kmoose

Members

View Profile See their activity

Posts
11
Joined
November 14, 2012
Last visited
June 16, 2013

Reputation

0 Neutral

About kmoose

Birthday 03/05/1965

Profile Information

Location
Ocala Florida
Interests
Following Christ, Spearfishing, Deep Technical Diving, Boating, golfing and Family time

Tuguu S.L.U. Pop up Adware

kmoose replied to kmoose's topic in Resolved Malware Removal Logs

Gringo, I have to leave in 20 min.to catch a plane and will have to put this process on hold until I return on the 23rd. Thank you for your assistance in this matter and I will follow up with the log when I return. Have a great week!
- June 16, 2013
- 10 replies
Tuguu S.L.U. Pop up Adware

kmoose replied to kmoose's topic in Resolved Malware Removal Logs

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Windows 7 Home Premium x64 Ran by Ken Lacasse on Sat 06/15/2013 at 21:11:43.28 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\firstsearch ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\Ken Lacasse\AppData\Roaming\pccustubinstaller" Successfully deleted: [Folder] "C:\Program Files (x86)\aol toolbar" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sat 06/15/2013 at 21:16:36.21 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v2.303 - Logfile created 06/15/2013 at 21:05:06 # Updated 08/06/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Ken Lacasse - KENLACASSE-PC # Boot Mode : Normal # Running from : C:\Users\Ken Lacasse\Desktop\AdwCleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Program Files (x86)\continuetosave Folder Deleted : C:\ProgramData\caOntuinueattousavve Folder Deleted : C:\ProgramData\EbbookBeroowwse Folder Deleted : C:\ProgramData\InstallMate Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\caOntuinueattousavve Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EbbookBeroowwse Folder Deleted : C:\Users\Ken Lacasse\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmljfdlepfcdmdfabiajgchedhgmkplj Folder Deleted : C:\Users\Ken Lacasse\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmefeklngpppjomdlfmeipofghpnekek Folder Deleted : C:\Users\Ken Lacasse\AppData\LocalLow\caOntuinueattousavve Folder Deleted : C:\Users\Ken Lacasse\AppData\LocalLow\EbbookBeroowwse ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\SProtector Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1C9AD53F-C9C4-FD11-1176-0030A7261CB4} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6BC522B8-D678-6573-6979-D65C57AFE201} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1C9AD53F-C9C4-FD11-1176-0030A7261CB4} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6BC522B8-D678-6573-6979-D65C57AFE201} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Key Deleted : HKLM\Software\SP Global Key Deleted : HKLM\Software\SProtector Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C9AD53F-C9C4-FD11-1176-0030A7261CB4} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6BC522B8-D678-6573-6979-D65C57AFE201} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1C9AD53F-C9C4-FD11-1176-0030A7261CB4} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6BC522B8-D678-6573-6979-D65C57AFE201} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C1C6816E-CBB3-A748-85F9-A8B47B68985B} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E5B7E1B4-21FC-6765-A3D7-BA0416DC6AF7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16576 [OK] Registry is clean. -\\ Google Chrome v [unable to get version] File : C:\Users\Ken Lacasse\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [3510 octets] - [15/06/2013 21:03:22] AdwCleaner[s1].txt - [3348 octets] - [15/06/2013 21:05:06] ########## EOF - C:\AdwCleaner[s1].txt - [3408 octets] ########## Everything seems to be moving better in the browser. I will run through some more testing while you review the logs.
- June 16, 2013
- 10 replies
Tuguu S.L.U. Pop up Adware

kmoose replied to kmoose's topic in Resolved Malware Removal Logs

Thanks Gringo, Below are the files you requested. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.17.2 Run by Ken Lacasse at 19:01:43 on 2013-06-15 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1909.395 [GMT -4:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Program Files\Bonjour\mDNSResponder.exe c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\Explorer.EXE C:\Windows\System32\rundll32.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\igfxpers.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe C:\Program Files\Dell\DellDock\DellDock.exe C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\servicing\TrustedInstaller.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Windows\system32\wuauclt.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://radar.weather.gov/radar.php?rid=TBW mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: caOntuinueattousavve: {1C9AD53F-C9C4-FD11-1176-0030A7261CB4} - C:\ProgramData\caOntuinueattousavve\51a16b8b74deb.dll BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: EbbookBeroowwse: {6BC522B8-D678-6573-6979-D65C57AFE201} - C:\ProgramData\EbbookBeroowwse\51a16bce6bcf1.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - uRun: [lipo1] c:\temp1\Module3.exe uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe mRun: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime dRunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 StartupFolder: C:\Users\KENLAC~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CINEFO~1.LNK - C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: NameServer = 192.168.0.1 209.26.88.31 TCP: Interfaces\{A7F5CF63-A46D-4FC7-BA4F-C6F41EA921EB} : DHCPNameServer = 192.168.0.1 209.26.88.31 TCP: Interfaces\{A7F5CF63-A46D-4FC7-BA4F-C6F41EA921EB}\B4D4C403235363 : DHCPNameServer = 192.168.1.1 Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL AppInit_DLLs= c:\progra~2\contin~1\sprote~1.dll SSODL: WebCheck - <orphaned> x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe x64-Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab x64-DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned> x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned> x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-12-13 55280] R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-10-29 98208] R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648] R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-4-12 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-4-12 701512] R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-4-5 1872568] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-12-13 1692480] R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-13 2320920] R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Acceler.sys [2010-10-29 23912] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-12-13 175168] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-10-29 56344] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-29 287232] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-4-12 25928] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240] R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-4-5 39832] S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-12-13 35104] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-1-19 315664] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-10-29 220672] S3 SVK9PL;USB to Serial Cable WDF Driver;C:\Windows\System32\drivers\SVK9PL64.sys [2012-12-17 158720] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-5-21 59392] S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-4-13 1255736] . =============== Created Last 30 ================ . 2013-06-09 01:29:33 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6380FD4C-DCC9-432E-BC99-D0FA0DBF16EE}\mpengine.dll 2013-05-27 14:43:32 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll 2013-05-27 14:43:32 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll 2013-05-27 14:43:32 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll 2013-05-27 14:43:32 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll 2013-05-27 14:43:32 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll 2013-05-27 14:34:42 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-05-27 14:34:42 -------- d-----w- C:\Program Files\iTunes 2013-05-27 14:34:42 -------- d-----w- C:\Program Files\iPod 2013-05-26 01:11:53 -------- d-----w- C:\ProgramData\StarApp 2013-05-26 01:11:53 -------- d-----w- C:\ProgramData\EbbookBeroowwse 2013-05-26 01:11:35 -------- d-----w- C:\Program Files (x86)\AOL Toolbar 2013-05-26 01:10:54 -------- d-----w- C:\Program Files (x86)\ContinueToSave 2013-05-26 01:10:47 -------- d-----w- C:\ProgramData\caOntuinueattousavve 2013-05-26 01:10:15 -------- d-----w- C:\ProgramData\InstallMate 2013-05-23 07:12:11 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-05-22 11:58:02 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2013-05-22 11:58:02 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys 2013-05-22 11:58:02 144384 ----a-w- C:\Windows\System32\cdd.dll 2013-05-22 11:56:20 68608 ----a-w- C:\Windows\System32\taskhost.exe 2013-05-22 07:01:07 -------- d-----w- C:\Windows\System32\SPReview 2013-05-22 07:00:17 -------- d-----w- C:\Windows\System32\EventProviders 2013-05-21 20:10:15 -------- d-----w- C:\ProgramData\PC-Doctor for Windows 2013-05-21 20:09:50 -------- d-----w- C:\Program Files\My Dell 2013-05-21 08:32:59 61440 ----a-w- C:\Windows\SysWow64\tcpmonui.dll 2013-05-21 08:31:59 99328 ----a-w- C:\Windows\SysWow64\QSVRMGMT.DLL 2013-05-21 08:28:31 529408 ----a-w- C:\Windows\System32\wbemcomn.dll 2013-05-21 08:28:31 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll 2013-05-21 08:28:23 244736 ----a-w- C:\Windows\System32\sqmapi.dll . ==================== Find3M ==================== . 2013-06-15 21:56:40 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-15 21:56:40 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-05-23 07:12:11 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-05-22 07:10:46 175616 ----a-w- C:\Windows\System32\msclmd.dll 2013-05-22 07:10:46 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2013-05-02 06:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe 2013-05-01 07:59:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2013-05-01 07:59:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts 2013-04-13 11:27:07 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-04-13 11:27:06 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-04-13 11:27:06 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys 2013-04-04 18:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-03-19 05:53:58 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll 2013-03-19 05:53:58 230400 ----a-w- C:\Windows\System32\wwansvc.dll 2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll 2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll 2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe . ============= FINISH: 19:02:48.12 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 4/5/2013 8:49:56 AM System Uptime: 6/15/2013 6:43:45 PM (1 hours ago) . Motherboard: Dell Inc. | | 0R225F Processor: Intel® Core i5 CPU M 450 @ 2.40GHz | U2E1 | 1176/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 451 GiB total, 212.572 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Adobe Flash Player 11 ActiveX Adobe Flash Player Plugin Adobe Reader 9.1.2 Advanced Audio FX Engine Apple Application Support Apple Mobile Device Support Apple Software Update AVS Audio Converter 7 AVS Audio Editor 7.1 AVS Audio Recorder version 4.0 AVS Cover Editor 2.0.1.3 AVS Disc Creator 5 AVS Document Converter 2.2.5 AVS DVD Copy 4.1.2.283 AVS Image Converter 2.3.2.248 AVS Media Player 4.1.10.99 AVS Photo Editor AVS Registry Cleaner version 2.2 AVS Ringtone Maker version 1.6 AVS Video Converter 8 AVS Video Editor 6 AVS Video Recorder 2.5 AVS Video ReMaker 4.1.3.149 Banctec Service Agreement Bing Bar Bonjour Canon MG5200 series MP Drivers caOntuinueattousavve Complete Care Business Service Agreement ContinueToSave 1.74 Cozi Dell DataSafe Local Backup Dell DataSafe Local Backup - Support Software Dell Dock Dell Edoc Viewer Dell Getting Started Guide Dell Product Registration Dell Touchpad Dell Webcam Central EbbookBeroowwse Garmin MapSource GoPro CineForm Studio 1.3.2 GoToAssist 8.0.0.514 iCloud Intel PROSet Wireless Intel® Graphics Media Accelerator Driver Intel® Management Engine Components Intel® PROSet/Wireless WiFi Software Intel® Turbo Boost Technology Monitor Intel® Wireless Display iTunes Java 7 Update 17 Java Auto Updater Java 6 Update 21 (64-bit) Junk Mail filter update LoranGPS Malwarebytes Anti-Malware version 1.75.0.1300 MapSource MapSource - BlueChart Americas v7.5 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Office Professional Plus 2013 - en-us Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft VC9 runtime libraries Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MSVCRT My Dell Nautilus Lifeline 0.3.47 Office 15 Click-to-Run Extensibility Component Office 15 Click-to-Run Licensing Component Office 15 Click-to-Run Localization Component Premium Service Agreement QualxServ Service Agreement Quickset64 QuickTime Realtek High Definition Audio Driver Rinse (uninstall) Roxio Burn Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) TuneUp 2.4.6.4 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) WIDCOMM Bluetooth Software WildTangent Games Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 ) Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Upload Tool Windows Live Writer . ==== Event Viewer Messages From Past Week ======== . 6/15/2013 6:50:46 PM, Error: volmgr [46] - Crash dump initialization failed! 6/15/2013 6:44:53 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service. 6/15/2013 5:54:50 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 6/15/2013 5:54:50 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535. . ==== End Of File ===========================
- June 15, 2013
- 10 replies
Tuguu S.L.U. Pop up Adware

kmoose posted a topic in Resolved Malware Removal Logs

Been hijacked by a stubborn pop up wanting me to download a player. It is slowing down my browser big time. I run MB Pro in a full scan mode and finds nothing. Attached is a capture of what keeps popping up.
- June 15, 2013
- 10 replies
kmoose

MrCharlie
MrC is the Mr "T" of malware devestation! I pitty the fool that let loose the malware on my computer as MrC has sent it packing! All kidding aside, thank you so much for the time and effort you put forth in your mission to help us poor souls ready to give up. I don't know what you do with the majority of you time but your efforts here are clearly a blessing for us! Good day and well done Sir!
- November 15, 2012
Stubborn svchost.exe Bug

kmoose replied to kmoose's topic in Resolved Malware Removal Logs

Done... # AdwCleaner v2.007 - Logfile created 11/14/2012 at 18:48:57 # Updated 06/11/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Ken - KEN-PC # Boot Mode : Normal # Running from : C:\Users\Ken\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Google Chrome v [unable to get version] File : C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [877 octets] - [14/11/2012 18:48:57] ########## EOF - C:\AdwCleaner[s1].txt - [936 octets] ########## Results of screen317's Security Check version 0.99.54 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.1.1000 AVS Registry Cleaner version 2.2 Java 6 Update 24 Java version out of Date! Adobe Reader X (10.1.4) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 3% ````````````````````End of Log``````````````````````
- November 14, 2012
- 13 replies
Stubborn svchost.exe Bug

kmoose replied to kmoose's topic in Resolved Malware Removal Logs

Here we go! Only had to reboot once. ComboFix 12-11-14.01 - Ken 11/14/2012 9:08.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.2476 [GMT -5:00] Running from: c:\users\Ken\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\programdata\PCDr\6032\AddOnDownloaded\087abda5-3ca9-433a-8a4e-6b9fc9285607.dll c:\programdata\PCDr\6032\AddOnDownloaded\2f733848-355c-4a6f-89a5-08a4dcc89c5c.dll c:\programdata\PCDr\6032\AddOnDownloaded\305a1406-381f-449d-9486-32504a38e5b0.dll c:\programdata\PCDr\6032\AddOnDownloaded\3b429c4f-8ba9-4a7d-bbb4-4548bb6d2539.dll c:\programdata\PCDr\6032\AddOnDownloaded\3c49c05a-0eb3-4044-a0f8-d4ea2a439295.dll c:\programdata\PCDr\6032\AddOnDownloaded\4704833a-6508-40cc-b98b-5ebd235e52ca.dll c:\programdata\PCDr\6032\AddOnDownloaded\5cd81d7c-326c-42d2-8929-1ee85c69dc1d.dll c:\programdata\PCDr\6032\AddOnDownloaded\5f169f6e-cfce-411e-b266-aa53ac35ce83.dll c:\programdata\PCDr\6032\AddOnDownloaded\7119bf4b-d404-4b31-8779-44fac71761fa.dll c:\programdata\PCDr\6032\AddOnDownloaded\8c199aef-9eca-4ab6-863d-c9136ebec654.dll c:\programdata\PCDr\6032\AddOnDownloaded\a7201707-7895-43cf-9119-8a0279b75d4c.dll c:\programdata\PCDr\6032\AddOnDownloaded\a875f6ee-9729-4447-8d2c-63bd2e6396c1.dll c:\programdata\PCDr\6032\AddOnDownloaded\af728edb-0984-4c06-9a4b-0878bcfa9a26.dll c:\programdata\PCDr\6032\AddOnDownloaded\b510dd11-341c-4dfa-9f1e-dd5ddcc444f4.dll c:\programdata\PCDr\6032\AddOnDownloaded\cf9bce06-e765-4c6f-afa9-0d82a3adc417.dll c:\programdata\PCDr\6032\AddOnDownloaded\dbecb802-efe1-453f-828f-29af4ab73508.dll c:\programdata\PCDr\6032\AddOnDownloaded\e1ce76af-328a-41dc-b2c4-0dd9771f6aa1.dll c:\programdata\PCDr\6032\AddOnDownloaded\e3e252fe-80ab-4f89-82a9-b607007220bd.dll c:\programdata\PCDr\6032\AddOnDownloaded\eb115e4d-8592-4082-bffa-e65ae6b21e95.dll c:\programdata\PCDr\6032\AddOnDownloaded\ed26c1b3-d9f9-42e8-80e0-cd62e65fd901.dll c:\programdata\PCDr\6032\AddOnDownloaded\f28ef68b-8cc4-4c00-891d-473fb67bd0b0.dll c:\windows\SysWow64\drivers\npf.sys c:\windows\SysWow64\Packet.dll c:\windows\SysWow64\pthreadVC.dll c:\windows\SysWow64\WanPacket.dll c:\windows\SysWow64\win.ini c:\windows\SysWow64\wpcap.dll . . ((((((((((((((((((((((((( Files Created from 2012-10-14 to 2012-11-14 ))))))))))))))))))))))))))))))) . . 2012-11-13 16:23 . 2012-11-13 16:23 -------- d-----w- c:\program files (x86)\Amazon Browser Bar 2012-11-13 14:21 . 2012-09-30 00:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-12 18:11 . 2012-11-12 18:11 -------- d-----w- c:\users\Ken\AppData\Roaming\Malwarebytes 2012-11-12 18:10 . 2012-11-12 18:10 -------- d-----w- c:\programdata\Malwarebytes 2012-11-12 18:10 . 2012-11-13 14:21 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-11-12 17:16 . 2012-11-12 17:16 -------- d-----w- c:\users\Default\AppData\Roaming\Apple Computer 2012-11-12 17:16 . 2012-11-12 17:16 -------- d-----w- c:\users\Default\AppData\Local\Apple Computer 2012-11-12 01:00 . 2010-03-02 17:14 38224 ----a-w- c:\windows\SysWow64\IJRMF.exe 2012-11-11 21:11 . 2012-11-11 21:11 -------- d-----w- c:\programdata\Sprint 2012-10-29 02:07 . 2012-10-29 02:07 -------- d-----w- c:\programdata\hldtokaytzbzcmk 2012-10-29 01:59 . 2010-02-05 09:37 327680 ----a-w- c:\windows\system32\CNMN6PPM.DLL 2012-10-29 01:58 . 2010-08-25 10:00 361472 ----a-w- c:\windows\system32\CNMLMAE.DLL 2012-10-20 00:55 . 2012-10-20 00:55 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-20 00:55 . 2012-10-20 00:55 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-20 00:52 . 2012-11-12 01:53 -------- d-----w- c:\program files\Google . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-10 07:02 . 2011-02-11 02:10 65309168 ----a-w- c:\windows\system32\MRT.exe 2012-09-29 02:32 . 2012-09-29 02:32 2177688 ----a-w- c:\windows\system32\coin92.dll 2012-09-14 19:19 . 2012-10-10 05:12 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-10 05:12 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-08-31 18:19 . 2012-10-10 05:12 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-30 18:03 . 2012-10-10 05:12 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-10 05:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-10 05:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-08-24 18:05 . 2012-10-10 05:12 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-08-24 16:57 . 2012-10-10 05:12 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-08-24 11:15 . 2012-09-22 07:00 17810944 ----a-w- c:\windows\system32\mshtml.dll 2012-08-24 10:39 . 2012-09-22 07:00 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-08-24 10:31 . 2012-09-22 07:00 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-08-24 10:22 . 2012-09-22 07:00 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-08-24 10:21 . 2012-09-22 07:00 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-08-24 10:20 . 2012-09-22 07:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-24 10:18 . 2012-09-22 07:00 237056 ----a-w- c:\windows\system32\url.dll 2012-08-24 10:17 . 2012-09-22 07:00 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-08-24 10:14 . 2012-09-22 07:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-08-24 10:14 . 2012-09-22 07:00 816640 ----a-w- c:\windows\system32\jscript.dll 2012-08-24 10:13 . 2012-09-22 07:00 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-08-24 10:12 . 2012-09-22 07:00 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-08-24 10:11 . 2012-09-22 07:00 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-08-24 10:10 . 2012-09-22 07:00 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-08-24 10:09 . 2012-09-22 07:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-24 10:04 . 2012-09-22 07:00 248320 ----a-w- c:\windows\system32\ieui.dll 2012-08-24 06:59 . 2012-09-22 07:00 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-08-24 06:51 . 2012-09-22 07:00 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-08-24 06:51 . 2012-09-22 07:00 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-08-24 06:47 . 2012-09-22 07:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-08-24 06:47 . 2012-09-22 07:00 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-08-24 06:43 . 2012-09-22 07:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-08-22 18:12 . 2012-09-12 15:44 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-08-22 18:12 . 2012-09-12 15:44 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-08-22 18:12 . 2012-09-12 15:44 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 18:12 . 2012-09-12 15:44 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-21 21:01 . 2012-09-26 06:17 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-08-21 17:01 . 2012-09-21 17:43 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-08-21 17:01 . 2011-03-15 10:03 125872 ----a-w- c:\windows\system32\GEARAspi64.dll 2012-08-21 17:01 . 2011-03-15 10:03 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll 2012-08-20 18:48 . 2012-10-10 05:12 362496 ----a-w- c:\windows\system32\wow64win.dll 2012-08-20 18:48 . 2012-10-10 05:12 243200 ----a-w- c:\windows\system32\wow64.dll 2012-08-20 18:48 . 2012-10-10 05:12 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2012-08-20 18:48 . 2012-10-10 05:12 215040 ----a-w- c:\windows\system32\winsrv.dll 2012-08-20 18:48 . 2012-10-10 05:12 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2012-08-20 18:48 . 2012-10-10 05:12 424448 ----a-w- c:\windows\system32\KernelBase.dll 2012-08-20 18:48 . 2012-10-10 05:12 1162240 ----a-w- c:\windows\system32\kernel32.dll 2012-08-20 18:46 . 2012-10-10 05:12 338432 ----a-w- c:\windows\system32\conhost.exe 2012-08-20 18:38 . 2012-10-10 05:12 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 05:12 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 05:12 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 05:12 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 05:12 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 05:12 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 05:12 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 05:12 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 05:12 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 05:12 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 05:12 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 05:12 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 05:12 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 05:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 05:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 05:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 05:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 05:12 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 05:12 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 05:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 05:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 05:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 05:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 05:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 05:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 05:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 05:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 05:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2012-08-20 17:40 . 2012-10-10 05:12 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2012-08-20 17:38 . 2012-10-10 05:12 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-08-20 17:38 . 2012-10-10 05:12 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2012-08-20 17:37 . 2012-10-10 05:12 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2012-08-20 17:37 . 2012-10-10 05:12 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll 2012-08-20 17:32 . 2012-10-10 05:12 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 05:12 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 05:12 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 05:12 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 05:12 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 05:12 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 05:12 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 05:12 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 05:12 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 05:12 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 05:12 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 05:12 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 05:12 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 05:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 05:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 05:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 05:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 05:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 05:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-08-23 3926528] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-09-17 560128] "Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-01-13 165184] . c:\users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584] Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2011-2-10 50688] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-02 35104] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 libusb0;LibUsb-Win32 - Kernel Driver 06/04/2010,1.12.1.0;c:\windows\system32\DRIVERS\libusb0.sys [2011-03-08 22016] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-01-19 315664] R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x] R3 PTUMLBUS;PTUML USB Composite Device Driver;c:\windows\system32\DRIVERS\PTUMLBUS.sys [2011-05-12 73744] R3 PTUMLCVsp;PANTECH UML290 Connection Manager Port;c:\windows\system32\DRIVERS\PTUMLCVsp.sys [2011-05-12 182672] R3 PTUMLMBMP;PANTECH UML290 Mobile Broadband;c:\windows\system32\DRIVERS\PTUMLMBMP.sys [2011-05-12 213520] R3 PTUMLMdm;PANTECH UML290;c:\windows\system32\DRIVERS\PTUMLMdm.sys [2011-05-12 182672] R3 PTUMLNET61;PANTECH UML290 WWAN (NDIS6.1);c:\windows\system32\DRIVERS\PTUMLNET61.sys [2011-05-12 104976] R3 PTUMLNVsp;PANTECH UML290 NMEA Port;c:\windows\system32\DRIVERS\PTUMLNVsp.sys [2011-05-12 183824] R3 PTUMLRMNET;PANTECH UML290 RMNET Service;c:\windows\system32\DRIVERS\PTUMLRMNET.sys [2011-05-12 69136] R3 PTUMLVsp;PANTECH UML290 Diagnostic Port;c:\windows\system32\DRIVERS\PTUMLVsp.sys [2011-05-12 182672] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-17 220672] R3 Svk2pl;GigawareX USB to Serial Driver;c:\windows\system32\DRIVERS\Svk2pl64.sys [2010-04-01 97280] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-12 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280] S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [2009-07-23 18792] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648] S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-06-23 60928] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936] S2 ptumlcmsvc;PTUML290 Connection Manager Service;c:\windows\system32\ptumlcmsvc64.exe [2011-05-12 134144] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [2009-07-24 23912] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 175168] S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-06-25 52320] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-06-21 287232] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928] S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392] S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-27 46176] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680] S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-04-06 39832] S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088] . . Contents of the 'Scheduled Tasks' folder . 2012-11-14 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-20 00:55] . 2012-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-20 15:50] . 2012-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-20 15:50] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-01-19 1926928] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-29 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-29 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-29 415256] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368] "IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-27 1464928] "IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-27 2004584] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://radar.weather.gov/radar.php?product=NCR&rid=TBW&loop=yes mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Lookup on Merriam Webster IE: Lookup on Wikipedia IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.0.1 204.215.43.3 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60 . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}"=hex:51,66,7a,6c,4c,1d,38,12,e8,9b,8e, 71,5d,42,f6,01,c5,a0,09,1f,42,98,83,3b "{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11, d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}"=hex:51,66,7a,6c,4c,1d,38,12,c3,d3,96, 33,cd,f1,98,02,c0,4d,e6,c7,c4,3c,ba,cd "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96, 76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce, 9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0, b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{21347690-EC41-4F9A-8887-1F4AEE672439}"=hex:51,66,7a,6c,4c,1d,38,12,fe,75,27, 25,73,a2,f4,0a,f7,91,5c,0a,eb,39,60,2d "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47, 2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:9a,04,1f,b3,ce,a8,cd,01 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe . ************************************************************************** . Completion time: 2012-11-14 09:26:23 - machine was rebooted ComboFix-quarantined-files.txt 2012-11-14 14:26 . Pre-Run: 207,922,499,584 bytes free Post-Run: 208,012,959,744 bytes free . - - End Of File - - FA403CF1E05E1FB5C5DE4297B4B10250
- November 14, 2012
- 13 replies
Stubborn svchost.exe Bug

kmoose replied to kmoose's topic in Resolved Malware Removal Logs

Will do..
- November 14, 2012
- 13 replies
Stubborn svchost.exe Bug

kmoose replied to kmoose's topic in Resolved Malware Removal Logs

Having some issue disabling all the malware protection. MSE doesn't seem to exist but defender is turned off. Also, when I try to download Combofix the little yellow download bar opens and gives warnings and only gives me the option to run combofix, not save it to my desktop.
- November 14, 2012
- 13 replies
Stubborn svchost.exe Bug

kmoose replied to kmoose's topic in Resolved Malware Removal Logs

I have to say that so far things are look great! Everything has sped up and fans are not running. WooHoo! My wife states that my bloodpressure is directily related to my PC health.....
- November 14, 2012
- 13 replies
Stubborn svchost.exe Bug

kmoose replied to kmoose's topic in Resolved Malware Removal Logs

Done! Below are the logs... Malwarebytes Anti-Rootkit 1.1.0.1009 www.malwarebytes.org Database version: v2012.11.13.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Ken :: KEN-PC [administrator] 11/13/2012 10:41:16 PM mbar-log-2012-11-13 (22-41-16).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: PUP | PUM | P2P Objects scanned: 27441 Time elapsed: 7 minute(s), 36 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_24 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.394000 GHz Memory total: 4081610752, free: 2440581120 ------------ Kernel report ------------ 11/13/2012 23:18:29 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\PxHlpa64.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\system32\DRIVERS\stdflt.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\igdkmd64.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\HECIx64.sys \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\NETw5s64.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\drivers\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\Impcd.sys \SystemRoot\system32\DRIVERS\Acceler.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\WDKMD.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\HdAudio.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\IntcDAud.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_msahci.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\system32\DRIVERS\CtClsFlt.sys \SystemRoot\system32\DRIVERS\dc3d.sys \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\point64.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \??\C:\Windows\system32\drivers\mbam.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\DRIVERS\TurboB.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\system32\DRIVERS\vwifimp.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\system32\DRIVERS\umpass.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\imagehlp.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8004bd7060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\ Lower Device Object: 0xfffffa8004930680 Lower Device Driver Name: \00000299\ Driver name found: atapi DriverEntry returned 0x0 Function returned 0x0 Downloaded database version: v2012.11.13.09 Downloaded database version: v2012.11.12.01 Initializing... Done! Scanning directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 3 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8004bd7060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8004bd7b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8004bd7060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8004a7bb20, DeviceName: Unknown, DriverName: \Driver\stdflt\ DevicePointer: 0xfffffa8004930680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \00000299\ ------------ End ---------- Upper DeviceData: 0xfffff8a0109e5df0, 0xfffffa8004bd7060, 0xfffffa8004dcc090 Lower DeviceData: 0xfffff8a010a20300, 0xfffffa8004930680, 0xfffffa8006bd9930 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... MBR is forged! Inspecting partition table: MBR Signature: 55AA Disk Signature: 8B32B454 Partition information: Partition 0 type is Empty (0x0) Partition is ACTIVE. Partition starts at LBA: 52 Numsec = 0 Partition is not bootable Infected: VBR on Empty active partition --> [Rootkit.Pihar.c.MBR] Changing partition to empty and not active. New active partition is 1 on drive 0 ... Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 206848 Numsec = 30720000 Partition file system is NTFS Partition is bootable Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 30926848 Numsec = 945844272 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 MBR infection found on drive 0 Disk Size: 500107862016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-51-976753168-976773168)... Sector 976772846 --> [Forged physical sector] Sector 976772847 --> [Forged physical sector] Sector 976772848 --> [Forged physical sector] Sector 976772849 --> [Forged physical sector] Sector 976772850 --> [Forged physical sector] Sector 976772851 --> [Forged physical sector] Sector 976772852 --> [Forged physical sector] Sector 976772853 --> [Forged physical sector] Sector 976772854 --> [Forged physical sector] Sector 976772855 --> [Forged physical sector] Sector 976772856 --> [Forged physical sector] Sector 976772857 --> [Forged physical sector] Sector 976772858 --> [Forged physical sector] Sector 976772859 --> [Forged physical sector] Sector 976772860 --> [Forged physical sector] Sector 976772861 --> [Forged physical sector] Sector 976772862 --> [Forged physical sector] Sector 976772863 --> [Forged physical sector] Sector 976772864 --> [Forged physical sector] Sector 976772865 --> [Forged physical sector] Sector 976772866 --> [Forged physical sector] Sector 976772867 --> [Forged physical sector] Sector 976772868 --> [Forged physical sector] Sector 976772869 --> [Forged physical sector] Sector 976772870 --> [Forged physical sector] Sector 976772871 --> [Forged physical sector] Sector 976772872 --> [Forged physical sector] Sector 976772873 --> [Forged physical sector] Sector 976772874 --> [Forged physical sector] Sector 976772875 --> [Forged physical sector] Sector 976772876 --> [Forged physical sector] Sector 976772877 --> [Forged physical sector] Sector 976772878 --> [Forged physical sector] Sector 976772879 --> [Forged physical sector] Sector 976772880 --> [Forged physical sector] Sector 976772881 --> [Forged physical sector] Sector 976772882 --> [Forged physical sector] Sector 976772883 --> [Forged physical sector] Sector 976772884 --> [Forged physical sector] Sector 976772885 --> [Forged physical sector] Sector 976772886 --> [Forged physical sector] Sector 976772887 --> [Forged physical sector] Sector 976772888 --> [Forged physical sector] Sector 976772889 --> [Forged physical sector] Sector 976772890 --> [Forged physical sector] Sector 976772891 --> [Forged physical sector] Sector 976772892 --> [Forged physical sector] Sector 976772893 --> [Forged physical sector] Sector 976772894 --> [Forged physical sector] Sector 976772895 --> [Forged physical sector] Sector 976772896 --> [Forged physical sector] Sector 976772897 --> [Forged physical sector] Sector 976772898 --> [Forged physical sector] Sector 976772899 --> [Forged physical sector] Sector 976772900 --> [Forged physical sector] Sector 976772901 --> [Forged physical sector] Sector 976772902 --> [Forged physical sector] Sector 976772903 --> [Forged physical sector] Sector 976772904 --> [Forged physical sector] Sector 976772905 --> [Forged physical sector] Sector 976772906 --> [Forged physical sector] Sector 976772907 --> [Forged physical sector] Sector 976772908 --> [Forged physical sector] Sector 976772909 --> [Forged physical sector] Sector 976772910 --> [Forged physical sector] Sector 976772911 --> [Forged physical sector] Sector 976772912 --> [Forged physical sector] Sector 976772913 --> [Forged physical sector] Sector 976772914 --> [Forged physical sector] Sector 976772915 --> [Forged physical sector] Sector 976772916 --> [Forged physical sector] Sector 976772917 --> [Forged physical sector] Sector 976772918 --> [Forged physical sector] Sector 976772919 --> [Forged physical sector] Sector 976772920 --> [Forged physical sector] Sector 976772921 --> [Forged physical sector] Sector 976772922 --> [Forged physical sector] Sector 976772923 --> [Forged physical sector] Sector 976772924 --> [Forged physical sector] Sector 976772925 --> [Forged physical sector] Sector 976772926 --> [Forged physical sector] Sector 976772927 --> [Forged physical sector] Sector 976772928 --> [Forged physical sector] Sector 976772929 --> [Forged physical sector] Sector 976772930 --> [Forged physical sector] Sector 976772931 --> [Forged physical sector] Sector 976772932 --> [Forged physical sector] Sector 976772933 --> [Forged physical sector] Sector 976772934 --> [Forged physical sector] Sector 976772935 --> [Forged physical sector] Sector 976772936 --> [Forged physical sector] Sector 976772937 --> [Forged physical sector] Sector 976772938 --> [Forged physical sector] Sector 976772939 --> [Forged physical sector] Sector 976772940 --> [Forged physical sector] Sector 976772941 --> [Forged physical sector] Sector 976772942 --> [Forged physical sector] Sector 976772943 --> [Forged physical sector] Sector 976772944 --> [Forged physical sector] Sector 976772945 --> [Forged physical sector] Sector 976772946 --> [Forged physical sector] Sector 976772947 --> [Forged physical sector] Sector 976772948 --> [Forged physical sector] Sector 976772949 --> [Forged physical sector] Sector 976772950 --> [Forged physical sector] Sector 976772951 --> [Forged physical sector] Sector 976772952 --> [Forged physical sector] Sector 976772953 --> [Forged physical sector] Sector 976772954 --> [Forged physical sector] Sector 976772955 --> [Forged physical sector] Sector 976772956 --> [Forged physical sector] Sector 976772957 --> [Forged physical sector] Sector 976772958 --> [Forged physical sector] Sector 976772959 --> [Forged physical sector] Sector 976772960 --> [Forged physical sector] Sector 976772961 --> [Forged physical sector] Sector 976772962 --> [Forged physical sector] Sector 976772963 --> [Forged physical sector] Sector 976772964 --> [Forged physical sector] Sector 976772965 --> [Forged physical sector] Sector 976772966 --> [Forged physical sector] Sector 976772967 --> [Forged physical sector] Sector 976772968 --> [Forged physical sector] Sector 976772969 --> [Forged physical sector] Sector 976772970 --> [Forged physical sector] Sector 976772971 --> [Forged physical sector] Sector 976772972 --> [Forged physical sector] Sector 976772973 --> [Forged physical sector] Sector 976772974 --> [Forged physical sector] Sector 976772975 --> [Forged physical sector] Sector 976772976 --> [Forged physical sector] Sector 976772977 --> [Forged physical sector] Sector 976772978 --> [Forged physical sector] Sector 976772979 --> [Forged physical sector] Sector 976772980 --> [Forged physical sector] Sector 976772981 --> [Forged physical sector] Sector 976772982 --> [Forged physical sector] Sector 976772983 --> [Forged physical sector] Sector 976772984 --> [Forged physical sector] Sector 976772985 --> [Forged physical sector] Sector 976772986 --> [Forged physical sector] Sector 976772987 --> [Forged physical sector] Sector 976772988 --> [Forged physical sector] Sector 976772989 --> [Forged physical sector] Sector 976772990 --> [Forged physical sector] Sector 976772991 --> [Forged physical sector] Sector 976772992 --> [Forged physical sector] Sector 976772993 --> [Forged physical sector] Sector 976772994 --> [Forged physical sector] Sector 976772995 --> [Forged physical sector] Sector 976772996 --> [Forged physical sector] Sector 976772997 --> [Forged physical sector] Sector 976772998 --> [Forged physical sector] Sector 976772999 --> [Forged physical sector] Sector 976773000 --> [Forged physical sector] Sector 976773001 --> [Forged physical sector] Sector 976773002 --> [Forged physical sector] Sector 976773003 --> [Forged physical sector] Sector 976773004 --> [Forged physical sector] Sector 976773005 --> [Forged physical sector] Sector 976773006 --> [Forged physical sector] Sector 976773007 --> [Forged physical sector] Sector 976773008 --> [Forged physical sector] Sector 976773009 --> [Forged physical sector] Sector 976773010 --> [Forged physical sector] Sector 976773011 --> [Forged physical sector] Sector 976773012 --> [Forged physical sector] Sector 976773013 --> [Forged physical sector] Sector 976773014 --> [Forged physical sector] Sector 976773015 --> [Forged physical sector] Sector 976773016 --> [Forged physical sector] Sector 976773017 --> [Forged physical sector] Sector 976773018 --> [Forged physical sector] Sector 976773019 --> [Forged physical sector] Sector 976773020 --> [Forged physical sector] Sector 976773021 --> [Forged physical sector] Sector 976773022 --> [Forged physical sector] Sector 976773023 --> [Forged physical sector] Sector 976773024 --> [Forged physical sector] Sector 976773025 --> [Forged physical sector] Sector 976773026 --> [Forged physical sector] Sector 976773027 --> [Forged physical sector] Sector 976773028 --> [Forged physical sector] Sector 976773029 --> [Forged physical sector] Sector 976773030 --> [Forged physical sector] Sector 976773031 --> [Forged physical sector] Sector 976773032 --> [Forged physical sector] Sector 976773033 --> [Forged physical sector] Sector 976773034 --> [Forged physical sector] Sector 976773035 --> [Forged physical sector] Sector 976773036 --> [Forged physical sector] Sector 976773037 --> [Forged physical sector] Sector 976773038 --> [Forged physical sector] Sector 976773039 --> [Forged physical sector] Sector 976773040 --> [Forged physical sector] Sector 976773041 --> [Forged physical sector] Sector 976773042 --> [Forged physical sector] Sector 976773043 --> [Forged physical sector] Sector 976773044 --> [Forged physical sector] Sector 976773045 --> [Forged physical sector] Sector 976773046 --> [Forged physical sector] Sector 976773047 --> [Forged physical sector] Sector 976773048 --> [Forged physical sector] Sector 976773049 --> [Forged physical sector] Sector 976773050 --> [Forged physical sector] Sector 976773051 --> [Forged physical sector] Sector 976773052 --> [Forged physical sector] Sector 976773053 --> [Forged physical sector] Sector 976773054 --> [Forged physical sector] Sector 976773055 --> [Forged physical sector] Sector 976773056 --> [Forged physical sector] Sector 976773057 --> [Forged physical sector] Sector 976773058 --> [Forged physical sector] Sector 976773059 --> [Forged physical sector] Sector 976773060 --> [Forged physical sector] Sector 976773061 --> [Forged physical sector] Sector 976773062 --> [Forged physical sector] Sector 976773063 --> [Forged physical sector] Sector 976773064 --> [Forged physical sector] Sector 976773065 --> [Forged physical sector] Sector 976773066 --> [Forged physical sector] Sector 976773067 --> [Forged physical sector] Sector 976773068 --> [Forged physical sector] Sector 976773069 --> [Forged physical sector] Sector 976773070 --> [Forged physical sector] Sector 976773071 --> [Forged physical sector] Sector 976773072 --> [Forged physical sector] Sector 976773073 --> [Forged physical sector] Sector 976773074 --> [Forged physical sector] Sector 976773075 --> [Forged physical sector] Sector 976773076 --> [Forged physical sector] Sector 976773077 --> [Forged physical sector] Sector 976773078 --> [Forged physical sector] Sector 976773079 --> [Forged physical sector] Sector 976773080 --> [Forged physical sector] Sector 976773081 --> [Forged physical sector] Sector 976773082 --> [Forged physical sector] Sector 976773083 --> [Forged physical sector] Sector 976773084 --> [Forged physical sector] Sector 976773085 --> [Forged physical sector] Sector 976773086 --> [Forged physical sector] Sector 976773087 --> [Forged physical sector] Sector 976773088 --> [Forged physical sector] Sector 976773089 --> [Forged physical sector] Sector 976773090 --> [Forged physical sector] Sector 976773091 --> [Forged physical sector] Sector 976773092 --> [Forged physical sector] Sector 976773093 --> [Forged physical sector] Sector 976773094 --> [Forged physical sector] Sector 976773095 --> [Forged physical sector] Sector 976773096 --> [Forged physical sector] Sector 976773097 --> [Forged physical sector] Sector 976773098 --> [Forged physical sector] Sector 976773099 --> [Forged physical sector] Sector 976773100 --> [Forged physical sector] Sector 976773101 --> [Forged physical sector] Sector 976773102 --> [Forged physical sector] Sector 976773103 --> [Forged physical sector] Sector 976773104 --> [Forged physical sector] Sector 976773105 --> [Forged physical sector] Sector 976773106 --> [Forged physical sector] Sector 976773107 --> [Forged physical sector] Sector 976773108 --> [Forged physical sector] Sector 976773109 --> [Forged physical sector] Sector 976773110 --> [Forged physical sector] Sector 976773111 --> [Forged physical sector] Sector 976773112 --> [Forged physical sector] Sector 976773113 --> [Forged physical sector] Sector 976773114 --> [Forged physical sector] Sector 976773115 --> [Forged physical sector] Sector 976773116 --> [Forged physical sector] Sector 976773117 --> [Forged physical sector] Sector 976773118 --> [Forged physical sector] Sector 976773119 --> [Forged physical sector] Sector 976773120 --> [Forged physical sector] Sector 976773121 --> [Forged physical sector] Sector 976773122 --> [Forged physical sector] Sector 976773123 --> [Forged physical sector] Sector 976773124 --> [Forged physical sector] Sector 976773125 --> [Forged physical sector] Sector 976773126 --> [Forged physical sector] Sector 976773127 --> [Forged physical sector] Sector 976773128 --> [Forged physical sector] Sector 976773129 --> [Forged physical sector] Sector 976773130 --> [Forged physical sector] Sector 976773131 --> [Forged physical sector] Sector 976773132 --> [Forged physical sector] Sector 976773133 --> [Forged physical sector] Sector 976773134 --> [Forged physical sector] Sector 976773135 --> [Forged physical sector] Sector 976773136 --> [Forged physical sector] Sector 976773137 --> [Forged physical sector] Sector 976773138 --> [Forged physical sector] Sector 976773139 --> [Forged physical sector] Sector 976773140 --> [Forged physical sector] Sector 976773141 --> [Forged physical sector] Sector 976773142 --> [Forged physical sector] Sector 976773143 --> [Forged physical sector] Sector 976773144 --> [Forged physical sector] Sector 976773145 --> [Forged physical sector] Sector 976773146 --> [Forged physical sector] Sector 976773147 --> [Forged physical sector] Sector 976773148 --> [Forged physical sector] Sector 976773149 --> [Forged physical sector] Sector 976773150 --> [Forged physical sector] Sector 976773151 --> [Forged physical sector] Sector 976773152 --> [Forged physical sector] Sector 976773153 --> [Forged physical sector] Sector 976773154 --> [Forged physical sector] Sector 976773155 --> [Forged physical sector] Sector 976773156 --> [Forged physical sector] Sector 976773157 --> [Forged physical sector] Sector 976773158 --> [Forged physical sector] Sector 976773159 --> [Forged physical sector] Sector 976773160 --> [Forged physical sector] Sector 976773161 --> [Forged physical sector] Sector 976773162 --> [Forged physical sector] Sector 976773163 --> [Forged physical sector] Sector 976773164 --> [Forged physical sector] Sector 976773165 --> [Forged physical sector] Sector 976773166 --> [Forged physical sector] Sector 976773167 --> [Forged physical sector] Done! Performing system, memory and registry scan... Read File: File "C:\ProgramData\{04A07C23-5821-4F25-BF46-1188636AE238}\delldock.dat" is compressed (flags = 1) Read File: File "C:\ProgramData\{04A07C23-5821-4F25-BF46-1188636AE238}\instance.dat" is compressed (flags = 1) Infected: C:\$Recycle.Bin\S-1-5-18\$678e0b4f17c9f76810f697e8ee0ffbb1\@ --> [Trojan.Siredef.C] Infected: C:\Windows\svchost.exe --> [Trojan.Agent] Infected: C:\$Recycle.Bin\S-1-5-18\$678e0b4f17c9f76810f697e8ee0ffbb1\U --> [Trojan.Siredef.C] Infected: C:\$Recycle.Bin\S-1-5-18\$678e0b4f17c9f76810f697e8ee0ffbb1\L --> [Trojan.Siredef.C] Infected: C:\$Recycle.Bin\S-1-5-18\$678e0b4f17c9f76810f697e8ee0ffbb1 --> [Trojan.Siredef.C] Done! Scan finished Creating System Restore point... Scheduling clean up... <<<2>>> Device number: 0, partition: 3 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes BCD Entry for BOOTEMS is missing Malicious Entry 26000022 for BOOTEMS present! Removal scheduling successful. System shutdown needed. System shutdown occured ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_24 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.394000 GHz Memory total: 4081627136, free: 2742845440 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_24 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.394000 GHz Memory total: 4081627136, free: 2575196160 ------------ Kernel report ------------ 11/13/2012 22:32:35 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\PxHlpa64.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\system32\DRIVERS\stdflt.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\igdkmd64.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\HECIx64.sys \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\NETw5s64.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\drivers\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\Impcd.sys \SystemRoot\system32\DRIVERS\Acceler.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\WDKMD.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\HdAudio.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\IntcDAud.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_msahci.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\system32\DRIVERS\CtClsFlt.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\dc3d.sys \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\point64.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \??\C:\Windows\system32\drivers\mbam.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\DRIVERS\TurboB.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\system32\DRIVERS\vwifimp.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\system32\DRIVERS\umpass.sys \SystemRoot\system32\drivers\spsys.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8004be3060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\ Lower Device Object: 0xfffffa8004930060 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi DriverEntry returned 0x0 Function returned 0x0 Downloaded database version: v2012.11.13.09 Downloaded database version: v2012.11.12.01 Initializing... Done! Scanning directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 3 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8004be3060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8004be3b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8004be3060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8004a79ce0, DeviceName: Unknown, DriverName: \Driver\stdflt\ DevicePointer: 0xfffffa8004930060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\ ------------ End ---------- Upper DeviceData: 0xfffff8a004279ce0, 0xfffffa8004be3060, 0xfffffa80041cd790 Lower DeviceData: 0xfffff8a003a23ae0, 0xfffffa8004930060, 0xfffffa8004149800 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 8B32B454 Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 206848 Numsec = 30720000 Partition file system is NTFS Partition is bootable Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 30926848 Numsec = 945844272 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 500107862016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)... Done! Performing system, memory and registry scan... Read File: File "C:\ProgramData\{04A07C23-5821-4F25-BF46-1188636AE238}\delldock.dat" is compressed (flags = 1) Read File: File "C:\ProgramData\{04A07C23-5821-4F25-BF46-1188636AE238}\instance.dat" is compressed (flags = 1) Done! Scan finished =======================================
- November 14, 2012
- 13 replies
Stubborn svchost.exe Bug

kmoose posted a topic in Resolved Malware Removal Logs

Need help getting rid of a repetitive infection the resets on startup after MB removes it. I have been experiencing mild to heavy slow down with occational shutdowns. Any help would be greatly appreciated. Below are my reports: DDS (Ver_2012-11-07.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16450 Run by Ken at 21:46:38 on 2012-11-13 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.2518 [GMT -5:00] . AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\ptumlcmsvc64.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Microsoft Device Center\itype.exe C:\Program Files\Microsoft Device Center\ipoint.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Dell\DellDock\DellDock.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://radar.weather.gov/radar.php?product=NCR&rid=TBW&loop=yes mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe StartupFolder: C:\Users\Ken\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Lookup on Merriam Webster - <no file> IE: Lookup on Wikipedia - <no file> IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {88D969C0-F192-11D4-A65F-0040963251E5} - file:///C:/Program%20Files%20(x86)/FastVideoIndexer/data/dialogs/msxml4.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 192.168.0.1 204.215.43.3 TCP: Interfaces\{2FC549DF-8688-4B71-9ADF-245859DC103B} : DHCPNameServer = 66.174.95.44 69.78.96.14 TCP: Interfaces\{77F93968-3BBD-4C3C-A7BD-F8D4BC4A44F3} : DHCPNameServer = 66.174.95.44 69.78.96.14 TCP: Interfaces\{8963DCDB-C47C-4C20-BE18-2BC222502EC3} : DHCPNameServer = 192.168.0.1 204.215.43.3 TCP: Interfaces\{A7F5CF63-A46D-4FC7-BA4F-C6F41EA921EB} : DHCPNameServer = 192.168.0.1 204.215.43.3 TCP: Interfaces\{A7F5CF63-A46D-4FC7-BA4F-C6F41EA921EB}\160713 : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{A7F5CF63-A46D-4FC7-BA4F-C6F41EA921EB}\B4D4C403235363 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{F7E0DE38-CBFA-444E-9B14-F41807502D33} : DHCPNameServer = 66.174.95.44 69.78.96.14 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe x64-Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch x64-Run: [intelliType Pro] "c:\Program Files\Microsoft Device Center\itype.exe" x64-Run: [intelliPoint] "c:\Program Files\Microsoft Device Center\ipoint.exe" x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-12-13 55280] R0 stdflt;Disk Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdflt.sys [2010-12-13 18792] R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648] R2 InstallFilterService;FF Install Filter Service;C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2010-12-13 60928] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-13 399432] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-13 676936] R2 ptumlcmsvc;PTUML290 Connection Manager Service;C:\Windows\System32\ptumlcmsvc64.exe [2011-10-6 134144] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-12-13 705856] R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-13 2320920] R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Acceler.sys [2010-10-29 23912] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-12-13 175168] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-10-29 56344] R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-2-10 158976] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-29 287232] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-13 25928] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-23 344680] R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-4-5 39832] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-12-13 35104] S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-6-28 48488] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 libusb0;LibUsb-Win32 - Kernel Driver 06/04/2010,1.12.1.0;C:\Windows\System32\drivers\libusb0.sys [2011-3-7 22016] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-1-19 315664] S3 PTUMLBUS;PTUML USB Composite Device Driver;C:\Windows\System32\drivers\PTUMLBUS.sys [2011-10-6 73744] S3 PTUMLCVsp;PANTECH UML290 Connection Manager Port;C:\Windows\System32\drivers\PTUMLCVsp.sys [2011-10-6 182672] S3 PTUMLMBMP;PANTECH UML290 Mobile Broadband;C:\Windows\System32\drivers\PTUMLMBMP.sys [2011-10-6 213520] S3 PTUMLMdm;PANTECH UML290;C:\Windows\System32\drivers\PTUMLMdm.sys [2011-10-6 182672] S3 PTUMLNET61;PANTECH UML290 WWAN (NDIS6.1);C:\Windows\System32\drivers\PTUMLNET61.sys [2011-10-6 104976] S3 PTUMLNVsp;PANTECH UML290 NMEA Port;C:\Windows\System32\drivers\PTUMLNVsp.sys [2011-10-6 183824] S3 PTUMLRMNET;PANTECH UML290 RMNET Service;C:\Windows\System32\drivers\PTUMLRMNET.sys [2011-10-6 69136] S3 PTUMLVsp;PANTECH UML290 Diagnostic Port;C:\Windows\System32\drivers\PTUMLVsp.sys [2011-10-6 182672] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-10-29 220672] S3 Svk2pl;GigawareX USB to Serial Driver;C:\Windows\System32\drivers\Svk2pl64.sys [2010-4-1 97280] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-12 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-12 1255736] S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-11-14 02:26:36 20480 ----a-w- C:\Windows\svchost.exe 2012-11-13 16:23:52 -------- d-----w- C:\Program Files (x86)\Amazon Browser Bar 2012-11-13 14:21:10 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-11-12 18:11:06 -------- d-----w- C:\Users\Ken\AppData\Roaming\Malwarebytes 2012-11-12 18:10:53 -------- d-----w- C:\ProgramData\Malwarebytes 2012-11-12 18:10:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-11-12 01:00:14 38224 ----a-w- C:\Windows\SysWow64\IJRMF.exe 2012-11-11 21:11:58 -------- d-----w- C:\ProgramData\Sprint 2012-10-29 02:07:47 -------- d-----w- C:\ProgramData\hldtokaytzbzcmk 2012-10-29 01:59:09 327680 ----a-w- C:\Windows\System32\CNMN6PPM.DLL 2012-10-29 01:58:51 361472 ----a-w- C:\Windows\System32\CNMLMAE.DLL 2012-10-20 00:55:21 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-20 00:55:21 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe . ==================== Find3M ==================== . 2012-09-29 02:32:08 2177688 ----a-w- C:\Windows\System32\coin92.dll 2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll 2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys 2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys 2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe 2012-08-21 17:01:20 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys 2012-08-21 17:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll 2012-08-21 17:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll 2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll 2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll . ============= FINISH: 21:47:22.60 =============== === Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft Virtual WiFi Miniport Adapter Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&5D31665&0&01 Manufacturer: Microsoft Name: Microsoft Virtual WiFi Miniport Adapter PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&5D31665&0&01 Service: vwifimp . ==== System Restore Points =================== . RP330: 10/20/2012 9:30:51 PM - Scheduled Checkpoint RP331: 10/29/2012 12:07:01 AM - Scheduled Checkpoint RP332: 11/5/2012 12:00:01 AM - Scheduled Checkpoint RP334: 11/11/2012 10:31:33 AM - Windows Backup RP333: 11/11/2012 11:06:49 AM - Restore Operation RP335: 11/11/2012 1:42:01 PM - Windows Backup RP336: 11/11/2012 4:03:59 PM - Backup_2012_11_11 RP337: 11/11/2012 4:07:42 PM - Removed ViewNX 2. RP338: 11/11/2012 4:08:33 PM - Removed Nikon Movie Editor. RP339: 11/11/2012 4:10:43 PM - Removed Trackstick Manager RP340: 11/11/2012 4:11:10 PM - Removed Sprint SmartView. RP341: 11/11/2012 8:04:21 PM - Windows Backup RP342: 11/13/2012 11:05:51 AM - Backup_2012_11_13 . ==== Installed Programs ====================== . Accelerometer Accidental Damage Services Agreement Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.4) Adobe Shockwave Player 11.5 Advanced Audio FX Engine Apple Application Support Apple Mobile Device Support Apple Software Update ATI Catalyst Install Manager Avancemos FL 2 AVS Audio Converter version 6.3 AVS Document Converter 1.0.2 AVS DVD Copy version 4.1.2 AVS Photo Editor AVS Registry Cleaner version 2.2 AVS Ringtone Maker version 1.6 AVS Screen Capture version 2.0.1 AVS Update Manager 1.0 AVS Video Converter 7 AVS Video Editor 6 AVS Video Recorder 2.4 AVS Video ReMaker 4.0.8.140 AVS4YOU Software Navigator 1.4 Banctec Service Agreement Cisco Connect Complete Care Business Service Agreement Consumer In-Home Service Agreement Cozi D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dell DataSafe Local Backup Dell DataSafe Local Backup - Support Software Dell Dock Dell Driver Download Manager Dell Edoc Viewer Dell Getting Started Guide Dell Home Systems Service Agreement Dell Product Registration Dell Support Center Dell Touchpad Dell Webcam Central Digital Line Detect DVD43 Plug-in v1.0.0.5 Garmin MapSource Google Earth Google Update Helper GoToAssist 8.0.0.514 iCloud Intel PROSet Wireless Intel® Graphics Media Accelerator Driver Intel® Management Engine Components Intel® PROSet/Wireless WiFi Software Intel® Wireless Display iTunes Java Auto Updater Java 6 Update 21 (64-bit) Java 6 Update 24 Junk Mail filter update LoranGPS Malwarebytes Anti-Malware version 1.65.1.1000 MapSource MapSource - BlueChart Americas v7.5 Mesh Runtime Messenger Companion Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Mouse and Keyboard Center Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable - KB2467175 Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Modem Diagnostics Tool MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nautilus Lifeline 0.3.47 NetWaiting PANTECH UML290 Premium Service Agreement QualxServ Service Agreement Quickset64 QuickTime Realtek Ethernet Controller Driver For Windows Vista and Later Roxio Burn SAMSUNG USB Driver for Mobile Phones Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition SkyHawke CP210x USB to UART Bridge (Driver Removal) TomTom HOME Visual Studio Merge Modules Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update Installer for WildTangent Games App Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC) WIDCOMM Bluetooth Software WildTangent Games WildTangent Games App (Dell Games) Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 ) Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources . ==== Event Viewer Messages From Past Week ======== . 11/9/2012 8:55:48 PM, Error: Virtual Disk Service [9] - Unexpected provider failure. Restarting the service may fix the problem. Error code: 8007001F@02000014 11/9/2012 8:55:23 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR4. 11/13/2012 9:27:01 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 11/13/2012 9:25:41 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 11/13/2012 9:25:41 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 11/13/2012 9:25:41 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 11/13/2012 9:25:39 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 11/13/2012 8:18:01 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 11/13/2012 8:18:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 11/13/2012 8:18:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 11/13/2012 8:17:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 11/13/2012 8:17:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 11/13/2012 8:17:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 11/13/2012 8:17:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 11/13/2012 8:17:20 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf 11/13/2012 8:17:18 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8a000b50000, 0x0000000000000000, 0xfffff800033326ce, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111312-18532-01. 11/13/2012 8:17:14 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 11/13/2012 8:17:14 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 11/13/2012 8:17:14 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 11/13/2012 8:17:14 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 11/13/2012 8:17:14 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 11/13/2012 8:17:14 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 11/13/2012 8:17:14 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 11/13/2012 8:17:14 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 11/13/2012 8:17:14 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 11/13/2012 8:17:14 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 11/13/2012 5:17:54 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 11/13/2012 11:25:20 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa800514dbb0, 0x0000000000000000, 0x000000007efa8000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111312-37533-01. 11/12/2012 1:10:12 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. 11/11/2012 8:53:47 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8a00fba2000, 0x0000000000000000, 0xfffff8000331c6ce, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111112-23992-01. 11/11/2012 7:53:30 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 11/11/2012 4:50:09 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800035c063a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111112-28579-01. 11/11/2012 4:19:30 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800035be63a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111112-21262-01. 11/11/2012 4:14:46 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff8000358f63a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111112-27580-01. 11/11/2012 2:18:27 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8a00ecb5000, 0x0000000000000000, 0xfffff800032d16ce, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111112-35552-01. 11/11/2012 12:14:50 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xffffffffc0000005, 0xfffff800032cf345, 0xfffff880031cb698, 0xfffff880031caef0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111112-36207-01. 11/11/2012 11:02:54 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff8000297963a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111112-21309-01. 11/11/2012 11:00:20 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21 11/11/2012 11:00:02 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff800032c216a, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111112-21028-01. 11/11/2012 11:00:00 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6 11/11/2012 10:55:59 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800035d063a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111112-21044-01. . ==== End Of File ===========================
- November 14, 2012
- 13 replies

Sign In

kmoose

Posts

Joined

Last visited

Reputation

About kmoose

Profile Information

Tuguu S.L.U. Pop up Adware

Tuguu S.L.U. Pop up Adware

Tuguu S.L.U. Pop up Adware

Tuguu S.L.U. Pop up Adware

kmoose

MrCharlie

Stubborn svchost.exe Bug

Stubborn svchost.exe Bug

Stubborn svchost.exe Bug

Stubborn svchost.exe Bug

Stubborn svchost.exe Bug

Stubborn svchost.exe Bug

Stubborn svchost.exe Bug

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information