] U : c:\windows\installer\{848ec4ef-b4fb-6501-ab69-678738a3a5c6}\U --> REMOVED [ZeroAccess][FILE] n : c:\documents and settings\tigzy\local settings\application data\{848ec4ef-b4fb-6501-ab69-678738a3a5c6}\n --> REMOVED [ZeroAccess][FILE] @ : c:\documents and settings\tigzy\local settings\application data\{848ec4ef-b4fb-6501-ab69-678738a3a5c6}\@ --> REMOVED ¤¤¤ Driver: [CHARGE] ¤¤¤ SSDT[98] : NtLoadKey @ 0x8061C482 -> HOOKED (Unknown @ 0xF8CD30E2) SSDT[122] : NtOpenProcess @ 0x805C1296 -> HOOKED (Unknown @ 0xF8CD30B0) SSDT[128] : NtOpenThread @ 0x805C1522 -> HOOKED (Unknown @ 0xF8CD30B5) SSDT[193] : NtReplaceKey @ 0x8061C332 -> HOOKED (Unknown @ 0xF8CD30EC) SSDT[204] : NtRestoreKey @ 0x8061BC3E -> HOOKED (Unknown @ 0xF8CD30E7) ¤¤¤ Infection : ZeroAccess ¤¤¤ [...] Type d'examen: Examen complet Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM Options d'examen désactivées: P2P Elément(s) analysé(s): 189868 Temps écoulé: 7 minute(s), 1 seconde(s) Processus mémoire détecté(s): 0 (Aucun élément nuisible détecté) Module(s) mémoire détecté(s): 0 (Aucun élément nuisible détecté) Clé(s) du Registre détectée(s): 1 HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Mis en quarantaine et supprimé avec succès. Valeur(s) du Registre détectée(s): 1 HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Données: C:\Documents and Settings\tigzy\Local Settings\Application Data\{848ec4ef-b4fb-6501-ab69-678738a3a5c6}\n. -> Mis en quarantaine et supprimé avec succès. Elément(s) de données du Registre détecté(s): 0 (Aucun élément nuisible détecté) Dossier(s) détecté(s): 0 (Aucun élément nuisible détecté) Fichier(s) détecté(s): 5 C:\Documents and Settings\tigzy\Bureau\LogicielsDesinfection\HideProc(v1.0)\HideProcDrv.sys (Rootkit.Agent) -> Aucune action effectuée. C:\Documents and Settings\tigzy\Bureau\RK_Quarantine\00000001.@.vir (Trojan.Small) -> Mis en quarantaine et supprimé avec succès. C:\Documents and Settings\tigzy\Bureau\RK_Quarantine\80000000.@.vir (Trojan.Sirefef) -> Mis en quarantaine et supprimé avec succès. C:\Documents and Settings\tigzy\Bureau\RK_Quarantine\800000cb.@.vir (Rootkit.0Access) -> Mis en quarantaine et supprimé avec succès. C:\Documents and Settings\tigzy\Bureau\RK_Quarantine\n.vir (Trojan.Dropper.PE4) -> Mis en quarantaine et supprimé avec succès. (fin) I checked and my browser seems to be acting normal. I can perform unhijacked searches and no pop ups/unders. Microsoft Security Essentials still seems to be in a uninstalled state where I can't start the service. I assume I can just re-installl this.
  9. Hello, I did not run anything else with roguekiller - I only clicked the scan button. I did not change any of the default settings though so sorry if I missed that instruction. Here are the results from combofix - thank you: ComboFix 12-07-14.01 - stephenfoster 07/14/2012 12:39:02.1.8 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16265.13612 [GMT -4:00] Running from: c:\users\stephenfoster\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk c:\users\stephenfoster\AppData\Local\assembly\tmp c:\users\stephenfoster\g2mdlhlpx.exe c:\windows\assembly\GAC_32\Desktop.ini c:\windows\assembly\GAC_64\Desktop.ini c:\windows\Installer\{07ce81ea-b702-9030-8176-c4f19f405c4c}\@ c:\windows\Installer\{07ce81ea-b702-9030-8176-c4f19f405c4c}\L\00000004.@ c:\windows\Installer\{07ce81ea-b702-9030-8176-c4f19f405c4c}\L\1afb2d56 c:\windows\Installer\{07ce81ea-b702-9030-8176-c4f19f405c4c}\L\201d3dde c:\windows\Installer\{07ce81ea-b702-9030-8176-c4f19f405c4c}\U\00000004.@ c:\windows\Installer\{07ce81ea-b702-9030-8176-c4f19f405c4c}\U\00000008.@ c:\windows\Installer\{07ce81ea-b702-9030-8176-c4f19f405c4c}\U\000000cb.@ c:\windows\Installer\{07ce81ea-b702-9030-8176-c4f19f405c4c}\U\80000000.@ c:\windows\Installer\{07ce81ea-b702-9030-8176-c4f19f405c4c}\U\80000032.@ c:\windows\Installer\{07ce81ea-b702-9030-8176-c4f19f405c4c}\U\80000064.@ c:\windows\SysWow64\instsrv.exe . Infected copy of c:\windows\system32\services.exe was found and disinfected Restored copy from - c:\32788r22fwjfw\HarddiskVolumeShadowCopy6_!Windows!System32!services.exe . . ((((((((((((((((((((((((( Files Created from 2012-06-14 to 2012-07-14 ))))))))))))))))))))))))))))))) . . 2012-07-14 16:43 . 2012-07-14 16:43 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-07-14 16:43 . 2012-07-14 16:43 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp 2012-07-14 16:43 . 2012-07-14 16:43 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-14 16:43 . 2012-07-14 16:43 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp 2012-07-12 06:47 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-12 06:44 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-12 02:25 . 2012-07-12 02:25 328704 ----a-w- c:\windows\system32\services.exe.6A8CD7D41BB5C3DD 2012-07-12 02:20 . 2012-07-12 02:20 -------- d-----w- c:\users\stephenfoster\AppData\Roaming\Malwarebytes 2012-07-12 02:18 . 2012-07-12 06:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-07-12 02:18 . 2012-07-12 02:18 -------- d-----w- c:\programdata\Malwarebytes 2012-07-11 02:55 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll 2012-07-11 02:55 . 2012-06-02 04:39 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll 2012-07-11 02:22 . 2012-07-11 02:22 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-07-10 03:22 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1E4C901E-3BAD-4F7B-B11A-4FF6A6F46395}\mpengine.dll 2012-07-09 03:23 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-07-08 07:48 . 2012-07-08 07:48 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll 2012-07-08 07:47 . 2012-07-08 07:47 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-07-08 06:30 . 2012-07-12 07:17 -------- d-----w- c:\users\Mcx1-W3W19029 2012-07-07 20:47 . 2012-07-07 20:47 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2012-07-07 20:47 . 2012-07-07 20:47 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2012-07-04 15:49 . 2012-03-19 17:22 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07C033E5-3B8A-4D38-BFED-3B49E4E467FF}\gapaengine.dll 2012-06-30 04:57 . 2012-06-30 04:58 -------- d-----w- c:\users\stephenfoster\AppData\Local\AirVideoServer 2012-06-30 04:57 . 2012-07-12 07:36 -------- d-----w- C:\jexepackres 2012-06-30 04:57 . 2012-06-30 04:57 -------- d-----w- c:\program files (x86)\AirVideoServer 2012-06-30 02:22 . 2012-07-08 03:21 -------- d-----w- c:\programdata\twonkyserver 2012-06-30 02:00 . 2012-06-30 02:00 -------- d-----w- c:\program files\Western Digital 2012-06-30 01:59 . 2012-06-30 01:59 -------- d-----w- c:\users\stephenfoster\AppData\Local\Western Digital 2012-06-27 18:08 . 2012-06-27 18:08 -------- d-----w- c:\users\stephenfoster\AppData\Local\Macromedia 2012-06-22 18:14 . 2012-06-22 18:33 -------- d-----w- c:\users\stephenfoster\AppData\Roaming\Download Manager 2012-06-21 05:33 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-21 05:33 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-21 05:33 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-21 05:33 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 05:33 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-21 05:33 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-21 05:33 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 05:33 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-21 05:33 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-15 23:11 . 2012-06-15 23:11 -------- d-----w- c:\users\stephenfoster\AppData\Roaming\Hobbyist Software 2012-06-15 23:11 . 2012-06-15 23:11 -------- d-----w- c:\users\stephenfoster\AppData\Local\Hobbyist_Software . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-14 16:44 . 2012-05-16 18:20 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin 2012-07-12 08:25 . 2012-04-01 05:21 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-12 08:25 . 2012-03-14 08:11 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-12 14:31 . 2012-06-12 14:33 397312 ----a-w- c:\windows\SysWow64\vmnat.exe 2012-06-02 14:55 . 2012-06-02 14:56 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-05-04 11:06 . 2012-06-13 00:38 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 10:03 . 2012-06-13 00:38 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03 . 2012-06-13 00:38 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40 . 2012-06-13 00:38 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-04-28 05:32 . 2012-06-13 00:38 1112064 ----a-w- c:\windows\system32\rdpcorets.dll 2012-04-28 03:55 . 2012-06-13 00:38 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-26 05:41 . 2012-06-13 00:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-26 05:41 . 2012-06-13 00:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-26 05:34 . 2012-06-13 00:38 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-04-24 05:37 . 2012-06-13 00:38 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-04-24 05:37 . 2012-06-13 00:38 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-04-24 05:37 . 2012-06-13 00:38 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-04-24 04:36 . 2012-06-13 00:38 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-04-24 04:36 . 2012-06-13 00:38 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-04-24 04:36 . 2012-06-13 00:38 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Acrobat Synchronizer"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2010-10-25 1216416] "Actual Multiple Monitors"="c:\program files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe" [2012-03-14 1565000] "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240] "AirVideoServer"="c:\program files (x86)\AirVideoServer\AirVideoServer.exe" [2010-09-22 4923784] "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-05-11 880496] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160] "IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2011-08-09 112408] "DT DEL"="c:\program files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" [2011-10-13 121648] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-03-12 462993] "RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336] "PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-17 50472] "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112] "Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544] "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-2-8 1136928] Snagit 10.lnk - c:\program files (x86)\TechSmith\Snagit 10\Snagit32.exe [2011-3-21 7067464] WD Quick View.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-8-1 4215808] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2011-8-24 494488] Touch Panel.lnk - c:\program files\Dell\Feature Enhancement Pack\TouchPanel.exe [2011-8-24 509336] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "DisableCAD"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer5"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp wsauth . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-09-10 2216256] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-08-09 2656536] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-12 129976] R3 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2011-06-18 210784] R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-21 168448] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys [2011-01-03 72808] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992] R3 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2011-06-18 2180960] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 88960] R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-21 22528] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 68440] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-19 1255736] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464] R3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [2009-07-14 10752] R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744] R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe [2005-09-23 4476096] R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-23 311144] R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys [2011-06-18 313696] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 431464] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-09-10 28992] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856] S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2011-07-16 22128] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600] S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-12 249648] S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2011-06-22 1043872] S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2011-06-22 36768] S2 DFEPService;Dell Feature Enhancement Pack Service;c:\program files\Dell\Feature Enhancement Pack\DFEPService.exe [2011-08-24 2279320] S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-06-29 171688] S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944] S2 O2SDIOAssist;O2SDIOAssist;c:\windows\SysWOW64\srvany.exe [2003-04-19 8192] S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-08-12 113456] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-09-09 381248] S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2011-03-26 81008] S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-26 539248] S2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2011-07-01 1600000] S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-08-01 311296] S2 wsnm;VMware View Client;c:\program files\VMware\VMware View\Client\bin\wsnm.exe [2012-03-02 494192] S2 wsnm_usbctrl;VMware View USB Control;c:\program files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe [2012-03-02 1125488] S2 ZcfgSvc7;Intel® PROSet/Wireless ZeroConfig Service;c:\program files\Intel\WiFi\bin\ZCfgSvc7.exe [2010-12-23 992256] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\accelern.sys [2011-07-22 27760] S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2012-03-14 349736] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2012-03-14 39464] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-09-16 172960] S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2011-06-22 45672] S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2011-07-20 342704] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344] S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-12-21 8505856] S3 NtrigDigitizerUSBLowerFilter;N-Trig DuoSense Control Interface Filter Driver;c:\windows\system32\DRIVERS\NtrigDigitizerUSBLowerFilter.sys [2011-01-22 13776] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-05-10 174184] S3 NxDrv;SonicWALL NetExtender Adapter;c:\windows\system32\DRIVERS\NxDrv.sys [2010-10-27 24264] S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRw7x64.sys [2011-01-03 74984] S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys [2011-03-23 83560] S3 vmwvusb;VMware View Generic USB Driver;c:\windows\system32\Drivers\vmwvusb.sys [2012-03-02 48240] S3 wbfcvusbdrv;WBF Control Vault;c:\windows\system32\Drivers\wbfcvusbdrv.sys [2011-06-22 15976] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - NAL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc . Contents of the 'Scheduled Tasks' folder . 2012-07-14 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 08:25] . 2012-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2213209663-1908019805-525702060-1001Core.job - c:\users\stephenfoster\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-01 08:17] . 2012-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2213209663-1908019805-525702060-1001UA.job - c:\users\stephenfoster\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-01 08:17] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay] @="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}" [HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}] 2011-05-27 22:46 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay] @="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}" [HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}] 2011-05-27 22:46 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-07-20 611192] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-07 525312] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-28 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-28 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-28 416024] "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-09-10 329536] "IntelPROSet"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-23 1934608] "NtrigApplet"="c:\program files\N-trig\DuoSense Control Apps\NtrigApplet.exe" [2012-03-14 2575872] "FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2011-07-25 686704] "TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2011-05-27 257392] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168] "SonicWALLNetExtender"="c:\program files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe" [2010-11-10 1095552] "MsmqIntCert"="mqrt.dll" [2010-11-21 247808] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368] "combofix"="c:\combofix\CF24516.3XE" [2010-11-21 345088] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Download with m-ipad-max-platinum - c:\program files (x86)\4Media\iPad Max Platinum\upod_link.HTM IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm LSP: c:\program files\VMware\VMware View\Client\Local Mode\vsocklib.dll Trusted Zone: centerstone.org\vpn TCP: DhcpNameServer = 192.168.0.1 192.168.1.1 DPF: {11FAB11B-4792-4B59-85DF-23C6688B07B3} - hxxps://vpn.chocolatebar.com/XTSAC.cab DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} - hxxps://vpn.chocolatebar.com/MLWebCacheCleaner.cab DPF: {DD5E6739-FDD6-4542-8940-4A4B8AB5276E} - hxxps://vpn.chocolatebar.com/NGVPNTunnel.cab FF - ProfilePath - c:\users\stephenfoster\AppData\Roaming\Mozilla\Firefox\Profiles\ubo1tr4g.default\ FF - prefs.js: browser.startup.homepage - hxxp://dell.msn.com/ FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-AdobeBridge - (no file) Wow6432Node-HKLM-Run-VMware hqtray - c:\program files\VMware\VMware View\Client\Local Mode\hqtray.exe SafeBoot-MsMpSvc Toolbar-Locked - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe c:\program files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe c:\windows\system32\DRIVERS\o2flash.exe c:\windows\sysWOW64\SDIOAssist.exe c:\program files\VMware\VMware View\Client\Local Mode\vmware-authd.exe c:\windows\SysWOW64\vmnat.exe c:\windows\SysWOW64\vmnetdhcp.exe c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe . ************************************************************************** . Completion time: 2012-07-14 12:46:04 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-14 16:46 . Pre-Run: 252,528,615,424 bytes free Post-Run: 254,888,505,344 bytes free . - - End Of File - - A6C4063BB7DB7CA4475C5F60F3BB5649
  10. Here you go, sorry: [ZeroAccess] HKCR\[...]\InprocServer32 : (\\.\globalroot\systemroot\Installer\{848ec4ef-b4fb-6501-ab69-678738a3a5c6}\n.) -> REPLACED (c:\windows\system32\wbem\wbemess.dll) [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ [ZeroAccess][FILE] n : c:\windows\installer\{848ec4ef-b4fb-6501-ab69-678738a3a5c6}\n --> REMOVED [ZeroAccess][FILE] @ : c:\windows\installer\{848ec4ef-b4fb-6501-ab69-678738a3a5c6}\@ --> REMOVED AT REBOOT [Del.Parent][FILE] 00000001.@ : c:\windows\installer\{848ec4ef-b4fb-6501-ab69-678738a3a5c6}\U\00000001.@ --> REMOVED [Del.Parent][FILE] 80000000.@ : c:\windows\installer\{848ec4ef-b4fb-6501-ab69-678738a3a5c6}\U\80000000.@ --> REMOVED [Del.Parent][FILE] 800000cb.@ : c:\windows\installer\{848ec4ef-b4fb-6501-ab69-678738a3a5c6}\U\800000cb.@ --> REMOVED [ZeroAccess][FOLDER] U : c:\windows\installer\{848ec4ef-b4fb-6501-ab69-678738a3a5c6}\U --> REMOVED [ZeroAccess][FILE] n : c:\documents and settings\tigzy\local settings\application data\{848ec4ef-b4fb-6501-ab69-678738a3a5c6}\n --> REMOVED [ZeroAccess][FILE] @ : c:\documents and settings\tigzy\local settings\application data\{848ec4ef-b4fb-6501-ab69-678738a3a5c6}\@ --> REMOVED ¤¤¤ Driver: [CHARGE] ¤¤¤ SSDT[98] : NtLoadKey @ 0x8061C482 -> HOOKED (Unknown @ 0xF8CD30E2) SSDT[122] : NtOpenProcess @ 0x805C1296 -> HOOKED (Unknown @ 0xF8CD30B0) SSDT[128] : NtOpenThread @ 0x805C1522 -> HOOKED (Unknown @ 0xF8CD30B5) SSDT[193] : NtReplaceKey @ 0x8061C332 -> HOOKED (Unknown @ 0xF8CD30EC) SSDT[204] : NtRestoreKey @ 0x8061BC3E -> HOOKED (Unknown @ 0xF8CD30E7) ¤¤¤ Infection : ZeroAccess ¤¤¤ [...] Type d'examen: Examen complet Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM Options d'examen désactivées: P2P Elément(s) analysé(s): 189868 Temps écoulé: 7 minute(s), 1 seconde(s) Processus mémoire détecté(s): 0 (Aucun élément nuisible détecté) Module(s) mémoire détecté(s): 0 (Aucun élément nuisible détecté) Clé(s) du Registre détectée(s): 1 HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Mis en quarantaine et supprimé avec succès. Valeur(s) du Registre détectée(s): 1 HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Données: C:\Documents and Settings\tigzy\Local Settings\Application Data\{848ec4ef-b4fb-6501-ab69-678738a3a5c6}\n. -> Mis en quarantaine et supprimé avec succès. Elément(s) de données du Registre détecté(s): 0 (Aucun élément nuisible détecté) Dossier(s) détecté(s): 0 (Aucun élément nuisible détecté) Fichier(s) détecté(s): 5 C:\Documents and Settings\tigzy\Bureau\LogicielsDesinfection\HideProc(v1.0)\HideProcDrv.sys (Rootkit.Agent) -> Aucune action effectuée. C:\Documents and Settings\tigzy\Bureau\RK_Quarantine\00000001.@.vir (Trojan.Small) -> Mis en quarantaine et supprimé avec succès. C:\Documents and Settings\tigzy\Bureau\RK_Quarantine\80000000.@.vir (Trojan.Sirefef) -> Mis en quarantaine et supprimé avec succès. C:\Documents and Settings\tigzy\Bureau\RK_Quarantine\800000cb.@.vir (Rootkit.0Access) -> Mis en quarantaine et supprimé avec succès. C:\Documents and Settings\tigzy\Bureau\RK_Quarantine\n.vir (Trojan.Dropper.PE4) -> Mis en quarantaine et supprimé avec succès.
  11. Thank you very much, here are the results: [ZeroAccess] HKCR\[...]\InprocServer32 : (\\.\globalroot\systemroot\Installer\{848ec4ef-b4fb-6501-ab69-678738a3a5c6}\n.) -> REPLACED (c:\windows\system32\wbem\wbemess.dll) [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ [ZeroAccess][FILE] n : c:\windows\installer\{848ec4ef-b4fb-6501-ab69-678738a3a5c6}\n --> REMOVED [ZeroAccess][FILE] @ : c:\windows\installer\{848ec4ef-b4fb-6501-ab69-678738a3a5c6}\@ --> REMOVED AT REBOOT [Del.Parent][FILE] 00000001.@ : c:\windows\installer\{848ec4ef-b4fb-6501-ab69-678738a3a5c6}\U\00000001.@ --> REMOVED [Del.Parent][FILE] 80000000.@ : c:\windows\installer\{848ec4ef-b4fb-6501-ab69-678738a3a5c6}\U\80000000.@ --> REMOVED [Del.Parent][FILE] 800000cb.@ : c:\windows\installer\{848ec4ef-b4fb-6501-ab69-678738a3a5c6}\U\800000cb.@ --> REMOVED [ZeroAccess][FOLDER] U : c:\windows\installer\{848ec4ef-b4fb-6501-ab69-678738a3a5c6}\U --> REMOVED [ZeroAccess][FILE] n : c:\documents and settings\tigzy\local settings\application data\{848ec4ef-b4fb-6501-ab69-678738a3a5c6}\n --> REMOVED [ZeroAccess][FILE] @ : c:\documents and settings\tigzy\local settings\application data\{848ec4ef-b4fb-6501-ab69-678738a3a5c6}\@ --> REMOVED ¤¤¤ Driver: [CHARGE] ¤¤¤ SSDT[98] : NtLoadKey @ 0x8061C482 -> HOOKED (Unknown @ 0xF8CD30E2) SSDT[122] : NtOpenProcess @ 0x805C1296 -> HOOKED (Unknown @ 0xF8CD30B0) SSDT[128] : NtOpenThread @ 0x805C1522 -> HOOKED (Unknown @ 0xF8CD30B5) SSDT[193] : NtReplaceKey @ 0x8061C332 -> HOOKED (Unknown @ 0xF8CD30EC) SSDT[204] : NtRestoreKey @ 0x8061BC3E -> HOOKED (Unknown @ 0xF8CD30E7) ¤¤¤ Infection : ZeroAccess ¤¤¤ [...] Type d'examen: Examen complet Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM Options d'examen désactivées: P2P Elément(s) analysé(s): 189868 Temps écoulé: 7 minute(s), 1 seconde(s) Processus mémoire détecté(s): 0 (Aucun élément nuisible détecté) Module(s) mémoire détecté(s): 0 (Aucun élément nuisible détecté) Clé(s) du Registre détectée(s): 1 HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Mis en quarantaine et supprimé avec succès. Valeur(s) du Registre détectée(s): 1 HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Données: C:\Documents and Settings\tigzy\Local Settings\Application Data\{848ec4ef-b4fb-6501-ab69-678738a3a5c6}\n. -> Mis en quarantaine et supprimé avec succès. Elément(s) de données du Registre détecté(s): 0 (Aucun élément nuisible détecté) Dossier(s) détecté(s): 0 (Aucun élément nuisible détecté) Fichier(s) détecté(s): 5 C:\Documents and Settings\tigzy\Bureau\LogicielsDesinfection\HideProc(v1.0)\HideProcDrv.sys (Rootkit.Agent) -> Aucune action effectuée. C:\Documents and Settings\tigzy\Bureau\RK_Quarantine\00000001.@.vir (Trojan.Small) -> Mis en quarantaine et supprimé avec succès. C:\Documents and Settings\tigzy\Bureau\RK_Quarantine\80000000.@.vir (Trojan.Sirefef) -> Mis en quarantaine et supprimé avec succès. C:\Documents and Settings\tigzy\Bureau\RK_Quarantine\800000cb.@.vir (Rootkit.0Access) -> Mis en quarantaine et supprimé avec succès. C:\Documents and Settings\tigzy\Bureau\RK_Quarantine\n.vir (Trojan.Dropper.PE4) -> Mis en quarantaine et supprimé avec succès.
  12. Thank you very much for your consideration. Malwarebytes professional has at least gotten me back to a useful workstation. The trojan.dropper.bcminer is always present when scanning. Here is he contents of the DDS.TXT file, please let me know if you would like me to attach a zipped (or non-zipped) version of my Attach.txt file DDS.TXT DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by stephenfoster at 0:27:31 on 2012-07-14 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16265.11298 [GMT -4:00] . AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\WUDFHost.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Windows\system32\WUDFHost.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe C:\Program Files\Common Files\SPBA\upeksvr.exe C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe C:\Program Files\IDT\WDM\AESTSr64.exe C:\Windows\system32\svchost.exe -k apphost C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe c:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Windows\system32\inetsrv\inetinfo.exe C:\Windows\system32\IProsetMonitor.exe C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe C:\Windows\system32\mqsvc.exe C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\DRIVERS\o2flash.exe c:\Windows\SysWOW64\srvany.exe c:\Windows\sysWOW64\SDIOAssist.exe C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\VMware\VMware View\Client\Local Mode\vmware-authd.exe C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe C:\Windows\SysWOW64\vmnat.exe C:\Windows\system32\svchost.exe -k iissvcs C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\mqtgsvc.exe C:\Windows\SysWOW64\vmnetdhcp.exe C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe C:\Windows\system32\svchost.exe -k HPService C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\WUDFHost.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\DellTPad\Apoint.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Program Files\N-trig\DuoSense Control Apps\NtrigApplet.exe C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe C:\Windows\system32\conhost.exe C:\Program Files\DellTPad\Apntex.exe C:\Program Files\DellTPad\HidFind.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files (x86)\TechSmith\Snagit 10\TSCHelp.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter64.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files (x86)\TechSmith\Snagit 10\snagiteditor.exe C:\Windows\splwow64.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\mobsync.exe C:\Windows\SysWOW64\RunDll32.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\WUDFHost.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\taskeng.exe "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe, BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" uRun: [AdobeBridge] uRun: [Actual Multiple Monitors] "C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe" uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe uRun: [AirVideoServer] C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED uRun: [Google Update] "C:\Users\stephenfoster\AppData\Local\Google\Update\GoogleUpdate.exe" /c mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" mRun: [DT DEL] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -DEL mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [VMware hqtray] "C:\Program Files\VMware\VMware View\Client\Local Mode\hqtray.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAGIT~1.LNK - C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDQUIC~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: DisableCAD = 1 (0x1) IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Download with m-ipad-max-platinum - C:\Program Files (x86)\4Media\iPad Max Platinum\upod_link.HTM IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll LSP: mswsock.dll LSP: C:\Program Files\VMware\VMware View\Client\Local Mode\vsocklib.dll Trusted Zone: centerstone.org\vpn DPF: {11FAB11B-4792-4B59-85DF-23C6688B07B3} - hxxps://vpn.chocolatebar.com/XTSAC.cab DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} - hxxps://vpn.centerstone.org/XTSAC.cab DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} - hxxps://vpn.centerstone.org/NELX.cab DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} - hxxps://vpn.chocolatebar.com/MLWebCacheCleaner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab DPF: {DD5E6739-FDD6-4542-8940-4A4B8AB5276E} - hxxps://vpn.chocolatebar.com/NGVPNTunnel.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP25-10481/webex/ieatgpc1.cab TCP: DhcpNameServer = 192.168.0.1 192.168.1.1 TCP: Interfaces\{108B977C-8FD7-4674-8AF5-90550F4B363E} : DhcpNameServer = 192.168.0.1 192.168.1.1 TCP: Interfaces\{F51CA122-450E-402E-88CB-25F25A4B486B} : DhcpNameServer = 192.168.0.1 192.168.1.1 TCP: Interfaces\{F51CA122-450E-402E-88CB-25F25A4B486B}\2427F677E633 : DhcpNameServer = 192.168.0.1 216.165.129.158 TCP: Interfaces\{F51CA122-450E-402E-88CB-25F25A4B486B}\245636B63784972627964637 : DhcpNameServer = 172.16.10.28 172.16.10.31 TCP: Interfaces\{F51CA122-450E-402E-88CB-25F25A4B486B}\34F6D636163747 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{F51CA122-450E-402E-88CB-25F25A4B486B}\54353474140513 : DhcpNameServer = 192.168.10.254 TCP: Interfaces\{F51CA122-450E-402E-88CB-25F25A4B486B}\64F6374756270323 : DhcpNameServer = 192.168.0.1 192.168.1.1 TCP: Interfaces\{F51CA122-450E-402E-88CB-25F25A4B486B}\838336235623 : DhcpNameServer = 10.0.1.1 TCP: Interfaces\{F51CA122-450E-402E-88CB-25F25A4B486B}\C696E6B637973776 : DhcpNameServer = 192.168.2.1 192.168.1.254 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll LSA: Authentication Packages = msv1_0 wvauth BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO-X64: 0x1 - No File BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO-X64: HP Print Enhancer - No File BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: SmartSelect - No File BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll BHO-X64: HP Smart BHO Class - No File TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun-x64: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" mRun-x64: [DT DEL] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -DEL mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" mRun-x64: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [VMware hqtray] "C:\Program Files\VMware\VMware View\Client\Local Mode\hqtray.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\stephenfoster\AppData\Roaming\Mozilla\Firefox\Profiles\ubo1tr4g.default\ FF - prefs.js: browser.startup.homepage - hxxp://dell.msn.com/ FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\stephenfoster\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?] R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-3-14 89600] R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648] R2 Credential Vault Host Control Service;Credential Vault Host Control Service;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2011-6-22 1043872] R2 Credential Vault Host Storage;Credential Vault Host Storage;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2011-6-22 36768] R2 DFEPService;Dell Feature Enhancement Pack Service;C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2011-8-24 2279320] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-3-14 13336] R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?] R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-12 655944] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-3-14 2216256] R2 O2SDIOAssist;O2SDIOAssist;C:\Windows\SysWOW64\srvany.exe [2012-3-14 8192] R2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2012-3-14 113456] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-9-9 381248] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-3-14 2656536] R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-3-25 539248] R2 Wave Authentication Manager Service;Wave Authentication Manager Service;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2011-7-1 1600000] R2 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-8-1 311296] R2 wsnm;VMware View Client;C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe [2012-3-2 494192] R2 wsnm_usbctrl;VMware View USB Control;C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe [2012-3-2 1125488] R2 ZcfgSvc7;Intel® PROSet/Wireless ZeroConfig Service;C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [2010-12-23 992256] R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\accelern.sys --> C:\Windows\system32\DRIVERS\accelern.sys [?] R3 BTWAMPFL;BTWAMPFL;C:\Windows\system32\DRIVERS\btwampfl.sys --> C:\Windows\system32\DRIVERS\btwampfl.sys [?] R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?] R3 cvusbdrv;Dell ControlVault;C:\Windows\system32\Drivers\cvusbdrv.sys --> C:\Windows\system32\Drivers\cvusbdrv.sys [?] R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?] R3 NtrigDigitizerUSBLowerFilter;N-Trig DuoSense Control Interface Filter Driver;C:\Windows\system32\DRIVERS\NtrigDigitizerUSBLowerFilter.sys --> C:\Windows\system32\DRIVERS\NtrigDigitizerUSBLowerFilter.sys [?] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?] R3 NxDrv;SonicWALL NetExtender Adapter;C:\Windows\system32\DRIVERS\NxDrv.sys --> C:\Windows\system32\DRIVERS\NxDrv.sys [?] R3 O2MDRRDR;O2MDRRDR;C:\Windows\system32\DRIVERS\O2MDRw7x64.sys --> C:\Windows\system32\DRIVERS\O2MDRw7x64.sys [?] R3 O2SDJRDR;O2SDJRDR;C:\Windows\system32\DRIVERS\o2sdjw7x64.sys --> C:\Windows\system32\DRIVERS\o2sdjw7x64.sys [?] R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] R3 vmwvusb;VMware View Generic USB Driver;C:\Windows\system32\Drivers\vmwvusb.sys --> C:\Windows\system32\Drivers\vmwvusb.sys [?] R3 wbfcvusbdrv;WBF Control Vault;C:\Windows\system32\Drivers\wbfcvusbdrv.sys --> C:\Windows\system32\Drivers\wbfcvusbdrv.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-1 250056] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752] S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?] S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-12 129976] S3 MsDtsServer100;SQL Server Integration Services 10.0;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2011-6-17 210784] S3 netvsc;netvsc;C:\Windows\system32\DRIVERS\netvsc60.sys --> C:\Windows\system32\DRIVERS\netvsc60.sys [?] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696] S3 O2MDFRDR;O2MDFRDR;C:\Windows\system32\drivers\O2MDFw7x64.sys --> C:\Windows\system32\drivers\O2MDFw7x64.sys [?] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?] S3 ReportServer;SQL Server Reporting Services (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2011-6-17 2180960] S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\system32\drivers\Synth3dVsc.sys --> C:\Windows\system32\drivers\Synth3dVsc.sys [?] S3 SynthVid;SynthVid;C:\Windows\system32\DRIVERS\VMBusVideoM.sys --> C:\Windows\system32\DRIVERS\VMBusVideoM.sys [?] S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?] S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-1-18 68440] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?] S3 WMSVC;Web Management Service;C:\Windows\system32\inetsrv\wmsvc.exe --> C:\Windows\system32\inetsrv\wmsvc.exe [?] S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744] S4 msvsmon80;Visual Studio 2005 Remote Debugger;C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe [2005-9-23 4476096] S4 RsFx0105;RsFx0105 Driver;C:\Windows\system32\DRIVERS\RsFx0105.sys --> C:\Windows\system32\DRIVERS\RsFx0105.sys [?] S4 RsFx0151;RsFx0151 Driver;C:\Windows\system32\DRIVERS\RsFx0151.sys --> C:\Windows\system32\DRIVERS\RsFx0151.sys [?] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-07-12 06:47:01 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-12 06:44:15 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-07-12 02:25:57 328704 ----a-w- C:\Windows\System32\services.exe.6A8CD7D41BB5C3DD 2012-07-12 02:20:29 -------- d-----w- C:\Users\stephenfoster\AppData\Roaming\Malwarebytes 2012-07-12 02:18:33 -------- d-----w- C:\ProgramData\Malwarebytes 2012-07-12 02:18:33 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-07-11 02:55:55 1881600 ----a-w- C:\Windows\System32\msxml3.dll 2012-07-11 02:55:54 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-07-11 02:22:19 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA% 2012-07-10 03:22:53 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1E4C901E-3BAD-4F7B-B11A-4FF6A6F46395}\mpengine.dll 2012-07-09 03:23:28 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-07-08 07:48:04 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll 2012-07-08 07:47:51 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-07-07 20:47:22 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2012-07-07 20:47:13 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2012-07-04 15:49:44 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{07C033E5-3B8A-4D38-BFED-3B49E4E467FF}\gapaengine.dll 2012-06-30 04:57:40 -------- d-----w- C:\Users\stephenfoster\AppData\Local\AirVideoServer 2012-06-30 04:57:39 -------- d--h--w- C:\jexepackres 2012-06-30 04:57:32 -------- d-----w- C:\Program Files (x86)\AirVideoServer 2012-06-30 02:22:47 -------- d-----w- C:\ProgramData\twonkyserver 2012-06-30 02:00:24 -------- d-----w- C:\Program Files\Western Digital 2012-06-30 01:59:06 -------- d-----w- C:\Users\stephenfoster\AppData\Local\Western Digital 2012-06-27 18:08:19 -------- d-----w- C:\Users\stephenfoster\AppData\Local\Macromedia 2012-06-21 05:33:17 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-21 05:33:15 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-21 05:33:13 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-21 05:33:13 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-15 23:11:14 -------- d-----w- C:\Users\stephenfoster\AppData\Roaming\Hobbyist Software 2012-06-15 23:11:14 -------- d-----w- C:\Users\stephenfoster\AppData\Local\Hobbyist_Software 2012-06-14 04:58:47 -------- d-----w- C:\Program Files (x86)\Common Files\Memeo . ==================== Find3M ==================== . 2012-07-12 08:25:05 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-12 08:25:05 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-06-12 14:31:54 397312 ----a-w- C:\Windows\SysWow64\vmnat.exe 2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll 2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll 2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll 2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-04-28 05:32:05 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll 2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll . ============= FINISH: 0:27:44.51 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.