Jump to content

SueQ

Members
 View Profile  See their activity

  • Posts

    4

  • Joined

  • Last visited

Reputation

0 Neutral
  1. SueQ
    You can close the post. Thank you, Mr. C. TDSSKiller didn't find anything, but I was able to get rid of it.
  2. SueQ
    MrC, I can't get the FRST.exe to run. After I type the frst.exe in the command line and press enter, I get only a lot of ascii characters in the notepad window. No tool opens or begins to run. S
  3. SueQ
    Yikes. Looks like I am still infected with zeroaccess. Here's the report: RogueKiller V8.0.2 [08/31/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : Susie [Admin rights] Mode : Scan -- Date : 09/07/2012 07:03:42 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 8 ¤¤¤ [TASK][sUSP PATH] winupd : C:\Users\Susie\AppData\Local\Temp:winupd.exe -> FOUND [DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{685B517C-8B5E-48E5-8416-6E6C05E0B02C} : NameServer (209.183.50.151 209.183.50.151) -> FOUND [DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{685B517C-8B5E-48E5-8416-6E6C05E0B02C} : NameServer (209.183.50.151 209.183.50.151) -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowDownloads (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowVideos (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-3225946401-5718790-1310208433-1001\$5db6c830b459ea2e6a48594ce0608617\@ --> FOUND [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-3225946401-5718790-1310208433-1001\$5db6c830b459ea2e6a48594ce0608617\U --> FOUND [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-3225946401-5718790-1310208433-1001\$5db6c830b459ea2e6a48594ce0608617\L --> FOUND ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST9320423AS +++++ --- User --- [MBR] 92fcfd0534456cc1d7643d704ef92c00 [bSP] 2443d7138d44605c205800f5c869ff21 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 14114 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 28987392 | Size: 291090 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt
  4. SueQ
    Hi, A week or two ago, I was infected with zero access root kit, which was detected by MalwareBytes, which I have running full time. I ran combofix and thought I had successfully cleaned my PC. Subsequent scans from Malwarebytes, TDSSKiller, and Mcaffee Total Protection have all came through clean. However, once a day or so, firefox will try to redirect to a malicious site (I get a notification from MalwareBytes that the program stopped the computer from connecting to a malicious site.) And I keep getting intruder detection alerts on my McAfee software – saying that an unknown device has connected to my network. Here are the DDS results: DDS.txt . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2 Run by Susie at 6:00:38 on 2012-09-07 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2999.1292 [GMT -6:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe C:\Windows\system32\mfevtps.exe C:\Program Files\Common Files\Motive\pcCMService.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\rundll32.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Comcast\pcTrayApp.exe C:\Program Files\Ask.com\Updater\Updater.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\DllHost.exe C:\Program Files\SecureBackupShare\ComcastSecureBackupSharebackup.exe C:\Program Files\SecureBackupShare\ComcastSecureBackupSharebackup.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\McAfee Online Backup\MOBKbackup.exe C:\Program Files\McAfee Online Backup\MOBKbackup.exe C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files\McAfee\MAT\McPvTray.exe C:\Program Files\Comcast\pcBrowser.exe C:\Windows\system32\taskeng.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\taskhost.exe C:\Program Files\SecureBackupShare\ComcastSecureBackupSharebackup.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\McAfee Online Backup\MOBKbackup.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Comcast\pcTrayApp.exe C:\Program Files\Ask.com\Updater\Updater.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\McAfee\MAT\McPvTray.exe C:\Windows\system32\taskeng.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe c:\PROGRA~1\mcafee\SITEAD~1\saui.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = *.local uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe mRun: [broadcom Wireless Manager UI] c:\program files\dell\dw wlan card\WLTRAY.exe mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Comcast_McciTrayApp] "c:\program files\comcast\pcTrayApp.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 75.75.76.76 75.75.75.75 TCP: Interfaces\{685B517C-8B5E-48E5-8416-6E6C05E0B02C} : NameServer = 209.183.50.151 209.183.50.151 TCP: Interfaces\{6F646D26-5E58-45F2-9E5F-85031C2F3280} : DhcpNameServer = 10.2.0.10 10.4.0.200 10.1.0.200 10.14.0.101 10.14.0.102 10.14.0.115 10.14.0.116 68.87.85.102 68.87.69.150 TCP: Interfaces\{DA537094-B9A6-436E-B63F-BC5F50D1E3AB} : DhcpNameServer = 192.168.1.1 75.75.76.76 75.75.75.75 TCP: Interfaces\{DA537094-B9A6-436E-B63F-BC5F50D1E3AB}\34963736F69373837303 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{DA537094-B9A6-436E-B63F-BC5F50D1E3AB}\54D6562716C646D4F6E6B65697 : DhcpNameServer = 192.168.1.1 75.75.76.76 75.75.75.75 TCP: Interfaces\{DA537094-B9A6-436E-B63F-BC5F50D1E3AB}\D697177756374753635373 : DhcpNameServer = 192.168.0.1 205.171.3.25 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll Notify: igfxcui - igfxdev.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\susie\appdata\roaming\mozilla\firefox\profiles\kg0626tc.default\ FF - prefs.js: browser.startup.homepage - hxxp://hp-laptop.aol.com/ FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin.dll FF - plugin: c:\program files\common files\motive\npMotive.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\windows\system32\adobe\director\np32dsw_1166636.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll . ============= SERVICES / DRIVERS =============== . R0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2012-8-9 64832] R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-3-13 554048] R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-12-24 206784] R0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\drivers\stdcfltn.sys [2011-1-12 17648] R1 ComcastSecureBackupShareFilter;ComcastSecureBackupShareFilter;c:\windows\system32\drivers\ComcastSecureBackupShare.sys [2011-12-14 54776] R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2011-12-27 27080] R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [2011-12-24 54776] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128] R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960] R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_f39a6924a795ad94\AEstSrv.exe [2011-1-12 81920] R2 ComcastSecureBackupSharebackup;Comcast Secure Backup & Share Backup Service;c:\program files\securebackupshare\ComcastSecureBackupSharebackup.exe [2010-12-14 15592] R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2012-8-27 1027792] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-17 655944] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-8-9 168280] R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-8-9 168280] R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-8-9 168280] R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-8-9 168280] R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-12-24 200816] R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-12-24 168368] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-12-12 166320] R2 MOBKbackup;McAfee Online Backup;c:\program files\mcafee online backup\MOBKbackup.exe [2010-4-13 229688] R2 pcCMService;pcCMService;c:\program files\common files\motive\pcCMService.exe [2012-5-23 361472] R2 PDFsFilter;PDFsFilter;c:\windows\system32\drivers\PDFsFilter.sys [2012-7-30 68464] R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2011-1-12 47104] R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2011-1-12 49152] R2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2011-1-12 38400] R2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files\sierra wireless inc\common\SwiCardDetect.exe [2011-5-20 238960] R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2011-1-12 2320920] R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2011-1-12 43888] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2011-1-12 29472] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-12-24 60480] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2011-1-12 143968] R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2011-1-12 132480] R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-1-12 247808] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-25 22344] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-12-24 230224] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-12-24 61912] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-12-24 360792] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-6-23 275048] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-11-20 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-13 250568] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2011-1-12 134144] S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-3-6 39272] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-11-20 136176] S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-8-9 146872] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-12-24 92192] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-8-29 114144] S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 swg3kser00;Sierra Wireless QMI USB Device for Legacy Serial Communication;c:\windows\system32\drivers\swg3kser00.sys [2011-5-13 215552] S3 swiwdmbus;Sierra Wireless USB Composite Bus;c:\windows\system32\drivers\swiwdmbus.sys [2011-2-18 78720] S3 swiwdmbx;Sierra Wireless USB Bus Service;c:\windows\system32\drivers\swiwdmbx.sys [2011-5-16 83968] S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\drivers\swnc8ua3.sys [2011-5-28 237568] S3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\drivers\swumxa3.sys [2010-11-16 156672] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-6 52224] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-2-15 1343400] S4 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxMediaDB12OEM.exe [2010-9-4 1116656] S4 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatch12OEM.exe [2010-9-4 219632] S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040] . =============== File Associations =============== . JSEFile=NOTEPAD.EXE %1 . =============== Created Last 30 ================ . 2012-09-07 11:50:05 388096 ----a-r- c:\users\susie\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2012-09-07 11:50:04 -------- d-----w- c:\program files\Trend Micro 2012-09-06 12:41:08 -------- d-----w- C:\TDSSKiller_Quarantine 2012-09-04 21:44:40 -------- d-----w- c:\program files\Cisco Systems 2012-09-04 21:42:31 -------- d-----w- c:\programdata\Cisco Systems 2012-09-04 19:53:37 -------- d-----w- c:\program files\Market Samurai 2012-09-02 14:29:20 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-09-01 16:35:25 -------- d-----w- c:\users\susie\appdata\roaming\Nolo 2012-09-01 16:35:22 -------- d-----w- c:\users\susie\appdata\local\Quicken WillMaker Plus 2012 2012-09-01 16:35:04 -------- d-----w- c:\program files\Quicken WillMaker Plus 2012 2012-08-31 19:39:20 -------- d-----w- c:\program files\ESET 2012-08-29 03:27:58 -------- d-----w- c:\users\susie\appdata\local\temp 2012-08-29 02:58:58 -------- d-----w- C:\FRST 2012-08-28 20:56:41 -------- d-----w- c:\programdata\Kaspersky Lab 2012-08-27 12:31:10 2096360 ----a-w- c:\windows\system32\Incinerator32.dll 2012-08-15 21:43:32 2345984 ----a-w- c:\windows\system32\win32k.sys 2012-08-15 21:43:29 102912 ----a-w- c:\windows\system32\browser.dll 2012-08-15 21:43:28 41984 ----a-w- c:\windows\system32\browcli.dll 2012-08-15 21:43:25 769024 ----a-w- c:\windows\system32\localspl.dll 2012-08-09 14:26:05 64832 ----a-w- c:\windows\system32\drivers\McPvDrv.sys 2012-08-09 14:25:46 146872 ----a-w- c:\windows\system32\drivers\HipShieldK.sys . ==================== Find3M ==================== . 2012-09-02 14:29:12 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-09-02 14:26:34 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-02 14:26:34 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-02 18:45:38 40504 ----a-w- c:\windows\system32\iolobtdfg.exe 2012-08-02 18:45:28 22456 ----a-w- c:\windows\system32\smrgdf.exe 2012-07-30 19:19:24 74703 ----a-w- c:\windows\system32\mfc45.dat 2012-07-26 16:01:28 68464 ----a-w- c:\windows\system32\drivers\PDFsFilter.sys 2012-07-03 19:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-06-22 13:58:12 60480 ----a-w- c:\windows\system32\drivers\cfwids.sys 2012-06-22 13:55:18 206784 ----a-w- c:\windows\system32\drivers\mfewfpk.sys 2012-06-22 13:55:08 166320 ----a-w- c:\windows\system32\mfevtps.exe 2012-06-22 13:53:56 9648 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2012-06-22 13:53:48 92192 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2012-06-22 13:52:38 554048 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2012-06-22 13:51:46 360792 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2012-06-22 13:51:16 61912 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2012-06-22 13:50:56 230224 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2012-06-22 13:50:24 127992 ----a-w- c:\windows\system32\drivers\mfeapfk.sys . ============= FINISH: 6:01:48.95 =============== and attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume2 Install Date: 2/14/2011 3:10:06 PM System Uptime: 9/6/2012 4:11:24 PM (14 hours ago) . Motherboard: Dell Inc. | | 04H5M5 Processor: Intel® Core i3 CPU M 370 @ 2.40GHz | CPU 1 | 909/533mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 284 GiB total, 203.579 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP152: 8/29/2012 6:19:21 AM - ComboFix created restore point RP153: 9/1/2012 10:34:40 AM - Installed Quicken WillMaker Plus 2012 RP154: 9/2/2012 8:28:08 AM - Installed Java 7 Update 7 RP155: 9/7/2012 5:49:31 AM - Installed HiJackThis . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) AccelerometerP11 Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Photoshop Elements 7.0 Adobe Photoshop.com Inspiration Browser Adobe Reader X (10.1.4) Adobe Shockwave Player 11.6 Advanced Audio FX Engine Amazon MP3 Downloader 1.0.15 Apple Application Support Apple Mobile Device Support Apple Software Update Ask Toolbar Ask Toolbar Updater AT&T Communication Manager Audible Download Manager Bonjour CamStudio OSS Desktop Recorder CCleaner Cisco Connect Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Coupon Printer for Windows D3DX10 Dell Backup and Recovery Manager Dell Driver Download Manager Dell Edoc Viewer Dell Touchpad Dell Webcam Central DirectX 9 Runtime DVD Architect Studio 5.0 DW WLAN Card Utility Easy Solve ESET Online Scanner v3 Eudora OSE (1.0) Google Chrome Google Earth Google Update Helper GoToAssist Corporate H&R Block Business 2011 (Remove Only) H&R Block Colorado 2011 H&R Block Premium + Efile + State 2011 HiJackThis Intel® Graphics Media Accelerator Driver Intel® Management Engine Components iolo technologies' System Mechanic iSEEK AnswerWorks English Runtime iTunes Java 7 Update 7 Java Auto Updater Java 6 Update 33 JavaFX 2.1.1 Junk Mail filter update Malwarebytes Anti-Malware version 1.62.0.1300 Market Samurai McAfee Online Backup McAfee Total Protection Mesh Runtime Messenger Companion Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Expression Web Microsoft Expression Web MUI (English) Microsoft Expression Web Service Pack 1 (SP1) Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office 2010 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) Microsoft Office Word MUI (English) 2007 Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Mozilla Firefox 15.0 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT Redists MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NewBlue VideoFX for Sony Vegas MSPPS Pdf995 (installed by H&R Block) PdfEdit995 (installed by H&R Block) PhotoshopdotcomInspirationBrowser PhotoShowExpress Quicken 2011 Quicken WillMaker Plus 2012 QuickSet32 QuickTime Roxio Activation Module Roxio BackOnTrack Roxio Burn Roxio Creator Starter Roxio Express Labeler 3 Roxio File Backup RSS Submit v2.0 RSS Submit v3.11 Secure Backup and Share Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2553089) Security Update for 2007 Microsoft Office System (KB2553090) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Shared C Run-time for x86 SmartSound Quicktracks for Premiere Elements Sonic CinePlayer Decoder Pack Sony Vocal Eraser Sound Forge Audio Studio 10.0 swMSM Tweet Adder 3 TweetDeck Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 System (KB2539530) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Vegas Movie Studio HD Platinum 11.0 VS10RuntimeWin32 WIDCOMM Bluetooth Software Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinSCP 4.3.5 . ==== Event Viewer Messages From Past Week ======== . 9/7/2012 5:01:57 AM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. . ==== End Of File =========================== Thanks SO much for any help you can provide! Sue
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.