Jump to content

fritznewton

Members
  • Posts

    8
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Sorry. Had to reboot. Seems to be OK so far. McAfee real time scan is back on as well as the firewall is staying on.
  2. Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.30.08 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Windsor Castle :: TECHTOP [administrator] 7/30/2012 12:35:32 PM mbam-log-2012-07-30 (12-35-32).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 224498 Time elapsed: 5 minute(s), 28 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  3. ComboFix 12-07-30.01 - Windsor Castle 07/30/2012 12:06:09.2.2 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3005.1687 [GMT -5:00] Running from: c:\users\Windsor Castle\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\PCDr\5907\Downloads\246b20c1-8ea9-4148-a34e-d03c8a1d5a76.dll c:\programdata\PCDr\5907\Downloads\27e5bc9a-105f-4d7f-8352-e6ef1c8933dd.dll c:\programdata\PCDr\5907\Downloads\a2192d8a-3d73-4ff7-be9b-02134f41db63.dll c:\users\Windsor Castle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{61BDB723-A8DA-47E8-8B9C-BDC50BD7942E}.xps c:\users\Windsor Castle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{639AD8DE-553C-4B4B-A556-2F86195FA148}.xps . . ((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-30 ))))))))))))))))))))))))))))))) . . 2012-07-30 18:52 . 2012-07-30 18:52 -------- d-----w- C:\FRST 2012-07-30 17:14 . 2012-07-30 17:19 -------- d-----w- c:\users\Windsor Castle\AppData\Local\temp 2012-07-30 17:14 . 2012-07-30 17:14 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-07-30 17:14 . 2012-07-30 17:14 -------- d-----w- c:\users\kodak\AppData\Local\temp 2012-07-30 17:14 . 2012-07-30 17:14 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-29 23:07 . 2012-07-29 23:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-07-29 23:07 . 2012-07-03 18:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-11 18:05 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys 2012-07-02 11:32 . 2012-07-03 21:57 -------- d-----w- c:\users\Windsor Castle\AppData\Roaming\Ableton 2012-07-02 11:31 . 2012-07-02 11:31 -------- d-----w- c:\program files\Common Files\Propellerhead Software . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-29 12:00 . 2012-04-04 12:41 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-29 12:00 . 2011-05-20 12:07 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-25 21:04 . 2012-06-25 21:04 1394248 ----a-w- c:\windows\system32\msxml4.dll 2012-06-12 16:22 . 2009-10-20 18:20 96784 ----a-w- c:\windows\system32\packet.dll 2012-06-12 16:22 . 2009-10-20 18:19 281104 ----a-w- c:\windows\system32\wpcap.dll 2012-06-12 16:22 . 2009-10-20 18:19 35088 ----a-w- c:\windows\system32\drivers\npf.sys 2012-06-02 22:19 . 2012-06-23 19:23 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-23 19:23 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-23 19:23 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-23 19:23 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:19 . 2012-06-23 19:23 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:12 . 2012-06-23 19:23 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12 . 2012-06-23 19:23 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 20:19 . 2012-06-23 19:22 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 20:12 . 2012-06-23 19:22 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-07-19 00:34 . 2011-03-22 15:41 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{66bd2442-241b-44cd-8c7a-b51037053cdb}"= "c:\program files\TVersitybar\prxtbTVer.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66bd2442-241b-44cd-8c7a-b51037053cdb}] 2011-05-09 08:49 176936 ----a-w- c:\program files\TVersitybar\prxtbTVer.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{66bd2442-241b-44cd-8c7a-b51037053cdb}"= "c:\program files\TVersitybar\prxtbTVer.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{66BD2442-241B-44CD-8C7A-B51037053CDB}"= "c:\program files\TVersitybar\prxtbTVer.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2] @="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}" [HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}] 2012-07-12 17:37 4751760 ----a-w- c:\program files\MozyHome\mozyshell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3] @="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}" [HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}] 2012-07-12 17:37 4751760 ----a-w- c:\program files\MozyHome\mozyshell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480] "RockMelt Update"="c:\users\Windsor Castle\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" [2010-11-29 136336] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-06 39408] "NETGEARGenie"="c:\program files\NETGEAR Genie\bin\NETGEARGenie.exe" [2012-03-12 1091872] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-08-25 200704] "Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635] "PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-07-04 132392] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2009-06-10 244208] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-19 76304] "Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-10-19 1439496] "AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144] "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2006-12-02 520192] "WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2011-03-16 325000] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1318816] "McPvTray_exe"="c:\program files\McAfee\MAT\McPvTray.exe" [2011-04-08 419904] "FATrayAlert"="c:\program files\Sensible Vision\Fast Access\FATrayMon.exe" [2011-04-24 98488] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-03 138008] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-03 171288] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-03 172824] "OA001Cfg.exe"="OA001Cfg.exe" [2008-09-23 32768] "Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2011-03-24 167936] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456] "HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-17 651264] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] . c:\users\Windsor Castle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-10-12 1324384] OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712] OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-8 809488] MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2012-7-12 4528528] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-10-12 1324384] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess] 2011-04-24 03:17 147640 ----a-w- c:\program files\Sensible Vision\Fast Access\FALogNot.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2009-04-07 09:26 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli FAPassSync Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x] R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [x] R2 SessionLauncher;SessionLauncher;c:\users\WINDSO~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x] R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x] R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x] R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [x] R4 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [x] S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [x] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_61cf005dca0fb599\aestsrv.exe [x] S2 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [x] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x] S2 FAService;FAService;c:\program files\Sensible Vision\Fast Access\FAService.exe [x] S2 KodakDigitalDisplayService;KodakDigitalDisplayService;c:\program files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe [x] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x] S2 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [x] S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x] S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [x] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x] S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [x] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x] S3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x] S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x] S3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [x] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x] S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x] S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [x] S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [x] . . --- Other Services/Drivers In Memory --- . *Deregistered* - Avgrkx86 *Deregistered* - Avgtdix *Deregistered* - mfeavfk01 . Contents of the 'Scheduled Tasks' folder . 2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 14:16] . 2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 14:16] . 2012-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1412165527-1730432741-1582486250-1000Core.job - c:\users\Windsor Castle\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-28 14:21] . 2012-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1412165527-1730432741-1582486250-1000UA.job - c:\users\Windsor Castle\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-28 14:21] . 2012-07-09 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 05:40] . 2012-07-30 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-1412165527-1730432741-1582486250-1000Core.job - c:\users\Windsor Castle\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2010-11-29 16:04] . 2012-07-30 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-1412165527-1730432741-1582486250-1000UA.job - c:\users\Windsor Castle\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2010-11-29 16:04] . 2012-07-30 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 05:40] . . ------- Supplementary Scan ------- . uStart Page = hxxp://aims.jocogov.org IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 Trusted Zone: cacu.com\secureaccess TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Windsor Castle\AppData\Roaming\Mozilla\Firefox\Profiles\ookkq5vc.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2548838&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/ . - - - - ORPHANS REMOVED - - - - . HKLM-Run-FAStartup - (no file) AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Windsor Castle\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(604) c:\windows\system32\FAPassSync.DLL . - - - - - - - > 'Explorer.exe'(6008) c:\program files\MozyHome\mozyshell.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_61cf005dca0fb599\STacSV.exe c:\windows\system32\rundll32.exe c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe c:\program files\Microsoft\BingBar\SeaPort.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\McAfee\SystemCore\mcshield.exe c:\program files\Common Files\McAfee\SystemCore\mfefire.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\taskhost.exe c:\program files\Google\Update\1.3.21.115\GoogleCrashHandler.exe c:\windows\system32\conhost.exe c:\windows\System32\rundll32.exe c:\windows\system32\DllHost.exe c:\progra~1\mcafee.com\agent\mcagent.exe c:\program files\MozyHome\mozybackup.exe c:\windows\system32\sppsvc.exe c:\program files\MozyHome\mozybackup.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Completion time: 2012-07-30 12:25:59 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-30 17:25 . Pre-Run: 182,185,762,816 bytes free Post-Run: 183,811,854,336 bytes free . - - End Of File - - B3D841A3D17F222EF02A3A85FBC294DE
  4. Combofix is alerting that McAfee is still on and running anti-spyware but I have everything set to off and firewall off. Still run Combofix?
  5. Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01 Ran by SYSTEM at 2012-07-30 11:39:14 Run:1 Running from G:\ ============================================== C:\Windows\Installer\{3f26e2e7-2735-753d-b876-4662f4d89180} moved successfully. C:\Users\Windsor Castle\AppData\Local\{3f26e2e7-2735-753d-b876-4662f4d89180} moved successfully. ==== End of Fixlog ====
  6. Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 25-07-2012 01 Ran by SYSTEM at 30-07-2012 10:52:33 Running from G:\ Windows 7 Ultimate (X86) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [200704 2008-08-25] (Alps Electric Co., Ltd.) HKLM\...\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2 [446635 2008-06-03] (Creative Technology Ltd.) HKLM\...\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" [132392 2008-07-04] (CyberLink Corp.) HKLM\...\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [244208 2009-06-10] (Sonic Solutions) HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x] HKLM\...\Run: [intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup [1439496 2010-10-19] (Intuit Inc. All rights reserved.) HKLM\...\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe [326144 2009-10-23] (Amazon.com) HKLM\...\Run: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun [520192 2006-12-01] () HKLM\...\Run: [FAStartup] [x] HKLM\...\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot [325000 2011-03-16] (BillP Studios) HKLM\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1318816 2012-03-21] (McAfee, Inc.) HKLM\...\Run: [McPvTray_exe] "C:\Program Files\McAfee\MAT\McPvTray.exe" [419904 2011-04-08] (McAfee, Inc.) HKLM\...\Run: [FATrayAlert] C:\Program Files\Sensible Vision\Fast Access\FATrayMon.exe [98488 2011-04-23] (Sensible Vision ) HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated) HKLM\...\Run: [igfxTray] C:\Windows\system32\igfxtray.exe [138008 2011-06-03] (Intel Corporation) HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [171288 2011-06-03] (Intel Corporation) HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [172824 2011-06-03] (Intel Corporation) HKLM\...\Run: [OA001Cfg.exe] OA001Cfg.exe [x] HKLM\...\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run [167936 2011-03-23] (Applian Technologies, Inc.) HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.) HKLM\...\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" [159456 2011-08-05] (Microsoft Corporation) HKLM\...\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup [651264 2012-04-17] () HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.) HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.) HKU\Windsor Castle\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [144384 2010-11-20] (Microsoft Corporation) HKU\Windsor Castle\...\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [205480 2007-08-30] (Macrovision Corporation) HKU\Windsor Castle\...\Run: [RockMelt Update] "C:\Users\Windsor Castle\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" /c [136336 2010-11-29] (RockMelt Inc.) HKU\Windsor Castle\...\Run: [Google Update] "C:\Users\Windsor Castle\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-10-20] (Google Inc.) HKU\Windsor Castle\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-08-06] (Google Inc.) HKU\Windsor Castle\...\Run: [NETGEARGenie] "C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect [1091872 2012-03-12] () Winlogon\Notify\FastAccess: C:\Program Files\Sensible Vision\Fast Access\FALogNot.dll [X] Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [X] Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Lsa: [Notification Packages] scecli FAPassSync Startup: C:\Users\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) Startup: C:\Users\All Users\Start Menu\Programs\Startup\MozyHome Status.lnk ShortcutTarget: MozyHome Status.lnk -> C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.) Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\kodak\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Windsor Castle\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Windsor Castle\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Windsor Castle\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ================================ Services (Whitelisted) ================== 2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_61cf005dca0fb599\aestsrv.exe [81920 2008-12-22] (Andrea Electronics Corporation) 2 Amazon Download Agent; C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [401920 2009-10-23] (Amazon.com) 2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2010-01-11] (Stardock Corporation) 2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation) 2 FAService; "C:\Program Files\Sensible Vision\Fast Access\FAService.exe" [2412728 2011-04-23] (Sensible Vision ) 3 GoToAssist; "C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe" Start=service [16680 2009-04-07] (Citrix Online, a division of Citrix Systems, Inc.) 2 KodakDigitalDisplayService; "C:\Program Files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe" [98304 2009-05-14] (Orb Networks, Inc.) 2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.) 2 McMPFSvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.) 2 mcmscsvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.) 2 McNaiAnn; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.) 2 McNASvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.) 3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [361976 2012-04-19] (McAfee, Inc.) 2 McProxy; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.) 2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [166288 2012-03-20] (McAfee, Inc.) 2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [161632 2012-03-20] (McAfee, Inc.) 2 mfevtp; "C:\Windows\system32\mfevtps.exe" [151880 2012-03-20] (McAfee, Inc.) 2 mozybackup; "C:\Program Files\MozyHome\mozybackup.exe" [53016 2011-07-11] (Mozy, Inc.) 2 MSK80Service; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.) 2 NETGEARGenieDaemon; C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [1029408 2012-03-06] (NETGEAR) 2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] () 2 QBCFMonitorService; "C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe" [45056 2011-04-05] (Intuit) 3 QBFCService; "C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe" [61440 2009-07-23] (Intuit Inc.) 4 RoxLiveShare10; "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [309744 2009-06-10] (Sonic Solutions) 2 RoxWatch10; "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe" [166384 2009-06-10] (Sonic Solutions) 2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [158856 2012-02-29] (Skype Technologies) 2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_61cf005dca0fb599\STacSV.exe [241746 2008-12-22] (IDT, Inc.) 3 rpcapd; "C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini" [x] 2 SessionLauncher; C:\Users\WINDSO~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x] 3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [x] ========================== Drivers (Whitelisted) ============= 3 cfwids; C:\Windows\System32\drivers\cfwids.sys [57600 2012-02-22] (McAfee, Inc.) 3 FACAP; C:\Windows\System32\DRIVERS\facap.sys [232832 2008-09-24] (Sensible Vision ) 3 HTCAND32; C:\Windows\System32\Drivers\ANDROIDUSB.sys [25088 2009-10-26] (HTC, Corporation) 3 htcnprot; C:\Windows\System32\DRIVERS\htcnprot.sys [23040 2010-06-23] (Windows ® Win 7 DDK provider) 3 IntcHdmiAddService; C:\Windows\System32\drivers\IntcHdmi.sys [127488 2010-03-15] (Intel® Corporation) 3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [54784 2009-06-12] (ITE Tech. Inc. ) 3 k57nd60x; C:\Windows\System32\DRIVERS\k57nd60x.sys [229888 2009-07-13] (Broadcom Corporation) 0 McPvDrv; C:\Windows\System32\drivers\McPvDrv.sys [64048 2011-04-11] (McAfee, Inc.) 3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121544 2012-02-22] (McAfee, Inc.) 3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [180848 2012-02-22] (McAfee, Inc.) 3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [59456 2012-02-22] (McAfee, Inc.) 3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [340920 2012-02-22] (McAfee, Inc.) 0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [464304 2012-02-22] (McAfee, Inc.) 1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [64912 2012-02-22] (McAfee, Inc.) 3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [87656 2012-02-22] (McAfee, Inc.) 0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [169608 2012-02-22] (McAfee, Inc.) 1 mozyFilter; C:\Windows\System32\DRIVERS\mozy.sys [54776 2011-07-11] (Mozy, Inc.) 2 NPF; \??\C:\Windows\system32\drivers\npf.sys [35088 2012-06-12] (CACE Technologies, Inc.) 3 OA001Ufd; C:\Windows\System32\DRIVERS\OA001Ufd.sys [133632 2009-03-06] (Creative Technology Ltd.) 3 OA001Vid; C:\Windows\System32\DRIVERS\OA001Vid.sys [280096 2009-03-08] (Creative Technology Ltd.) 3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation) 1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation) 3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation) 1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation) 3 mfeavfk01; [x] 3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x] 3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x] 3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x] ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-07-30 10:52 - 2012-07-30 10:52 - 00000000 ____D C:\FRST 2012-07-30 05:29 - 2012-07-30 05:29 - 00002683 ____A C:\Users\Windsor Castle\Desktop\RKreport[1].txt 2012-07-30 05:27 - 2012-07-30 05:29 - 00000000 ____D C:\Users\Windsor Castle\Desktop\RK_Quarantine 2012-07-30 04:31 - 2012-07-30 04:31 - 00147144 ____A C:\Windows\Minidump\073012-30170-01.dmp 2012-07-30 03:53 - 2012-07-30 03:53 - 00147128 ____A C:\Windows\Minidump\073012-20545-01.dmp 2012-07-30 03:19 - 2012-07-30 04:21 - 00000490 ____A C:\Users\Windsor Castle\Desktop\defogger_disable.log 2012-07-30 03:19 - 2012-07-30 03:19 - 00000000 ____A C:\Users\Windsor Castle\defogger_reenable 2012-07-30 03:15 - 2012-07-30 03:15 - 00050477 ____A C:\Users\Windsor Castle\Desktop\Defogger.exe 2012-07-30 03:14 - 2012-07-30 03:14 - 00002463 ____A C:\Users\Windsor Castle\Desktop\Google Chrome.lnk 2012-07-29 19:29 - 2012-07-30 05:26 - 00000000 ____D C:\Users\Windsor Castle\Desktop\Mal Ware 2012-07-29 15:07 - 2012-07-29 15:07 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-07-29 15:07 - 2012-07-29 15:07 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2012-07-29 15:07 - 2012-07-03 10:46 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-07-29 15:05 - 2012-07-29 15:05 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Windsor Castle\Downloads\mbam-setup-1.62.0.1300.exe 2012-07-15 10:52 - 2012-07-26 12:21 - 00039936 __ASH C:\Users\Windsor Castle\Desktop\Thumbs.db 2012-07-15 10:27 - 2012-07-15 10:27 - 00001041 ____A C:\Users\Windsor Castle\Desktop\Ableton Live 8 - Shortcut.lnk 2012-07-13 17:26 - 2012-07-13 17:26 - 00000000 ____D C:\Users\Windsor Castle\Desktop\Picasa 2012-07-11 10:08 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-07-11 10:08 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-07-11 10:08 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-07-11 10:08 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-07-11 10:08 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-07-11 10:08 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-07-11 10:08 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-07-11 10:08 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-07-11 10:08 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-07-11 10:08 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-07-11 10:08 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-07-11 10:08 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-07-11 10:08 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-07-11 10:08 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-07-11 10:05 - 2012-06-11 18:40 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-07-11 10:03 - 2012-07-11 10:04 - 00265356 ____A C:\Windows\msxml4-KB2721691-enu.LOG 2012-07-11 03:45 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-07-11 03:45 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-07-11 03:45 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-07-11 03:45 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-07-11 03:45 - 2012-06-01 20:45 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-07-11 03:45 - 2012-06-01 20:45 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-07-11 03:45 - 2012-06-01 20:40 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-07-11 03:45 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-07-11 03:45 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-07-11 03:45 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll 2012-07-11 03:38 - 2012-07-11 03:38 - 00000000 ____A C:\extensions.sqlite 2012-07-02 03:32 - 2012-07-03 13:57 - 00000000 ____D C:\Users\Windsor Castle\AppData\Roaming\Ableton 2012-07-02 03:32 - 2012-07-02 03:36 - 00000000 ____D C:\Users\Windsor Castle\Documents\Ableton 2012-07-02 03:31 - 2012-07-02 03:31 - 00000000 ____D C:\Program Files\Common Files\Propellerhead Software ============ 3 Months Modified Files ======================== 2012-07-30 07:27 - 2011-04-14 05:17 - 04157415 ____A C:\Windows\setupact.log 2012-07-30 07:27 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-07-30 07:14 - 2012-04-17 14:12 - 00000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job 2012-07-30 07:14 - 2010-10-06 06:16 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-07-30 07:09 - 2010-11-29 08:04 - 00000964 ____A C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-1412165527-1730432741-1582486250-1000UA.job 2012-07-30 07:09 - 2010-11-29 08:04 - 00000912 ____A C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-1412165527-1730432741-1582486250-1000Core.job 2012-07-30 06:52 - 2010-10-06 06:16 - 00000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-07-30 06:37 - 2010-07-01 15:41 - 00010048 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-07-30 06:37 - 2010-07-01 15:41 - 00010048 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-07-30 06:35 - 2010-07-01 16:31 - 00726270 ____A C:\Windows\System32\PerfStringBackup.INI 2012-07-30 06:14 - 2011-03-28 07:46 - 00000944 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1412165527-1730432741-1582486250-1000UA.job 2012-07-30 05:39 - 2010-07-01 16:20 - 01529511 ____A C:\Windows\WindowsUpdate.log 2012-07-30 05:29 - 2012-07-30 05:29 - 00002683 ____A C:\Users\Windsor Castle\Desktop\RKreport[1].txt 2012-07-30 05:22 - 2011-09-12 07:18 - 00004648 ____A C:\Windows\mozy.blk 2012-07-30 05:22 - 2011-09-12 07:18 - 00000698 ____A C:\Windows\mozy.flt 2012-07-30 04:31 - 2012-07-30 04:31 - 00147144 ____A C:\Windows\Minidump\073012-30170-01.dmp 2012-07-30 04:31 - 2011-04-27 12:16 - 346784198 ____A C:\Windows\MEMORY.DMP 2012-07-30 04:21 - 2012-07-30 03:19 - 00000490 ____A C:\Users\Windsor Castle\Desktop\defogger_disable.log 2012-07-30 03:53 - 2012-07-30 03:53 - 00147128 ____A C:\Windows\Minidump\073012-20545-01.dmp 2012-07-30 03:19 - 2012-07-30 03:19 - 00000000 ____A C:\Users\Windsor Castle\defogger_reenable 2012-07-30 03:15 - 2012-07-30 03:15 - 00050477 ____A C:\Users\Windsor Castle\Desktop\Defogger.exe 2012-07-30 03:14 - 2012-07-30 03:14 - 00002463 ____A C:\Users\Windsor Castle\Desktop\Google Chrome.lnk 2012-07-29 19:31 - 2010-07-01 16:04 - 00046666 ____A C:\Windows\PFRO.log 2012-07-29 15:07 - 2012-07-29 15:07 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-07-29 15:05 - 2012-07-29 15:05 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Windsor Castle\Downloads\mbam-setup-1.62.0.1300.exe 2012-07-29 14:14 - 2011-03-28 07:46 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1412165527-1730432741-1582486250-1000Core.job 2012-07-29 04:00 - 2012-04-04 04:41 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2012-07-29 04:00 - 2011-05-20 04:07 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2012-07-26 12:21 - 2012-07-15 10:52 - 00039936 __ASH C:\Users\Windsor Castle\Desktop\Thumbs.db 2012-07-24 17:34 - 2009-04-13 14:34 - 00001156 ____A C:\Users\Windsor Castle\AppData\Roaming\wklnhst.dat 2012-07-24 07:58 - 2012-06-12 07:59 - 00000406 ____A C:\Windows\Tasks\EasyShare Registration Task.job 2012-07-15 10:27 - 2012-07-15 10:27 - 00001041 ____A C:\Users\Windsor Castle\Desktop\Ableton Live 8 - Shortcut.lnk 2012-07-11 10:14 - 2009-07-13 20:33 - 00494136 ____A C:\Windows\System32\FNTCACHE.DAT 2012-07-11 10:05 - 2010-07-14 09:37 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-07-11 10:04 - 2012-07-11 10:03 - 00265356 ____A C:\Windows\msxml4-KB2721691-enu.LOG 2012-07-11 03:38 - 2012-07-11 03:38 - 00000000 ____A C:\extensions.sqlite 2012-07-09 02:24 - 2012-04-17 14:12 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job 2012-07-03 10:46 - 2012-07-29 15:07 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-06-29 03:31 - 2009-07-13 20:53 - 00032586 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-06-25 13:04 - 2012-06-25 13:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\System32\msxml4.dll 2012-06-12 08:22 - 2011-12-03 11:39 - 00002008 ____A C:\Users\Public\Desktop\NETGEAR Genie.lnk 2012-06-12 08:22 - 2009-10-20 10:20 - 00096784 ____A (CACE Technologies, Inc.) C:\Windows\System32\packet.dll 2012-06-12 08:22 - 2009-10-20 10:19 - 00281104 ____A (CACE Technologies, Inc.) C:\Windows\System32\wpcap.dll 2012-06-12 08:22 - 2009-10-20 10:19 - 00035088 ____A (CACE Technologies, Inc.) C:\Windows\System32\Drivers\npf.sys 2012-06-12 08:01 - 2012-06-12 08:01 - 00000020 ___SH C:\Users\kodak\ntuser.ini 2012-06-12 08:00 - 2012-06-12 08:00 - 00002247 ____A C:\Users\Public\Desktop\Kodak EasyShare digital display software.lnk 2012-06-11 18:40 - 2012-07-11 10:05 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-06-10 04:42 - 2012-06-10 04:42 - 00174024 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2012-06-10 04:42 - 2012-06-10 04:42 - 00174024 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2012-06-08 20:41 - 2012-07-11 03:45 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-06-08 05:52 - 2012-06-08 05:52 - 00038956 ____A C:\Users\Windsor Castle\Desktop\somerset jpg.zip 2012-06-05 21:05 - 2012-07-11 03:45 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-06-05 21:05 - 2012-07-11 03:45 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-06-05 21:03 - 2012-07-11 03:45 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-06-02 14:19 - 2012-06-23 11:23 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-02 14:19 - 2012-06-23 11:23 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-02 14:19 - 2012-06-23 11:23 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-02 14:19 - 2012-06-23 11:23 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-02 14:19 - 2012-06-23 11:23 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-02 14:12 - 2012-06-23 11:23 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-02 14:12 - 2012-06-23 11:23 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-02 12:19 - 2012-06-23 11:22 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-02 12:12 - 2012-06-23 11:22 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-06-02 01:07 - 2012-07-11 10:08 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-06-02 00:43 - 2012-07-11 10:08 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-06-02 00:33 - 2012-07-11 10:08 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-06-02 00:26 - 2012-07-11 10:08 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-06-02 00:25 - 2012-07-11 10:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-06-02 00:25 - 2012-07-11 10:08 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-06-02 00:23 - 2012-07-11 10:08 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-06-02 00:21 - 2012-07-11 10:08 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-06-02 00:20 - 2012-07-11 10:08 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-06-02 00:19 - 2012-07-11 10:08 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-06-02 00:19 - 2012-07-11 10:08 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-06-02 00:17 - 2012-07-11 10:08 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-06-02 00:16 - 2012-07-11 10:08 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-06-02 00:14 - 2012-07-11 10:08 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-06-01 20:45 - 2012-07-11 03:45 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-06-01 20:45 - 2012-07-11 03:45 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-06-01 20:40 - 2012-07-11 03:45 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-06-01 20:40 - 2012-07-11 03:45 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-06-01 20:39 - 2012-07-11 03:45 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-05-16 10:30 - 2012-05-16 10:30 - 00001817 ____A C:\Users\Public\Desktop\QuickTime Player.lnk 2012-05-12 13:05 - 2012-05-12 13:05 - 00001042 ____A C:\Users\Public\Desktop\HTC Sync.lnk 2012-05-10 06:00 - 2012-05-10 05:59 - 01478583 ____A C:\Users\Windsor Castle\Desktop\PFO FB Menu.zip ZeroAccess: C:\Windows\Installer\{3f26e2e7-2735-753d-b876-4662f4d89180} C:\Windows\Installer\{3f26e2e7-2735-753d-b876-4662f4d89180}\@ C:\Windows\Installer\{3f26e2e7-2735-753d-b876-4662f4d89180}\L C:\Windows\Installer\{3f26e2e7-2735-753d-b876-4662f4d89180}\U ZeroAccess: C:\Users\Windsor Castle\AppData\Local\{3f26e2e7-2735-753d-b876-4662f4d89180} C:\Users\Windsor Castle\AppData\Local\{3f26e2e7-2735-753d-b876-4662f4d89180}\@ C:\Users\Windsor Castle\AppData\Local\{3f26e2e7-2735-753d-b876-4662f4d89180}\L C:\Users\Windsor Castle\AppData\Local\{3f26e2e7-2735-753d-b876-4662f4d89180}\U ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 13% Total physical RAM: 4028.89 MB Available physical RAM: 3491.54 MB Total Pagefile: 4027.17 MB Available Pagefile: 3501.91 MB Total Virtual: 2047.88 MB Available Virtual: 1968.7 MB ======================= Partitions ========================= 1 Drive c: (OS) (Fixed) (Total:288.02 GB) (Free:169.69 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 2 Drive e: (RECOVERY) (Fixed) (Total:10 GB) (Free:4.1 GB) NTFS 4 Drive g: () (Removable) (Total:3.76 GB) (Free:3.32 GB) FAT32 5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 6 Drive y: (DATAPART1) (Fixed) (Total:298.09 GB) (Free:295.43 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 298 GB 0 B Disk 1 Online 298 GB 0 B Disk 2 Online 3855 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 298 GB 1024 KB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y DATAPART1 NTFS Partition 298 GB Healthy ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 70 MB 31 KB Partition 2 Primary 10 GB 71 MB Partition 3 Primary 288 GB 10 GB ================================================================================== Disk: 1 Partition 1 Type : DE Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 5 FAT Partition 70 MB Healthy Hidden ================================================================================== Disk: 1 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 E RECOVERY NTFS Partition 10 GB Healthy ================================================================================== Disk: 1 Partition 3 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 C OS NTFS Partition 288 GB Healthy ================================================================================== Partitions of Disk 2: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 3855 MB 31 KB ================================================================================== Disk: 2 Partition 1 Type : 0B Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 G FAT32 Removable 3855 MB Healthy ================================================================================== ========================================================== Last Boot: 2011-12-01 06:43 ======================= End Of Log ========================== Farbar Recovery Scan Tool Version: 25-07-2012 01 Ran by SYSTEM at 2012-07-30 11:07:27 Running from G:\ ================== Search: "services.exe" =================== C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe [2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 C:\Windows\System32\services.exe [2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 C:\Windows\ERDNT\cache\services.exe [2011-04-13 08:25] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 === End Of Search ===
  7. RogueKiller V7.6.4 [07/17/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User: Windsor Castle [Admin rights] Mode: Scan -- Date: 07/30/2012 08:29:33 ¤¤¤ Bad processes: 2 ¤¤¤ [sUSP PATH] FLVSrvLib.dll -- C:\Users\Windsor Castle\AppData\Local\FLVService\lib\FLVSrvLib.dll -> UNLOADED [sUSP PATH] FLVSrvLib.dll -- C:\Users\Windsor Castle\AppData\Local\FLVService\lib\FLVSrvLib.dll -> UNLOADED ¤¤¤ Registry Entries: 4 ¤¤¤ [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND [HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] @ : c:\windows\installer\{3f26e2e7-2735-753d-b876-4662f4d89180}\@ --> FOUND [ZeroAccess][FOLDER] U : c:\windows\installer\{3f26e2e7-2735-753d-b876-4662f4d89180}\U --> FOUND [ZeroAccess][FOLDER] L : c:\windows\installer\{3f26e2e7-2735-753d-b876-4662f4d89180}\L --> FOUND [ZeroAccess][FILE] @ : c:\users\windsor castle\appdata\local\{3f26e2e7-2735-753d-b876-4662f4d89180}\@ --> FOUND [ZeroAccess][FOLDER] U : c:\users\windsor castle\appdata\local\{3f26e2e7-2735-753d-b876-4662f4d89180}\U --> FOUND [ZeroAccess][FOLDER] L : c:\users\windsor castle\appdata\local\{3f26e2e7-2735-753d-b876-4662f4d89180}\L --> FOUND ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS543232L9A300 ATA Device +++++ --- User --- [MBR] 265a230994cbb566d317d06337ce6a08 [bSP] 79c3827e6536ec1b3c70290d863ee8df : Windows Vista MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 305243 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WDC WD3200BEVT-75ZCT2 ATA Device +++++ --- User --- [MBR] a4e2d7855538519fe85a1bba05645ce7 [bSP] e8808308525a7b997197b3a25c9137ae : Windows 7 MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 70 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 145408 | Size: 10240 Mo 2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21116928 | Size: 294933 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt
  8. McAfee firewall began turning on and off and alerted to a trojan - zeroaccess. Followed the "I'm infected thread" Ran Defogger as Admin but it did not follow through to re-boot and this is the text file. Malware results attached. Ran DDS and text attached as well as attach zip. GMER ran as Admin and failed in 3 attempts. Program received an error and stopped working. Results of Defogger: Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.29.09 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Windsor Castle :: TECHTOP [administrator] 7/29/2012 10:34:48 PM mbam-log-2012-07-29 (22-34-48).txt Scan type: Full scan (C:\|D:\|E:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 438717 Time elapsed: 2 hour(s), 45 minute(s), 49 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1 Run by Windsor Castle at 6:34:09 on 2012-07-30 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3005.1730 [GMT -5:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Program Files\Sensible Vision\Fast Access\FAService.exe C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_61cf005dca0fb599\STacSV.exe C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_61cf005dca0fb599\aestsrv.exe C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe C:\Windows\system32\mfevtps.exe C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe C:\Windows\system32\rundll32.exe C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files\Google\Update\1.3.21.115\GoogleCrashHandler.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft\BingBar\SeaPort.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files\Dell\DellDock\DellDock.exe C:\Program Files\DellTPad\Apoint.exe C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe C:\Windows\Samsung\PanelMgr\SSMMgr.exe C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\McAfee\MAT\McPvTray.exe C:\Program Files\Sensible Vision\Fast Access\FATrayMon.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Freecorder\FLVSrvc.exe C:\Program Files\Sensible Vision\Fast Access\FATrayAlert.exe C:\Program Files\Zune\ZuneLauncher.exe C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\Apntex.exe C:\Windows\system32\conhost.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Users\Windsor Castle\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe C:\Program Files\MozyHome\mozystat.exe C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\NETGEAR Genie\bin\genie_tray.exe C:\Program Files\MozyHome\mozybackup.exe C:\Program Files\MozyHome\mozybackup.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://aims.jocogov.org uURLSearchHooks: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - c:\program files\tversitybar\prxtbTVer.dll mURLSearchHooks: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - c:\program files\tversitybar\prxtbTVer.dll mURLSearchHooks: H - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll BHO: jZip Webmail plugin: {647fd14a-c4f1-46f4-8fc3-0b40f54226f7} - c:\program files\jzip\WebmailPlugin.dll BHO: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - c:\program files\tversitybar\prxtbTVer.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120624195720.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll" BHO: Face recognition web login for FastAccess: {da5bce70-d057-4d63-943d-5f3927ec59f1} - c:\program files\sensible vision\fast access\FAIESSO.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll" TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - c:\program files\tversitybar\prxtbTVer.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler uRun: [RockMelt Update] "c:\users\windsor castle\appdata\local\rockmelt\update\RockMeltUpdate.exe" /c uRun: [Google Update] "c:\users\windsor castle\appdata\local\google\update\GoogleUpdate.exe" /c uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [NETGEARGenie] "c:\program files\netgear genie\bin\NETGEARGenie.exe" -mini -redirect mRun: [Apoint] c:\program files\delltpad\Apoint.exe mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell.exe" /mode2 mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe" mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe" mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup mRun: [AmazonGSDownloaderTray] c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderTray.exe mRun: [samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun mRun: [FAStartup] mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [McPvTray_exe] "c:\program files\mcafee\mat\McPvTray.exe" mRun: [FATrayAlert] c:\program files\sensible vision\fast access\FATrayMon.exe mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [OA001Cfg.exe] OA001Cfg.exe mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe" mRun: [HTC Sync Loader] "c:\program files\htc\htc sync 3.0\htcUPCTLoader.exe" -startup mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" StartupFolder: c:\users\windso~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe StartupFolder: c:\users\windso~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE StartupFolder: c:\users\windso~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mozyho~1.lnk - c:\program files\mozyhome\mozystat.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: &Winamp Search - c:\programdata\winamp toolbar\ietoolbar\resources\en-us\local\search.html IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105 IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Trusted Zone: cacu.com\secureaccess DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{819B9705-A185-4FC0-B57B-BB9234A2EB3F} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{A8908502-DFBB-4D1B-996E-D174745CC8C7} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{A8908502-DFBB-4D1B-996E-D174745CC8C7}\74F6C64656E645275656 : DhcpNameServer = 12.127.16.67 4.2.2.1 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll Notify: FastAccess - c:\program files\sensible vision\fast access\FALogNot.dll Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll Notify: igfxcui - igfxdev.dll LSA: Notification Packages = scecli FAPassSync . ================= FIREFOX =================== . FF - ProfilePath - c:\users\windsor castle\appdata\roaming\mozilla\firefox\profiles\ookkq5vc.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2548838&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/ FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\users\windsor castle\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\users\windsor castle\appdata\local\rockmelt\update\1.2.189.1\npRockMeltOneClick8.dll FF - plugin: c:\users\windsor castle\appdata\roaming\move networks\plugins\npqmp071500000347.dll FF - plugin: c:\users\windsor castle\appdata\roaming\mozilla\firefox\profiles\ookkq5vc.default\extensions\2020player_ikea@2020technologies.com\plugins\NP_2020Player_IKEA.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_268.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npmproxy.dll FF - plugin: c:\windows\system32\wat\npWatWeb.dll . ============= SERVICES / DRIVERS =============== . R0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2011-5-9 64048] R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-3-13 464304] R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-5-9 169608] R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-5-9 64912] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928] R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_61cf005dca0fb599\AEstSrv.exe [2009-4-7 81920] R2 Amazon Download Agent;Amazon Download Agent;c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderService.exe [2010-7-8 401920] R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2010-1-11 155648] R2 FAService;FAService;c:\program files\sensible vision\fast access\FAService.exe [2011-4-23 2412728] R2 KodakDigitalDisplayService;KodakDigitalDisplayService;c:\program files\kodak\digital display\orbkodaklauncher\DllStartupService.exe [2009-5-14 98304] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-5-9 214904] R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-5-9 214904] R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-5-9 214904] R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-5-9 166288] R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-5-9 161632] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-5-9 151880] R2 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files\netgear genie\bin\NETGEARGenieDaemon.exe [2012-3-7 1029408] R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2011-9-15 88576] R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2010-12-5 5120] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008] R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\drivers\facap.sys [2008-9-24 232832] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-3-15 127488] R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2009-6-12 54784] R3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-7-13 229888] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-5-9 180848] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-5-9 340920] R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168] R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-3-6 133632] R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-3-8 280096] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-6 136176] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-5-9 214904] S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2009-6-10 166384] S2 SessionLauncher;SessionLauncher;c:\users\windso~1\appdata\local\temp\dx9\sessionlauncher.exe --> c:\users\windso~1\appdata\local\temp\dx9\SessionLauncher.exe [?] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-5-9 57600] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-6 136176] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 25088] S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-23 23040] S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-5-9 59456] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-5-9 87656] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 113120] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-4-8 15872] S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-6-10 1124848] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-8 52224] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-2 1343400] S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2011-8-5 268512] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe --> c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [?] S4 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2009-6-10 309744] . =============== Created Last 30 ================ . 2012-07-29 23:07:37 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-29 23:07:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-07-11 18:05:02 2345984 ----a-w- c:\windows\system32\win32k.sys 2012-07-02 11:32:53 -------- d-----w- c:\users\windsor castle\appdata\roaming\Ableton 2012-07-02 11:31:22 -------- d-----w- c:\program files\common files\Propellerhead Software . ==================== Find3M ==================== . 2012-07-29 12:00:12 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-29 12:00:12 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-25 21:04:24 1394248 ----a-w- c:\windows\system32\msxml4.dll 2012-06-12 16:22:03 96784 ----a-w- c:\windows\system32\packet.dll 2012-06-12 16:22:03 35088 ----a-w- c:\windows\system32\drivers\npf.sys 2012-06-12 16:22:03 281104 ----a-w- c:\windows\system32\wpcap.dll 2012-06-06 05:05:52 1390080 ----a-w- c:\windows\system32\msxml6.dll 2012-06-06 05:05:52 1236992 ----a-w- c:\windows\system32\msxml3.dll 2012-06-06 05:03:06 805376 ----a-w- c:\windows\system32\cdosys.dll 2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 20:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 20:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-06-02 04:45:04 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-06-02 04:45:03 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-06-02 04:40:59 369336 ----a-w- c:\windows\system32\drivers\cng.sys 2012-06-02 04:40:39 225280 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- c:\windows\system32\ncrypt.dll . ============= FINISH: 6:35:08.13 =============== Attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.