Jump to content

Schrodinger

Honorary Members
 View Profile  See their activity

  • Posts

    32

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Schrodinger
    No need to apologize. You got my computer back to 99%. Before the big crash yesterday it was working great. Thanks for your help.
  2. Schrodinger
    And now I have another issue. My computer locks up completely. It will load to the main screen but if I click anything, it locks up. Ctr+Alt+Del does nothing. I tried loading in safe mode but it locks up as the \windows\system32\drivers.... is loading. Would you recommend I simply reinstall Windows Vista? I have the discs. Also, when I did load in normal mode, McAfee apparently detected a trojan and removed it but I was unable to click anything. I'm getting very close to just tossing this into the garbage and buying a new one.
  3. Schrodinger
    Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) (x86) Version: 05-09-2012 Ran by SYSTEM at 06-09-2012 20:43:25 Running from E:\ Windows Vista Home Premium Service Pack 1 (X86) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [178712 2007-10-03] (Intel Corporation) HKLM\...\Run: [broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe [3563520 2008-03-11] (Dell Inc.) HKLM\...\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [1037736 2007-08-31] (Microsoft Corporation) HKLM\...\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter [206064 2009-05-21] (SupportSoft, Inc.) HKLM\...\Run: [steelSeries World of Warcraft Cataclysm MMO Gaming Mouse] "C:\Program Files\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMHID2.exe" [1993216 2011-08-18] (SteelSeries) HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1318816 2012-03-21] (McAfee, Inc.) HKLM\...\Run: [McPvTray_exe] "C:\Program Files\McAfee\MAT\McPvTray.exe" [419904 2011-04-08] (McAfee, Inc.) HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.) HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.) HKU\Dayved\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation) HKU\Dayved\...\Run: [TouchFreeze] C:\Program Files\TouchFreeze\TouchFreeze.exe [45056 2005-04-29] () HKU\Dayved\...\Run: [Akamai NetSession Interface] "C:\Users\Dayved\AppData\Local\Akamai\netsession_win.exe" [3331872 2012-03-13] (Akamai Technologies, Inc) HKU\Dayved\...\Policies\system: [DisableCMD] 0 HKU\Mcx1\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation) HKU\Mcx1\...\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.) HKU\Mcx1\...\Run: [Google Update] "C:\Users\Dayved\AppData\Local\Google\Update\GoogleUpdate.exe" /c [x] HKU\Mcx1\...\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [x] HKU\Mcx1\...\Winlogon: [shell] C:\Windows\eHome\McrMgr.exe [173056 2009-04-10] (Microsoft Corporation) HKU\Mcx2\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation) HKU\Mcx2\...\Winlogon: [shell] C:\Windows\eHome\McrMgr.exe [173056 2009-04-10] (Microsoft Corporation) HKLM\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [462920 2012-07-03] (Malwarebytes Corporation) Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220 Startup: C:\Users\Dayved\Start Menu\Programs\Startup\AutorunsDisabled () Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Mcx1\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Mcx2\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\postgres\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) ==================== Services ================================ 2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\aestsrv.exe [73728 2008-06-25] (Andrea Electronics Corporation) 2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [161048 2008-04-28] (Stardock Corporation) 2 lxce_device; C:\Windows\system32\lxcecoms.exe -service [537520 2007-03-08] ( ) 2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.) 2 McMPFSvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.) 2 mcmscsvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.) 2 McNaiAnn; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.) 2 McNASvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.) 3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [362008 2012-08-23] (McAfee, Inc.) 2 McProxy; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.) 2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [166288 2012-03-20] (McAfee, Inc.) 2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [161632 2012-03-20] (McAfee, Inc.) 2 mfevtp; "C:\Windows\system32\mfevtps.exe" [151880 2012-03-20] (McAfee, Inc.) 2 MOBKbackup; "C:\Program Files\McAfee Online Backup\MOBKbackup.exe" [229688 2010-04-13] (McAfee, Inc.) 2 MSK80Service; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.) 2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter [201968 2008-08-13] (SupportSoft, Inc.) 2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\STacSV.exe [221273 2008-06-25] (IDT, Inc.) 2 WebClient; C:\Windows\System32\svchost.exe -k LocalService [21504 2008-01-20] (Microsoft Corporation) 2 WPDBusEnum; C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [21504 2008-01-20] (Microsoft Corporation) 2 pgsql-8.3; "C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe" runservice -w -N "pgsql-8.3" -D "C:\Program Files\PostgreSQL\8.3\data\" [x] ==================== Drivers ================================= 3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-03-11] (Broadcom Corporation) 3 cfwids; C:\Windows\System32\drivers\cfwids.sys [57600 2012-02-22] (McAfee, Inc.) 0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () 3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [54784 2008-03-14] (ITE Tech. Inc. ) 3 k57nd60x; C:\Windows\System32\DRIVERS\k57nd60x.sys [203264 2008-03-13] (Broadcom Corporation) 0 McPvDrv; C:\Windows\System32\drivers\McPvDrv.sys [64048 2011-04-11] (McAfee, Inc.) 3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121544 2012-02-22] (McAfee, Inc.) 3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [180848 2012-02-22] (McAfee, Inc.) 3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [59456 2012-02-22] (McAfee, Inc.) 3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [340920 2012-02-22] (McAfee, Inc.) 0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [464304 2012-02-22] (McAfee, Inc.) 1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [64912 2012-02-22] (McAfee, Inc.) 3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [87656 2012-02-22] (McAfee, Inc.) 3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34248 2009-09-16] (McAfee, Inc.) 3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40552 2009-09-16] (McAfee, Inc.) 1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [169608 2012-02-22] (McAfee, Inc.) 1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [54776 2010-04-13] (Mozy, Inc.) 1 nipplpt2; C:\Windows\system32\drivers\nipplpt.sys [34592 2008-10-20] () 3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-08] (Microsoft Corporation) 3 OA001Ufd; C:\Windows\System32\DRIVERS\OA001Ufd.sys [149208 2008-03-10] (Creative Technology Ltd.) 3 OA001Vid; C:\Windows\System32\DRIVERS\OA001Vid.sys [277624 2008-03-10] (Creative Technology Ltd.) 0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [43840 2007-11-14] (Sonic Solutions) 3 R300; C:\Windows\System32\DRIVERS\atikmdag.sys [9334784 2012-04-05] (Advanced Micro Devices, Inc.) 0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software) 3 SSMO3v2Filter; C:\Windows\System32\drivers\MO3v2Driver.sys [17408 2010-12-17] (Sagatek Co. Ltd.) 3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [21344 2005-05-26] (LG Electronics Inc.) 3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [38144 2005-05-26] (LG Electronics Inc.) 3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [39036 2005-06-24] (LG Electronics Inc.) 3 ALSysIO; \??\C:\Users\Dayved\AppData\Local\Temp\ALSysIO.sys [x] 3 catchme; \??\C:\Users\Dayved\AppData\Local\Temp\catchme.sys [x] 3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x] 3 mfeavfk01; [x] 3 MREMP50; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [x] 3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x] 3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x] 3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x] 3 MRESP50; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [x] 3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x] 3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x] 3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x] 3 PalmUSBD; C:\Windows\System32\drivers\PalmUSBD.sys [x] 3 pgfilter; \??\C:\Program Files\PeerGuardian2\pgfilter.sys [x] ==================== NetSvcs (Whitelisted) ================= ============ One Month Created Files and Folders ============== 2012-09-06 17:39 - 2012-09-06 17:40 - 00903194 ____A (Farbar) C:\Users\Dayved\Desktop\FRST.exe 2012-09-03 06:12 - 2012-09-03 06:12 - 00294400 ____A C:\Users\Dayved\Desktop\exeHelper.com 2012-09-01 19:30 - 2012-09-01 19:30 - 00000000 ____D C:\Users\Dayved\Desktop\33 New Poker Books 2012-08-28 15:29 - 2012-09-03 06:48 - 00000000 ____D C:\FRST 2012-08-26 07:03 - 2012-08-26 07:03 - 00000000 ____D C:\Crash 2012-08-22 07:26 - 2012-08-22 07:26 - 00013269 ____A C:\Users\Dayved\Desktop\combofix2.txt 2012-08-22 07:26 - 2012-08-22 07:26 - 00013269 ____A C:\ComboFix.txt 2012-08-22 07:12 - 2012-08-22 07:26 - 00000000 ____D C:\ComboFix 2012-08-21 18:06 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe 2012-08-21 18:06 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe 2012-08-21 18:06 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2012-08-21 18:06 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2012-08-21 18:06 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2012-08-21 18:06 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe 2012-08-21 18:06 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe 2012-08-21 18:06 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe 2012-08-21 17:54 - 2012-08-22 07:26 - 00000000 ____D C:\Qoobox 2012-08-21 17:53 - 2012-08-21 18:36 - 00000000 ____D C:\Windows\erdnt 2012-08-21 09:41 - 2012-08-21 09:41 - 00001246 ____A C:\Users\Dayved\Desktop\FixExec.txt 2012-08-21 09:35 - 2012-08-21 09:35 - 00883616 ____A (Bleeping Computer, LLC) C:\Users\Dayved\Desktop\FixExec.com 2012-08-20 06:18 - 2012-08-20 06:19 - 00000000 ____D C:\Users\Dayved\Desktop\New Folder (2) 2012-08-19 06:53 - 2012-08-20 08:44 - 00003016 ____A C:\Users\Dayved\Desktop\FSS.txt 2012-08-19 06:40 - 2012-08-15 10:20 - 00693235 ____A (Farbar) C:\Users\Dayved\Desktop\FSS.exe 2012-08-19 06:13 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-08-19 06:13 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-08-19 06:13 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-08-19 06:13 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-08-19 06:13 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-08-19 06:13 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-08-19 06:13 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-08-19 06:13 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-08-19 06:13 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-08-19 06:13 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-08-19 06:13 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-08-19 06:13 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-08-19 06:13 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-08-19 06:13 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-08-19 06:12 - 2012-07-04 06:02 - 02047488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-08-18 12:38 - 2012-06-29 08:01 - 00467968 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll 2012-08-18 12:38 - 2012-05-11 07:57 - 00623616 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll 2012-08-18 12:25 - 2012-09-06 17:41 - 01894639 ____A C:\Windows\WindowsUpdate.log 2012-08-18 03:42 - 2008-05-07 19:03 - 00303616 ____A ( ) C:\SetACL.exe 2012-08-18 03:18 - 2004-06-11 13:33 - 00290304 ____A (Microsoft Corporation) C:\subinacl.exe 2012-08-17 17:20 - 2012-08-17 17:20 - 00000207 ____A C:\Windows\tweaking.com-regbackup-DAYVED-PC-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat 2012-08-17 17:20 - 2012-08-17 17:20 - 00000000 ____D C:\RegBackup 2012-08-17 17:18 - 2011-10-24 10:35 - 00000000 ____D C:\Users\Dayved\Desktop\Tweaking.com - Windows Repair 2012-08-17 17:15 - 2012-08-17 17:15 - 00000000 ____D C:\Users\Dayved\Desktop\New Folder 2012-08-14 08:03 - 2012-08-14 08:03 - 00001622 ____A C:\Users\Dayved\Desktop\aswMBR.txt 2012-08-14 03:11 - 2012-08-26 06:40 - 00003012 ____A C:\Windows\PFRO.log 2012-08-13 19:10 - 2012-08-13 19:10 - 00023828 ____A C:\Users\Dayved\Desktop\attach.txt 2012-08-13 19:07 - 2012-08-13 19:07 - 00607260 ____R (Swearware) C:\Users\Dayved\Desktop\dds.com 2012-08-13 19:02 - 2012-08-13 19:02 - 00000868 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-08-13 19:02 - 2012-08-13 19:02 - 00000000 ____D C:\Users\Dayved\AppData\Roaming\Malwarebytes 2012-08-13 19:02 - 2012-08-13 19:02 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2012-08-13 19:02 - 2012-07-03 10:46 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-08-13 18:52 - 2012-08-13 18:03 - 00607260 ____R (Swearware) C:\Users\Dayved\Desktop\dds.scr 2012-08-13 11:36 - 2012-08-13 11:36 - 00030060 ____A C:\Users\Dayved\Documents\cc_20120813_143612.reg 2012-08-13 11:26 - 2012-08-13 11:26 - 00000802 ____A C:\Users\Dayved\Desktop\Free Window Registry Repair.lnk ============ 3 Months Modified Files ======================== 2012-09-06 17:41 - 2012-08-18 12:25 - 01894639 ____A C:\Windows\WindowsUpdate.log 2012-09-06 17:41 - 2008-07-29 21:02 - 00000012 ____A C:\Windows\bthservsdp.dat 2012-09-06 17:41 - 2006-11-02 05:01 - 00032572 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-09-06 17:41 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-09-06 17:41 - 2006-11-02 04:47 - 00003616 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2012-09-06 17:41 - 2006-11-02 04:47 - 00003616 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2012-09-06 17:40 - 2012-09-06 17:39 - 00903194 ____A (Farbar) C:\Users\Dayved\Desktop\FRST.exe 2012-09-06 17:39 - 2006-11-02 02:33 - 00716862 ____A C:\Windows\System32\PerfStringBackup.INI 2012-09-06 12:50 - 2012-06-18 18:56 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-09-03 06:12 - 2012-09-03 06:12 - 00294400 ____A C:\Users\Dayved\Desktop\exeHelper.com 2012-09-02 12:02 - 2008-08-06 05:04 - 00147456 ____A C:\Users\Dayved\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-08-26 06:40 - 2012-08-14 03:11 - 00003012 ____A C:\Windows\PFRO.log 2012-08-22 09:21 - 2012-05-28 03:39 - 00000785 ____A C:\Users\Dayved\Desktop\World of Warcraft.lnk 2012-08-22 07:26 - 2012-08-22 07:26 - 00013269 ____A C:\Users\Dayved\Desktop\combofix2.txt 2012-08-22 07:26 - 2012-08-22 07:26 - 00013269 ____A C:\ComboFix.txt 2012-08-22 07:23 - 2006-11-02 02:23 - 00000215 ____A C:\Windows\system.ini 2012-08-21 18:42 - 2008-08-31 09:32 - 00001356 ____A C:\Users\Dayved\AppData\Local\d3d9caps.dat 2012-08-21 09:41 - 2012-08-21 09:41 - 00001246 ____A C:\Users\Dayved\Desktop\FixExec.txt 2012-08-21 09:35 - 2012-08-21 09:35 - 00883616 ____A (Bleeping Computer, LLC) C:\Users\Dayved\Desktop\FixExec.com 2012-08-20 08:50 - 2012-06-04 10:14 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2012-08-20 08:50 - 2011-06-29 04:22 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2012-08-20 08:44 - 2012-08-19 06:53 - 00003016 ____A C:\Users\Dayved\Desktop\FSS.txt 2012-08-20 08:42 - 2006-11-02 04:47 - 00312096 ____A C:\Windows\System32\FNTCACHE.DAT 2012-08-19 06:15 - 2006-11-02 02:24 - 59884088 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe 2012-08-18 03:47 - 2008-08-04 15:49 - 00073616 ____A C:\Users\Dayved\AppData\Local\GDIPFONTCACHEV1.DAT 2012-08-17 17:20 - 2012-08-17 17:20 - 00000207 ____A C:\Windows\tweaking.com-regbackup-DAYVED-PC-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat 2012-08-15 10:20 - 2012-08-19 06:40 - 00693235 ____A (Farbar) C:\Users\Dayved\Desktop\FSS.exe 2012-08-14 08:03 - 2012-08-14 08:03 - 00001622 ____A C:\Users\Dayved\Desktop\aswMBR.txt 2012-08-13 19:10 - 2012-08-13 19:10 - 00023828 ____A C:\Users\Dayved\Desktop\attach.txt 2012-08-13 19:07 - 2012-08-13 19:07 - 00607260 ____R (Swearware) C:\Users\Dayved\Desktop\dds.com 2012-08-13 19:02 - 2012-08-13 19:02 - 00000868 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-08-13 18:03 - 2012-08-13 18:52 - 00607260 ____R (Swearware) C:\Users\Dayved\Desktop\dds.scr 2012-08-13 11:36 - 2012-08-13 11:36 - 00030060 ____A C:\Users\Dayved\Documents\cc_20120813_143612.reg 2012-08-13 11:26 - 2012-08-13 11:26 - 00000802 ____A C:\Users\Dayved\Desktop\Free Window Registry Repair.lnk 2012-07-04 06:02 - 2012-08-19 06:12 - 02047488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-07-03 10:46 - 2012-08-13 19:02 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-06-29 08:01 - 2012-08-18 12:38 - 00467968 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll 2012-06-28 16:52 - 2012-08-19 06:13 - 12317184 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-06-28 16:27 - 2012-08-19 06:13 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-06-28 16:16 - 2012-08-19 06:13 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-06-28 16:09 - 2012-08-19 06:13 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-06-28 16:09 - 2012-08-19 06:13 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-06-28 16:08 - 2012-08-19 06:13 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-06-28 16:07 - 2012-08-19 06:13 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-06-28 16:06 - 2012-08-19 06:13 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-06-28 16:04 - 2012-08-19 06:13 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-06-28 16:04 - 2012-08-19 06:13 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-06-28 16:01 - 2012-08-19 06:13 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-06-28 16:01 - 2012-08-19 06:13 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-06-28 16:00 - 2012-08-19 06:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-06-28 15:57 - 2012-08-19 06:13 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-06-20 17:13 - 2012-06-20 17:13 - 00000766 ____A C:\Users\postgres\Desktop\SpeedFan.lnk 2012-06-20 17:13 - 2012-06-20 17:13 - 00000766 ____A C:\Users\Mcx2\Desktop\SpeedFan.lnk 2012-06-20 17:13 - 2012-06-20 17:13 - 00000766 ____A C:\Users\Mcx1\Desktop\SpeedFan.lnk 2012-06-20 17:13 - 2012-06-20 17:13 - 00000045 ____A C:\Windows\System32\initdebug.nfo 2012-06-20 17:12 - 2012-06-20 17:13 - 02135728 ____A C:\Users\Dayved\Downloads\installspeedfan446.exe 2012-06-20 17:12 - 2012-06-20 17:12 - 00463080 ____A (CNET Download.com) C:\Users\Dayved\Downloads\cnet2_installspeedfan446_exe.exe 2012-06-20 17:04 - 2012-06-20 17:04 - 00291539 ____A C:\Users\Dayved\Downloads\cputhermometer_setup.exe 2012-06-20 09:35 - 2012-06-20 09:35 - 00000824 ____A C:\Users\Mcx2\Desktop\Eusing Free Registry Cleaner.lnk 2012-06-20 09:35 - 2010-06-18 05:13 - 00000824 ____A C:\Users\postgres\Desktop\Eusing Free Registry Cleaner.lnk 2012-06-20 09:35 - 2010-06-18 05:13 - 00000824 ____A C:\Users\Mcx1\Desktop\Eusing Free Registry Cleaner.lnk ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2012-09-02 12:06:44 Restore point made on: 2012-09-03 06:10:41 Restore point made on: 2012-09-05 05:33:52 Restore point made on: 2012-09-06 11:47:12 ==================== Memory info =========================== Percentage of memory in use: 8% Total physical RAM: 4093.05 MB Available physical RAM: 3744.28 MB Total Pagefile: 3960.61 MB Available Pagefile: 3821.49 MB Total Virtual: 2047.88 MB Available Virtual: 1980.95 MB ==================== Partitions ============================ 1 Drive c: (OS) (Fixed) (Total:287.94 GB) (Free:51.85 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 3 Drive e: (Secure II) (Removable) (Total:0.48 GB) (Free:0.12 GB) FAT 4 Drive x: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.71 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ---------- ------- ------- --- --- Disk 0 Online 298 GB 0 B Disk 1 Online 496 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 149 MB 32 KB Partition 2 Primary 10 GB 150 MB Partition 3 Primary 288 GB 10 GB ================================================================================== Disk: 0 Partition 1 Type : DE Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 FAT Partition 149 MB Healthy Hidden ================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 X RECOVERY NTFS Partition 10 GB Healthy Boot ================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C OS NTFS Partition 288 GB Healthy ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 495 MB 16 KB ================================================================================== Disk: 1 Partition 1 Type : 04 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E Secure II FAT Removable 495 MB Healthy ================================================================================== Last Boot: 2012-09-06 17:28 ==================== End Of Log =============================
  4. Schrodinger
    Here you go.... ==================== Memory info =========================== Percentage of memory in use: 14% Total physical RAM: 3581.05 MB Available physical RAM: 3066.23 MB Total Pagefile: 7347.82 MB Available Pagefile: 7053.88 MB Total Virtual: 2047.88 MB Available Virtual: 1976.8 MB ==================== Partitions ============================ 1 Drive c: (OS) (Fixed) (Total:287.94 GB) (Free:73.43 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 2 Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.71 GB) NTFS 4 Drive f: (Secure II) (Removable) (Total:0.48 GB) (Free:0.12 GB) FAT Disk ### Status Size Free Dyn Gpt -------- ---------- ------- ------- --- --- Disk 0 Online 298 GB 0 B Disk 1 Online 496 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 149 MB 32 KB Partition 2 Primary 10 GB 150 MB Partition 3 Primary 288 GB 10 GB ================================================================================== Disk: 0 Partition 1 Type : DE Hidden: Yes Active: No There is no volume associated with this partition. ================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 D RECOVERY NTFS Partition 10 GB Healthy ================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C OS NTFS Partition 288 GB Healthy System (partition with boot components) ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 495 MB 16 KB ================================================================================== Disk: 1 Partition 1 Type : 04 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 F Secure II FAT Removable 495 MB Healthy ================================================================================== Last Boot: 2012-09-03 09:26 ==================== End Of Log =============================
  5. Schrodinger
    Sorry for the delay, had to deal with some family stuff. Here's the log... exeHelper by Raktor Build 20100414 Run at 09:16:20 on 09/03/12 Now searching... Checking for numerical processes... Checking for sysguard processes... Checking for bad processes... Checking for bad files... Checking for bad registry entries... Resetting filetype association for .exe Resetting filetype association for .com Resetting userinit and shell values... Resetting policies... --Finished-- Still getting the same error message.
  6. Schrodinger
    For some reason, every time I try and download the exehelper my McAfee thinks it's a trojan and deletes it. When I click save, I get the following error message...."...cannot be saved due to an unknown error. Please try and save to a different location" I tried to save it to my flash drive but got the same McAfee response and error message. Should I temp disable McAfee and download it, then reinstate McAfee?
  7. Schrodinger
    Nope, still get the exact same error message anytime I click an exe.file.
  8. Schrodinger
    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 27-08-2012 Ran by SYSTEM at 2012-08-29 10:06:38 Run:1 Running from E:\ ============================================== C:\Users\Dayved\AppData\Local\{59c173f1-51b7-889d-91b7-e561f310c791} moved successfully. ==== End of Fixlog ====
  9. Schrodinger
    Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 27-08-2012 Ran by SYSTEM at 28-08-2012 15:29:25 Running from E:\ Windows Vista Home Premium Service Pack 1 (X86) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [178712 2007-10-03] (Intel Corporation) HKLM\...\Run: [broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe [3563520 2008-03-11] (Dell Inc.) HKLM\...\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [1037736 2007-08-31] (Microsoft Corporation) HKLM\...\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter [206064 2009-05-21] (SupportSoft, Inc.) HKLM\...\Run: [steelSeries World of Warcraft Cataclysm MMO Gaming Mouse] "C:\Program Files\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMHID2.exe" [1993216 2011-08-18] (SteelSeries) HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1318816 2012-03-21] (McAfee, Inc.) HKLM\...\Run: [McPvTray_exe] "C:\Program Files\McAfee\MAT\McPvTray.exe" [419904 2011-04-08] (McAfee, Inc.) HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.) HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.) HKU\Dayved\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation) HKU\Dayved\...\Run: [TouchFreeze] C:\Program Files\TouchFreeze\TouchFreeze.exe [45056 2005-04-29] () HKU\Dayved\...\Run: [Akamai NetSession Interface] "C:\Users\Dayved\AppData\Local\Akamai\netsession_win.exe" [3331872 2012-03-13] (Akamai Technologies, Inc) HKU\Mcx1\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation) HKU\Mcx1\...\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.) HKU\Mcx1\...\Run: [Google Update] "C:\Users\Dayved\AppData\Local\Google\Update\GoogleUpdate.exe" /c [x] HKU\Mcx1\...\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [x] HKU\Mcx1\...\Winlogon: [shell] C:\Windows\eHome\McrMgr.exe [173056 2009-04-10] (Microsoft Corporation) HKU\Mcx2\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation) HKU\Mcx2\...\Winlogon: [shell] C:\Windows\eHome\McrMgr.exe [173056 2009-04-10] (Microsoft Corporation) HKLM\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [462920 2012-07-03] (Malwarebytes Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Startup: C:\Users\Dayved\Start Menu\Programs\Startup\AutorunsDisabled () Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Mcx1\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Mcx2\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\postgres\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) ========================== Services (Whitelisted) ======================== 2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\aestsrv.exe [73728 2008-06-25] (Andrea Electronics Corporation) 2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [161048 2008-04-28] (Stardock Corporation) 2 lxce_device; C:\Windows\system32\lxcecoms.exe -service [537520 2007-03-08] ( ) 2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.) 2 McMPFSvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.) 2 mcmscsvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.) 2 McNaiAnn; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.) 2 McNASvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.) 3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [362008 2012-08-23] (McAfee, Inc.) 2 McProxy; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.) 2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [166288 2012-03-20] (McAfee, Inc.) 2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [161632 2012-03-20] (McAfee, Inc.) 2 mfevtp; "C:\Windows\system32\mfevtps.exe" [151880 2012-03-20] (McAfee, Inc.) 2 MOBKbackup; "C:\Program Files\McAfee Online Backup\MOBKbackup.exe" [229688 2010-04-13] (McAfee, Inc.) 2 MSK80Service; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.) 2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter [201968 2008-08-13] (SupportSoft, Inc.) 2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\STacSV.exe [221273 2008-06-25] (IDT, Inc.) 2 WebClient; C:\Windows\System32\svchost.exe -k LocalService [21504 2008-01-20] (Microsoft Corporation) 2 WPDBusEnum; C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [21504 2008-01-20] (Microsoft Corporation) 2 pgsql-8.3; "C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe" runservice -w -N "pgsql-8.3" -D "C:\Program Files\PostgreSQL\8.3\data\" [x] ==================== Drivers (Whitelisted) =================== 3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-03-11] (Broadcom Corporation) 3 cfwids; C:\Windows\System32\drivers\cfwids.sys [57600 2012-02-22] (McAfee, Inc.) 0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () 3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [54784 2008-03-14] (ITE Tech. Inc. ) 3 k57nd60x; C:\Windows\System32\DRIVERS\k57nd60x.sys [203264 2008-03-13] (Broadcom Corporation) 0 McPvDrv; C:\Windows\System32\drivers\McPvDrv.sys [64048 2011-04-11] (McAfee, Inc.) 3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121544 2012-02-22] (McAfee, Inc.) 3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [180848 2012-02-22] (McAfee, Inc.) 3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [59456 2012-02-22] (McAfee, Inc.) 3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [340920 2012-02-22] (McAfee, Inc.) 0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [464304 2012-02-22] (McAfee, Inc.) 1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [64912 2012-02-22] (McAfee, Inc.) 3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [87656 2012-02-22] (McAfee, Inc.) 3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34248 2009-09-16] (McAfee, Inc.) 3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40552 2009-09-16] (McAfee, Inc.) 1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [169608 2012-02-22] (McAfee, Inc.) 1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [54776 2010-04-13] (Mozy, Inc.) 1 nipplpt2; C:\Windows\system32\drivers\nipplpt.sys [34592 2008-10-20] () 3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-08] (Microsoft Corporation) 3 OA001Ufd; C:\Windows\System32\DRIVERS\OA001Ufd.sys [149208 2008-03-10] (Creative Technology Ltd.) 3 OA001Vid; C:\Windows\System32\DRIVERS\OA001Vid.sys [277624 2008-03-10] (Creative Technology Ltd.) 0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [43840 2007-11-14] (Sonic Solutions) 3 R300; C:\Windows\System32\DRIVERS\atikmdag.sys [9334784 2012-04-05] (Advanced Micro Devices, Inc.) 0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software) 3 SSMO3v2Filter; C:\Windows\System32\drivers\MO3v2Driver.sys [17408 2010-12-17] (Sagatek Co. Ltd.) 3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [21344 2005-05-26] (LG Electronics Inc.) 3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [38144 2005-05-26] (LG Electronics Inc.) 3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [39036 2005-06-24] (LG Electronics Inc.) 3 ALSysIO; \??\C:\Users\Dayved\AppData\Local\Temp\ALSysIO.sys [x] 3 catchme; \??\C:\Users\Dayved\AppData\Local\Temp\catchme.sys [x] 3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x] 3 mfeavfk01; [x] 3 MREMP50; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [x] 3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x] 3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x] 3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x] 3 MRESP50; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [x] 3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x] 3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x] 3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x] 3 PalmUSBD; C:\Windows\System32\drivers\PalmUSBD.sys [x] 3 pgfilter; \??\C:\Program Files\PeerGuardian2\pgfilter.sys [x] ==================== NetSvcs (Whitelisted) ================= ============ One Month Created Files and Folders ============== 2012-08-28 15:29 - 2012-08-28 15:29 - 00000000 ____D C:\FRST 2012-08-26 07:03 - 2012-08-26 07:03 - 00000000 ____D C:\Crash 2012-08-22 07:26 - 2012-08-22 07:26 - 00013269 ____A C:\Users\Dayved\Desktop\combofix2.txt 2012-08-22 07:26 - 2012-08-22 07:26 - 00013269 ____A C:\ComboFix.txt 2012-08-22 07:12 - 2012-08-22 07:26 - 00000000 ____D C:\ComboFix 2012-08-21 18:06 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe 2012-08-21 18:06 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe 2012-08-21 18:06 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2012-08-21 18:06 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2012-08-21 18:06 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2012-08-21 18:06 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe 2012-08-21 18:06 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe 2012-08-21 18:06 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe 2012-08-21 17:54 - 2012-08-22 07:26 - 00000000 ____D C:\Qoobox 2012-08-21 17:53 - 2012-08-21 18:36 - 00000000 ____D C:\Windows\erdnt 2012-08-21 09:41 - 2012-08-21 09:41 - 00001246 ____A C:\Users\Dayved\Desktop\FixExec.txt 2012-08-21 09:35 - 2012-08-21 09:35 - 00883616 ____A (Bleeping Computer, LLC) C:\Users\Dayved\Desktop\FixExec.com 2012-08-20 06:18 - 2012-08-20 06:19 - 00000000 ____D C:\Users\Dayved\Desktop\New Folder (2) 2012-08-19 06:53 - 2012-08-20 08:44 - 00003016 ____A C:\Users\Dayved\Desktop\FSS.txt 2012-08-19 06:40 - 2012-08-15 10:20 - 00693235 ____A (Farbar) C:\Users\Dayved\Desktop\FSS.exe 2012-08-19 06:13 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-08-19 06:13 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-08-19 06:13 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-08-19 06:13 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-08-19 06:13 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-08-19 06:13 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-08-19 06:13 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-08-19 06:13 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-08-19 06:13 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-08-19 06:13 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-08-19 06:13 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-08-19 06:13 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-08-19 06:13 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-08-19 06:13 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-08-19 06:12 - 2012-07-04 06:02 - 02047488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-08-18 12:38 - 2012-06-29 08:01 - 00467968 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll 2012-08-18 12:38 - 2012-05-11 07:57 - 00623616 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll 2012-08-18 12:25 - 2012-08-28 12:26 - 01124834 ____A C:\Windows\WindowsUpdate.log 2012-08-18 03:42 - 2008-05-07 19:03 - 00303616 ____A ( ) C:\SetACL.exe 2012-08-18 03:18 - 2004-06-11 13:33 - 00290304 ____A (Microsoft Corporation) C:\subinacl.exe 2012-08-17 17:20 - 2012-08-17 17:20 - 00000207 ____A C:\Windows\tweaking.com-regbackup-DAYVED-PC-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat 2012-08-17 17:20 - 2012-08-17 17:20 - 00000000 ____D C:\RegBackup 2012-08-17 17:18 - 2011-10-24 10:35 - 00000000 ____D C:\Users\Dayved\Desktop\Tweaking.com - Windows Repair 2012-08-17 17:15 - 2012-08-17 17:15 - 00000000 ____D C:\Users\Dayved\Desktop\New Folder 2012-08-14 08:03 - 2012-08-14 08:03 - 00001622 ____A C:\Users\Dayved\Desktop\aswMBR.txt 2012-08-14 03:11 - 2012-08-26 06:40 - 00003012 ____A C:\Windows\PFRO.log 2012-08-13 19:10 - 2012-08-13 19:10 - 00023828 ____A C:\Users\Dayved\Desktop\attach.txt 2012-08-13 19:07 - 2012-08-13 19:07 - 00607260 ____R (Swearware) C:\Users\Dayved\Desktop\dds.com 2012-08-13 19:02 - 2012-08-13 19:02 - 00000868 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-08-13 19:02 - 2012-08-13 19:02 - 00000000 ____D C:\Users\Dayved\AppData\Roaming\Malwarebytes 2012-08-13 19:02 - 2012-08-13 19:02 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2012-08-13 19:02 - 2012-07-03 10:46 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-08-13 18:52 - 2012-08-13 18:03 - 00607260 ____R (Swearware) C:\Users\Dayved\Desktop\dds.scr 2012-08-13 11:36 - 2012-08-13 11:36 - 00030060 ____A C:\Users\Dayved\Documents\cc_20120813_143612.reg 2012-08-13 11:26 - 2012-08-13 11:26 - 00000802 ____A C:\Users\Dayved\Desktop\Free Window Registry Repair.lnk ============ 3 Months Modified Files ======================== 2012-08-28 12:26 - 2012-08-18 12:25 - 01124834 ____A C:\Windows\WindowsUpdate.log 2012-08-28 12:26 - 2008-07-29 21:02 - 00000012 ____A C:\Windows\bthservsdp.dat 2012-08-28 12:26 - 2006-11-02 05:01 - 00032574 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-08-28 12:26 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-08-28 12:26 - 2006-11-02 04:47 - 00003616 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2012-08-28 12:26 - 2006-11-02 04:47 - 00003616 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2012-08-28 11:50 - 2012-06-18 18:56 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-08-28 09:07 - 2006-11-02 02:33 - 00716862 ____A C:\Windows\System32\PerfStringBackup.INI 2012-08-26 06:40 - 2012-08-14 03:11 - 00003012 ____A C:\Windows\PFRO.log 2012-08-22 09:21 - 2012-05-28 03:39 - 00000785 ____A C:\Users\Dayved\Desktop\World of Warcraft.lnk 2012-08-22 07:26 - 2012-08-22 07:26 - 00013269 ____A C:\Users\Dayved\Desktop\combofix2.txt 2012-08-22 07:26 - 2012-08-22 07:26 - 00013269 ____A C:\ComboFix.txt 2012-08-22 07:23 - 2006-11-02 02:23 - 00000215 ____A C:\Windows\system.ini 2012-08-21 18:42 - 2008-08-31 09:32 - 00001356 ____A C:\Users\Dayved\AppData\Local\d3d9caps.dat 2012-08-21 09:41 - 2012-08-21 09:41 - 00001246 ____A C:\Users\Dayved\Desktop\FixExec.txt 2012-08-21 09:35 - 2012-08-21 09:35 - 00883616 ____A (Bleeping Computer, LLC) C:\Users\Dayved\Desktop\FixExec.com 2012-08-20 08:50 - 2012-06-04 10:14 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2012-08-20 08:50 - 2011-06-29 04:22 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2012-08-20 08:44 - 2012-08-19 06:53 - 00003016 ____A C:\Users\Dayved\Desktop\FSS.txt 2012-08-20 08:42 - 2006-11-02 04:47 - 00312096 ____A C:\Windows\System32\FNTCACHE.DAT 2012-08-19 06:15 - 2006-11-02 02:24 - 59884088 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe 2012-08-18 03:47 - 2008-08-04 15:49 - 00073616 ____A C:\Users\Dayved\AppData\Local\GDIPFONTCACHEV1.DAT 2012-08-17 17:20 - 2012-08-17 17:20 - 00000207 ____A C:\Windows\tweaking.com-regbackup-DAYVED-PC-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat 2012-08-15 10:20 - 2012-08-19 06:40 - 00693235 ____A (Farbar) C:\Users\Dayved\Desktop\FSS.exe 2012-08-14 08:03 - 2012-08-14 08:03 - 00001622 ____A C:\Users\Dayved\Desktop\aswMBR.txt 2012-08-13 19:10 - 2012-08-13 19:10 - 00023828 ____A C:\Users\Dayved\Desktop\attach.txt 2012-08-13 19:07 - 2012-08-13 19:07 - 00607260 ____R (Swearware) C:\Users\Dayved\Desktop\dds.com 2012-08-13 19:02 - 2012-08-13 19:02 - 00000868 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-08-13 18:03 - 2012-08-13 18:52 - 00607260 ____R (Swearware) C:\Users\Dayved\Desktop\dds.scr 2012-08-13 11:36 - 2012-08-13 11:36 - 00030060 ____A C:\Users\Dayved\Documents\cc_20120813_143612.reg 2012-08-13 11:26 - 2012-08-13 11:26 - 00000802 ____A C:\Users\Dayved\Desktop\Free Window Registry Repair.lnk 2012-08-10 18:38 - 2008-08-06 05:04 - 00141824 ____A C:\Users\Dayved\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-07-04 06:02 - 2012-08-19 06:12 - 02047488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-07-03 10:46 - 2012-08-13 19:02 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-06-29 08:01 - 2012-08-18 12:38 - 00467968 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll 2012-06-28 16:52 - 2012-08-19 06:13 - 12317184 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-06-28 16:27 - 2012-08-19 06:13 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-06-28 16:16 - 2012-08-19 06:13 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-06-28 16:09 - 2012-08-19 06:13 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-06-28 16:09 - 2012-08-19 06:13 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-06-28 16:08 - 2012-08-19 06:13 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-06-28 16:07 - 2012-08-19 06:13 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-06-28 16:06 - 2012-08-19 06:13 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-06-28 16:04 - 2012-08-19 06:13 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-06-28 16:04 - 2012-08-19 06:13 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-06-28 16:01 - 2012-08-19 06:13 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-06-28 16:01 - 2012-08-19 06:13 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-06-28 16:00 - 2012-08-19 06:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-06-28 15:57 - 2012-08-19 06:13 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-06-20 17:13 - 2012-06-20 17:13 - 00000766 ____A C:\Users\postgres\Desktop\SpeedFan.lnk 2012-06-20 17:13 - 2012-06-20 17:13 - 00000766 ____A C:\Users\Mcx2\Desktop\SpeedFan.lnk 2012-06-20 17:13 - 2012-06-20 17:13 - 00000766 ____A C:\Users\Mcx1\Desktop\SpeedFan.lnk 2012-06-20 17:13 - 2012-06-20 17:13 - 00000045 ____A C:\Windows\System32\initdebug.nfo 2012-06-20 17:12 - 2012-06-20 17:13 - 02135728 ____A C:\Users\Dayved\Downloads\installspeedfan446.exe 2012-06-20 17:12 - 2012-06-20 17:12 - 00463080 ____A (CNET Download.com) C:\Users\Dayved\Downloads\cnet2_installspeedfan446_exe.exe 2012-06-20 17:04 - 2012-06-20 17:04 - 00291539 ____A C:\Users\Dayved\Downloads\cputhermometer_setup.exe 2012-06-20 09:35 - 2012-06-20 09:35 - 00000824 ____A C:\Users\Mcx2\Desktop\Eusing Free Registry Cleaner.lnk 2012-06-20 09:35 - 2010-06-18 05:13 - 00000824 ____A C:\Users\postgres\Desktop\Eusing Free Registry Cleaner.lnk 2012-06-20 09:35 - 2010-06-18 05:13 - 00000824 ____A C:\Users\Mcx1\Desktop\Eusing Free Registry Cleaner.lnk 2012-06-08 09:47 - 2012-07-12 12:50 - 11586048 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-06-05 08:47 - 2012-07-12 12:49 - 01401856 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-06-05 08:47 - 2012-07-12 12:49 - 01248768 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-06-04 07:26 - 2012-07-12 12:48 - 00440704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-06-02 14:19 - 2012-06-21 05:46 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-02 14:19 - 2012-06-21 05:46 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-02 14:19 - 2012-06-21 05:46 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-02 14:19 - 2012-06-21 05:45 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-02 14:19 - 2012-06-21 05:45 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-02 14:12 - 2012-06-21 05:46 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-02 14:12 - 2012-06-21 05:45 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-02 12:19 - 2012-06-21 05:45 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-02 12:12 - 2012-06-21 05:45 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-06-01 17:37 - 2012-06-01 17:37 - 00074703 ____A C:\Windows\System32\mfc45.dll 2012-06-01 16:04 - 2012-07-12 12:48 - 00278528 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-06-01 16:03 - 2012-07-12 12:48 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-05-31 09:25 - 2009-10-02 08:04 - 00237072 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe ZeroAccess: C:\Users\Dayved\AppData\Local\{59c173f1-51b7-889d-91b7-e561f310c791} C:\Users\Dayved\AppData\Local\{59c173f1-51b7-889d-91b7-e561f310c791}\@ C:\Users\Dayved\AppData\Local\{59c173f1-51b7-889d-91b7-e561f310c791}\L C:\Users\Dayved\AppData\Local\{59c173f1-51b7-889d-91b7-e561f310c791}\U ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2012-08-20 07:33:34 Restore point made on: 2012-08-21 09:36:56 Restore point made on: 2012-08-22 06:46:00 Restore point made on: 2012-08-23 04:33:56 Restore point made on: 2012-08-23 17:58:39 Restore point made on: 2012-08-24 00:00:48 Restore point made on: 2012-08-25 00:01:10 Restore point made on: 2012-08-26 00:00:40 Restore point made on: 2012-08-27 09:37:46 Restore point made on: 2012-08-28 00:01:11 ==================== Memory info =========================== Percentage of memory in use: 8% Total physical RAM: 4093.05 MB Available physical RAM: 3741.58 MB Total Pagefile: 3958.63 MB Available Pagefile: 3816.67 MB Total Virtual: 2047.88 MB Available Virtual: 1974.31 MB ==================== Partitions ============================ 1 Drive c: (OS) (Fixed) (Total:287.94 GB) (Free:26.53 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 3 Drive e: (USB20FD) (Removable) (Total:0.47 GB) (Free:0.47 GB) FAT 4 Drive x: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.71 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ---------- ------- ------- --- --- Disk 0 Online 298 GB 0 B Disk 1 Online 484 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 149 MB 32 KB Partition 2 Primary 10 GB 150 MB Partition 3 Primary 288 GB 10 GB ================================================================================== Disk: 0 Partition 1 Type : DE Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 FAT Partition 149 MB Healthy Hidden ================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 X RECOVERY NTFS Partition 10 GB Healthy Boot ================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C OS NTFS Partition 288 GB Healthy ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 483 MB 16 KB ================================================================================== Disk: 1 Partition 1 Type : 04 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E USB20FD FAT Removable 483 MB Healthy ================================================================================== Last Boot: 2012-08-27 13:21 ==================== End Of Log =============================
  10. Schrodinger
    Tried two different ways: Normal mode and Safe mode with networking Normal mode - Same error message pops up "Specified Service does not exist..." Safe mode - System error 1060 occurred The Specified Service does not exist.... Not sure if the 1060 error code helps you or not but thought I'd include it.
  11. Schrodinger
    Still getting the 'Specified service...." error whenever I click an exe.file. And for some odd reason, my usb ports don't recognize when I plug in my ipod charger. But all in all, my computer is good to go. Much faster now, apparently clean of any malware, viruses, std's, etc...and I thank you for that.
  12. Schrodinger
    I also grapped a screen shot of the autorun thing. Not sure if it's spam or part of my OS. http://imageshack.us/photo/my-images/38/autorunsscreencap.jpg/ It was created 9/26/2010 and I've had this computer longer than that. Not sure if this helps any but figured I'd add it anyways.
  13. Schrodinger
    here is the autorun link http://imageshack.us/photo/my-images/266/autorunj.jpg/ and here is a link for the specified service error just in case you were curious http://imageshack.us/photo/my-images/402/specifiedservice.jpg/
  14. Schrodinger
    Trying to post a screen shot but keep getting an error that says, "Error occured...post too short" Do I need to add more text for a post? seems odd. Or is the image too big? I shrunk it down pretty small and I still get the error message.
  15. Schrodinger
    Looks like the Windows Defender error is gone now! Woohooo! Still getting that autorun start up thing popping up but that's probably something I can disable in some settings area. Here is the new combofix log.... ComboFix 12-08-21.02 - Dayved 08/22/2012 10:14:31.1.2 - x86 NETWORK Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3581.3064 [GMT -5:00] Running from: c:\users\Dayved\Desktop\ComboFix.exe Command switches used :: c:\users\Dayved\Desktop\CFScript.txt AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\uTorrent . . ((((((((((((((((((((((((( Files Created from 2012-07-22 to 2012-08-22 ))))))))))))))))))))))))))))))) . . 2012-08-22 15:23 . 2012-08-22 15:23 -------- d-----w- c:\users\Dayved\AppData\Local\temp 2012-08-22 15:23 . 2012-08-22 15:23 -------- d-----w- c:\users\postgres\AppData\Local\temp 2012-08-22 15:23 . 2012-08-22 15:23 -------- d-----w- c:\users\Mcx2\AppData\Local\temp 2012-08-22 15:23 . 2012-08-22 15:23 -------- d-----w- c:\users\Mcx1\AppData\Local\temp 2012-08-22 15:23 . 2012-08-22 15:23 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-22 15:23 . 2012-08-22 15:23 -------- d-----w- c:\users\David\AppData\Local\temp 2012-08-22 15:08 . 2012-08-01 22:51 7023536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{989BFA21-BB01-44F9-AA3C-6A638BD4E274}\mpengine.dll 2012-08-19 14:12 . 2012-07-04 14:02 2047488 ----a-w- c:\windows\system32\win32k.sys 2012-08-18 20:38 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll 2012-08-18 11:42 . 2008-05-08 03:03 303616 ----a-w- C:\SetACL.exe 2012-08-18 11:18 . 2004-06-11 21:33 290304 ----a-w- C:\subinacl.exe 2012-08-18 01:20 . 2012-08-18 01:20 -------- d-----w- C:\RegBackup 2012-08-18 01:18 . 2012-08-18 11:44 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs 2012-08-14 03:02 . 2012-08-14 03:02 -------- d-----w- c:\users\Dayved\AppData\Roaming\Malwarebytes 2012-08-14 03:02 . 2012-08-14 03:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-08-14 03:02 . 2012-08-14 03:02 -------- d-----w- c:\programdata\Malwarebytes 2012-08-14 03:02 . 2012-07-03 18:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-20 16:50 . 2012-06-04 18:14 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-20 16:50 . 2011-06-29 12:22 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-05 16:47 . 2012-07-12 20:49 1401856 ----a-w- c:\windows\system32\msxml6.dll 2012-06-05 16:47 . 2012-07-12 20:49 1248768 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 15:26 . 2012-07-12 20:48 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-06-02 22:19 . 2012-06-21 13:46 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-21 13:46 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-21 13:45 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-21 13:45 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:19 . 2012-06-21 13:46 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:12 . 2012-06-21 13:46 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12 . 2012-06-21 13:45 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 20:19 . 2012-06-21 13:45 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 20:12 . 2012-06-21 13:45 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 01:37 . 2012-06-02 01:37 74703 ----a-w- c:\windows\system32\mfc45.dll 2012-06-02 00:04 . 2012-07-12 20:48 278528 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 00:03 . 2012-07-12 20:48 204288 ----a-w- c:\windows\system32\ncrypt.dll 2012-05-31 17:25 . 2009-10-02 16:04 237072 ------w- c:\windows\system32\MpSigStub.exe 1999-12-02 05:54 . 2008-11-21 17:21 91648 ----a-w- c:\program files\xcacls.exe 2012-07-29 19:26 . 2012-06-21 13:03 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2006-05-03 09:06 163328 --sha-r- c:\windows\System32\flvDX.dll 2007-02-21 10:47 31232 --sha-r- c:\windows\System32\msfDX.dll 2008-03-16 12:30 216064 --sha-r- c:\windows\System32\nbDX.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK] @="{3c3f3c1a-9153-7c05-f938-622e7003894d}" [HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}] 2010-04-14 01:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2] @="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}" [HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}] 2010-04-14 01:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3] @="{b4caf489-1eec-c617-49ad-8d7088598c06}" [HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}] 2010-04-14 01:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "TouchFreeze"="c:\program files\TouchFreeze\TouchFreeze.exe" [2005-04-29 45056] "Akamai NetSession Interface"="c:\users\Dayved\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-03-11 3563520] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736] "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "SteelSeries World of Warcraft Cataclysm MMO Gaming Mouse"="c:\program files\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMHID2.exe" [2011-08-18 1993216] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1318816] "McPvTray_exe"="c:\program files\McAfee\MAT\McPvTray.exe" [2011-04-08 419904] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk] backup=c:\windows\pss\Bluetooth.lnk.CommonStartup backupExtension=.CommonStartup path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk . [HKLM\~\startupfolder\C:^Users^Dayved^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip] backup=c:\windows\pss\CurseClientStartup.ccip.Startup backupExtension=.Startup path=c:\users\Dayved\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter] 2009-05-21 16:13 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate] 2008-03-11 17:44 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint] 2007-05-17 15:13 103344 ----a-w- c:\program files\Lexmark 4300 Series\ezprint.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPrint Event Monitor] 2008-10-28 15:15 66832 ----a-w- c:\windows\System32\iprntlgn.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPrint Tray] 2008-10-28 15:15 66832 ----a-w- c:\windows\System32\iprntctl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCECATS] 2007-02-22 10:17 73728 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\lxcetime.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcemon.exe] 2007-05-17 15:11 205744 ----a-w- c:\program files\Lexmark 4300 Series\lxcemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] 2008-01-21 17:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp] 2008-06-25 11:56 442467 ----a-w- c:\program files\IDT\WDM\sttray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2008-11-26 01:49 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe . R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\aestsrv.exe [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - ECACHE . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache Akamai REG_MULTI_SZ Akamai HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2012-08-22 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-04 16:50] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>;*.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 192.168.1.254 DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab FF - ProfilePath - c:\users\Dayved\AppData\Roaming\Mozilla\Firefox\Profiles\z7euf2t9.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-08-22 10:23 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(1068) c:\program files\McAfee Online Backup\MOBKshell.dll . Completion time: 2012-08-22 10:26:13 ComboFix-quarantined-files.txt 2012-08-22 15:26 ComboFix2.txt 2012-08-22 02:38 . Pre-Run: 44,504,813,568 bytes free Post-Run: 44,412,379,136 bytes free . - - End Of File - - DD467F1E37685F4D91B41F0E0EF2865F
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.