Jump to content

jcargill

Members
 View Profile  See their activity

  • Posts

    8

  • Joined

  • Last visited

Reputation

0 Neutral
  1. jcargill
    Thank you so much, I really appreciate all the help!!
  2. jcargill
    Looks like we're still not done. C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\hstart.exe a variant of Win32/HiddenStart.A application C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application C:\TDSSKiller_Quarantine\14.11.2012_20.38.29\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AWO trojan C:\TDSSKiller_Quarantine\14.11.2012_20.38.29\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.X trojan C:\TDSSKiller_Quarantine\14.11.2012_20.38.29\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.ID trojan C:\TDSSKiller_Quarantine\14.11.2012_20.38.29\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmarik.AC trojan C:\TDSSKiller_Quarantine\14.11.2012_20.38.29\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan C:\TDSSKiller_Quarantine\14.11.2012_20.38.29\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.Z trojan
  3. jcargill
    Hello Gringo, The computer is still doing fine, and I had no problems with your instructions. Following are the requested logs: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 4:04:01 PM, on 11/15/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files (x86)\Fitbit\fitbit-tray.exe C:\Users\Jacklyn\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\RescueTime\RescueTime.exe C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe C:\Program Files (x86)\PowerISO\PWRISOVM.EXE C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe C:\Users\Jacklyn\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" O4 - HKCU\..\Run: [Fitbit Service Monitor] C:\Program Files (x86)\Fitbit\fitbit-tray.exe O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Jacklyn\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user') O4 - Startup: EvernoteClipper.lnk = ? O4 - Global Startup: RescueTime.lnk = C:\Program Files (x86)\RescueTime\RescueTime.exe O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing) O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing) O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Fitbit Data Uploader (Fitbit) - Fitbit, Inc. - C:\Program Files (x86)\Fitbit\fitbit.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 13233 bytes --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.11.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Jacklyn :: JACKLYN-LAPTOP [administrator] 11/15/2012 2:00:13 PM mbam-log-2012-11-15 (14-00-13).txt Scan type: Full scan (C:\|D:\|E:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 559492 Time elapsed: 1 hour(s), 55 minute(s), 21 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  4. jcargill
    Gringo, I had no problems with this step, and the computer is performing just fine. ComboFix 12-11-14.01 - Jacklyn 11/15/2012 9:10.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.2199 [GMT -6:00] Running from: c:\users\Jacklyn\Desktop\ComboFix.exe Command switches used :: c:\users\Jacklyn\Desktop\CFScript.txt AV: ESET Smart Security 4.2 *Disabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1} FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} SP: ESET Smart Security 4.2 *Disabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-10-15 to 2012-11-15 ))))))))))))))))))))))))))))))) . . 2012-11-15 15:20 . 2012-11-15 15:20 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-15 02:40 . 2012-11-15 07:21 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9DFBF25B-B483-43F2-A7CD-744C10163133}\offreg.dll 2012-11-15 02:39 . 2012-11-15 02:39 -------- d-----w- C:\TDSSKiller_Quarantine 2012-11-14 09:07 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-14 09:07 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-14 09:07 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2012-11-14 09:07 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-14 09:02 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-14 09:02 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-14 09:01 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-14 09:01 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-14 09:01 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-14 09:01 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-14 09:01 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-13 12:05 . 2012-11-13 12:05 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-10-22 03:17 . 2012-11-14 21:00 -------- d-----w- c:\users\Jacklyn\AppData\Local\Spotify 2012-10-22 03:17 . 2012-11-14 21:00 -------- d-----w- c:\users\Jacklyn\AppData\Roaming\Spotify . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-14 09:02 . 2011-05-11 03:53 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-10-28 15:52 . 2012-04-24 02:11 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-28 15:52 . 2011-12-01 21:15 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-30 00:54 . 2011-05-11 01:21 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-14 19:19 . 2012-10-09 22:40 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-09 22:40 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-08-31 18:19 . 2012-10-09 22:41 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-30 18:03 . 2012-10-09 22:41 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-09 22:41 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-09 22:41 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-08-24 18:05 . 2012-10-09 22:41 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-08-24 18:05 . 2012-09-22 15:34 1188864 ----a-w- c:\windows\system32\wininet.dll 2012-08-24 18:05 . 2012-09-22 15:34 1494528 ----a-w- c:\windows\system32\urlmon.dll 2012-08-24 18:05 . 2012-09-22 15:34 134144 ----a-w- c:\windows\system32\url.dll 2012-08-24 18:03 . 2012-09-22 15:34 9056256 ----a-w- c:\windows\system32\mshtml.dll 2012-08-24 18:03 . 2012-09-22 15:34 97792 ----a-w- c:\windows\system32\mshtmled.dll 2012-08-24 18:03 . 2012-09-22 15:34 735744 ----a-w- c:\windows\system32\msfeeds.dll 2012-08-24 18:03 . 2012-09-22 15:34 64512 ----a-w- c:\windows\system32\jsproxy.dll 2012-08-24 18:02 . 2012-09-22 15:34 247808 ----a-w- c:\windows\system32\ieui.dll 2012-08-24 18:02 . 2012-09-22 15:34 12295680 ----a-w- c:\windows\system32\ieframe.dll 2012-08-24 18:02 . 2012-09-22 15:34 2453504 ----a-w- c:\windows\system32\iertutil.dll 2012-08-24 16:57 . 2012-10-09 22:41 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-08-24 16:57 . 2012-09-22 15:34 981504 ----a-w- c:\windows\SysWow64\wininet.dll 2012-08-24 15:59 . 2012-09-22 15:34 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-24 15:20 . 2012-09-22 15:34 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-08-22 18:12 . 2012-09-12 03:26 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-08-22 18:12 . 2012-09-12 03:26 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 18:12 . 2012-09-12 03:26 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-21 21:01 . 2012-09-25 21:18 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-08-21 18:01 . 2012-09-24 04:17 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-08-21 18:01 . 2009-12-25 21:59 125872 ----a-w- c:\windows\system32\GEARAspi64.dll 2012-08-21 18:01 . 2009-12-25 21:59 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll 2012-08-20 18:48 . 2012-10-09 22:41 243200 ----a-w- c:\windows\system32\wow64.dll 2012-08-20 18:48 . 2012-10-09 22:41 362496 ----a-w- c:\windows\system32\wow64win.dll 2012-08-20 18:48 . 2012-10-09 22:41 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2012-08-20 18:48 . 2012-10-09 22:41 215040 ----a-w- c:\windows\system32\winsrv.dll 2012-08-20 18:48 . 2012-10-09 22:41 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2012-08-20 18:48 . 2012-10-09 22:41 424448 ----a-w- c:\windows\system32\KernelBase.dll 2012-08-20 18:48 . 2012-10-09 22:41 1162240 ----a-w- c:\windows\system32\kernel32.dll 2012-08-20 18:46 . 2012-10-09 22:41 338432 ----a-w- c:\windows\system32\conhost.exe 2012-08-20 18:38 . 2012-10-09 22:41 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2012-08-20 18:38 . 2012-10-09 22:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2012-08-20 18:38 . 2012-10-09 22:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2012-08-20 18:38 . 2012-10-09 22:41 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 18:38 . 2012-10-09 22:41 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2012-08-20 18:38 . 2012-10-09 22:41 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2012-08-20 18:38 . 2012-10-09 22:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2012-08-20 18:38 . 2012-10-09 22:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 18:38 . 2012-10-09 22:41 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-08-20 18:38 . 2012-10-09 22:41 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2012-08-20 18:38 . 2012-10-09 22:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-08-20 18:38 . 2012-10-09 22:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2012-08-20 18:38 . 2012-10-09 22:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2012-08-20 18:38 . 2012-10-09 22:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2012-08-20 18:38 . 2012-10-09 22:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2012-08-20 18:38 . 2012-10-09 22:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2012-08-20 18:38 . 2012-10-09 22:41 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2012-08-20 18:38 . 2012-10-09 22:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2012-08-20 18:38 . 2012-10-09 22:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2012-08-20 18:38 . 2012-10-09 22:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2012-08-20 18:38 . 2012-10-09 22:41 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2012-08-20 18:38 . 2012-10-09 22:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2012-08-20 18:38 . 2012-10-09 22:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2012-08-20 18:38 . 2012-10-09 22:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2012-08-20 18:38 . 2012-10-09 22:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2012-08-20 18:38 . 2012-10-09 22:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2012-08-20 18:38 . 2012-10-09 22:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2012-08-20 18:38 . 2012-10-09 22:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2012-08-20 17:40 . 2012-10-09 22:41 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2012-08-20 17:38 . 2012-10-09 22:41 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-08-20 17:38 . 2012-10-09 22:41 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2012-08-20 17:37 . 2012-10-09 22:41 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2012-08-20 17:37 . 2012-10-09 22:41 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll 2012-08-20 17:32 . 2012-10-09 22:41 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll 2012-08-20 17:32 . 2012-10-09 22:41 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll 2012-08-20 17:32 . 2012-10-09 22:41 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll 2012-08-20 17:32 . 2012-10-09 22:41 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll 2012-08-20 17:32 . 2012-10-09 22:41 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll 2012-08-20 17:32 . 2012-10-09 22:41 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll 2012-08-20 17:32 . 2012-10-09 22:41 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll 2012-08-20 17:32 . 2012-10-09 22:41 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll 2012-08-20 17:32 . 2012-10-09 22:41 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll 2012-08-20 17:32 . 2012-10-09 22:41 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll 2012-08-20 17:32 . 2012-10-09 22:41 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll 2012-08-20 17:32 . 2012-10-09 22:41 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll 2012-08-20 17:32 . 2012-10-09 22:41 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll 2012-08-20 17:32 . 2012-10-09 22:41 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-08-20 17:32 . 2012-10-09 22:41 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll 2012-08-20 17:32 . 2012-10-09 22:41 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll 2012-08-20 17:32 . 2012-10-09 22:41 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll 2012-08-20 17:32 . 2012-10-09 22:41 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll 2012-08-20 17:32 . 2012-10-09 22:41 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll 2012-08-20 17:32 . 2012-10-09 22:41 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll 2012-08-20 17:32 . 2012-10-09 22:41 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll 2012-08-20 17:32 . 2012-10-09 22:41 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll 2012-08-20 17:32 . 2012-10-09 22:41 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll 2012-08-20 17:32 . 2012-10-09 22:41 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll 2012-08-20 15:38 . 2012-10-09 22:41 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2012-08-20 15:38 . 2012-10-09 22:41 2048 ----a-w- c:\windows\SysWow64\user.exe 2012-08-20 15:33 . 2012-10-09 22:41 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}] 2012-06-11 21:22 1307728 ----a-w- c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Fitbit Service Monitor"="c:\program files (x86)\Fitbit\fitbit-tray.exe" [2012-04-11 2177056] "Spotify Web Helper"="c:\users\Jacklyn\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-28 1199576] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744] "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064] "DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2010-02-18 177472] "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-11 559616] . c:\users\Jacklyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ EvernoteClipper.lnk - [N/A] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] RescueTime.lnk - c:\program files (x86)\RescueTime\RescueTime.exe [2012-7-6 2727936] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv . R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 clr_optimization_v4.0.20506_32;.NET Runtime Optimization Service v4.0.20506_X86;c:\windows\Microsoft.NET\Framework\v4.0.20506\mscorsvw.exe [2009-05-06 104272] R3 clr_optimization_v4.0.20506_64;.NET Runtime Optimization Service v4.0.20506_X64;c:\windows\Microsoft.NET\Framework64\v4.0.20506\mscorsvw.exe [2009-05-06 122192] R3 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-12-21 170640] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [2012-04-02 26856] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-05 1255736] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128] R4 msvsmon100;Visual Studio 10 Remote Debugger;c:\program files\Microsoft Visual Studio 10.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [2009-05-06 5013840] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-10 369688] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-12-21 141264] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648] S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-01-12 810144] S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-12-21 50624] S2 Fitbit;Fitbit Data Uploader;c:\program files (x86)\Fitbit\fitbit.exe [2012-04-11 770080] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.exe [2011-01-13 705856] S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928] S3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [2009-05-14 5435904] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-05-08 215552] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-05-20 393728] . . Contents of the 'Scheduled Tasks' folder . 2012-11-15 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 15:52] . 2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-11 18:49] . 2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-11 18:49] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2918656] "MRT"="c:\windows\system32\MRT.exe" [2012-11-14 66395536] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 208.180.42.68 208.180.42.100 FF - ProfilePath - c:\users\Jacklyn\AppData\Roaming\Mozilla\Firefox\Profiles\3dpxxwta.default\ . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) SafeBoot-28100868.sys AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-FITBIT&10C4&84C4 - c:\program files (x86)\Fitbit\Base Station\DriverUninstaller.exe USBXpress\FITBIT&10C4&84C4 . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}] @Denied: (A 2) (Everyone) @="IFlashBroker2" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-11-15 09:23:24 ComboFix-quarantined-files.txt 2012-11-15 15:23 ComboFix2.txt 2012-11-14 20:29 . Pre-Run: 321,861,308,416 bytes free Post-Run: 321,679,147,008 bytes free . - - End Of File - - 6084FDF7D2650750F122E71442F91306
  5. jcargill
    Thanks, Gringo! I followed your instructions, but, while aswMBR was running its scan, the Blue Screen of Death made an appearance. I started the scan again as soon as the computer had rebooted. Reports below: 20:40:41.0867 3812 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 20:40:42.0536 3812 ============================================================ 20:40:42.0536 3812 Current date / time: 2012/11/14 20:40:42.0536 20:40:42.0536 3812 SystemInfo: 20:40:42.0536 3812 20:40:42.0536 3812 OS Version: 6.1.7601 ServicePack: 1.0 20:40:42.0536 3812 Product type: Workstation 20:40:42.0536 3812 ComputerName: JACKLYN-LAPTOP 20:40:42.0536 3812 UserName: Jacklyn 20:40:42.0536 3812 Windows directory: C:\Windows 20:40:42.0536 3812 System windows directory: C:\Windows 20:40:42.0536 3812 Running under WOW64 20:40:42.0536 3812 Processor architecture: Intel x64 20:40:42.0536 3812 Number of processors: 2 20:40:42.0536 3812 Page size: 0x1000 20:40:42.0536 3812 Boot type: Normal boot 20:40:42.0536 3812 ============================================================ 20:40:42.0918 3812 BG loaded 20:40:43.0876 3812 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 20:40:43.0883 3812 ============================================================ 20:40:43.0883 3812 \Device\Harddisk0\DR0: 20:40:43.0885 3812 MBR partitions: 20:40:43.0885 3812 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x95800, BlocksNum 0x25C0000 20:40:43.0885 3812 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2655800, BlocksNum 0x37D30030 20:40:43.0885 3812 ============================================================ 20:40:44.0041 3812 C: <-> \Device\Harddisk0\DR0\Partition2 20:40:44.0041 3812 ============================================================ 20:40:44.0041 3812 Initialize success 20:40:44.0041 3812 ============================================================ ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software Run date: 2012-11-14 20:55:27 ----------------------------- 20:55:27.665 OS Version: Windows x64 6.1.7601 Service Pack 1 20:55:27.665 Number of processors: 2 586 0x170A 20:55:27.666 ComputerName: JACKLYN-LAPTOP UserName: Jacklyn 20:55:30.988 Initialize success 20:55:41.305 AVAST engine defs: 12111401 20:55:45.515 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 20:55:45.520 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3 20:55:45.551 Disk 0 MBR read successfully 20:55:45.557 Disk 0 MBR scan 20:55:45.565 Disk 0 Windows 7 default MBR code 20:55:45.576 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 298 MB offset 63 20:55:45.609 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 19328 MB offset 612352 20:55:45.658 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 457312 MB offset 40196096 20:55:45.698 Disk 0 scanning C:\Windows\system32\drivers 20:56:06.061 Service scanning 20:56:41.424 Modules scanning 20:56:41.441 Disk 0 trace - called modules: 20:56:41.471 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys 20:56:41.477 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80045634f0] 20:56:41.485 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800408e050] 20:56:43.349 AVAST engine scan C:\Windows 20:56:48.319 AVAST engine scan C:\Windows\system32 21:03:07.684 AVAST engine scan C:\Windows\system32\drivers 21:03:30.161 AVAST engine scan C:\Users\Jacklyn 21:31:28.149 AVAST engine scan C:\ProgramData 22:31:18.630 Scan finished successfully 01:12:00.910 Disk 0 MBR has been saved successfully to "C:\Users\Jacklyn\Desktop\MBR.dat" 01:12:00.921 The log file has been saved successfully to "C:\Users\Jacklyn\Desktop\aswMBR.txt" aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software Run date: 2012-11-14 20:55:27 ----------------------------- 20:55:27.665 OS Version: Windows x64 6.1.7601 Service Pack 1 20:55:27.665 Number of processors: 2 586 0x170A 20:55:27.666 ComputerName: JACKLYN-LAPTOP UserName: Jacklyn 20:55:30.988 Initialize success 20:55:41.305 AVAST engine defs: 12111401 20:55:45.515 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 20:55:45.520 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3 20:55:45.551 Disk 0 MBR read successfully 20:55:45.557 Disk 0 MBR scan 20:55:45.565 Disk 0 Windows 7 default MBR code 20:55:45.576 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 298 MB offset 63 20:55:45.609 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 19328 MB offset 612352 20:55:45.658 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 457312 MB offset 40196096 20:55:45.698 Disk 0 scanning C:\Windows\system32\drivers 20:56:06.061 Service scanning 20:56:41.424 Modules scanning 20:56:41.441 Disk 0 trace - called modules: 20:56:41.471 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys 20:56:41.477 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80045634f0] 20:56:41.485 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800408e050] 20:56:43.349 AVAST engine scan C:\Windows 20:56:48.319 AVAST engine scan C:\Windows\system32 21:03:07.684 AVAST engine scan C:\Windows\system32\drivers 21:03:30.161 AVAST engine scan C:\Users\Jacklyn 21:31:28.149 AVAST engine scan C:\ProgramData 22:31:18.630 Scan finished successfully 01:12:00.910 Disk 0 MBR has been saved successfully to "C:\Users\Jacklyn\Desktop\MBR.dat" 01:12:00.921 The log file has been saved successfully to "C:\Users\Jacklyn\Desktop\aswMBR.txt" 01:12:11.848 Disk 0 MBR has been saved successfully to "C:\Users\Jacklyn\Desktop\MBR.dat" 01:12:11.855 The log file has been saved successfully to "C:\Users\Jacklyn\Desktop\aswMBR.txt" Again, thank you for your assistance!
  6. jcargill
    The computer has been working fine from the beginning. The two trojans were found during a routine scan, but it's been asymptomatic throughout. Unfortunately, Malwarebytes still shows the two trojans. I had some difficulty closing ESET, and I'm not 100% sure that it closed properly. I followed the instructions you provided, but ComboFix still read it as open (despite double- and triple-checking that I had followed the instructions correctly). Following is the report from ComboFix: ComboFix 12-11-14.01 - Jacklyn 11/14/2012 14:06:00.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.2252 [GMT -6:00] Running from: c:\users\Jacklyn\Desktop\ComboFix.exe AV: ESET Smart Security 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} SP: ESET Smart Security 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\122b86b38ebief1g4ggy8m c:\users\Jacklyn\AppData\Roaming\Mozilla\Firefox\Profiles\3dpxxwta.default\extensions\{8372a3f0-cc4e-43cb-a718-042e7a05e608} c:\users\Jacklyn\AppData\Roaming\Mozilla\Firefox\Profiles\3dpxxwta.default\extensions\{8372a3f0-cc4e-43cb-a718-042e7a05e608}\chrome\xulcache.jar c:\users\Jacklyn\AppData\Roaming\Mozilla\Firefox\Profiles\3dpxxwta.default\extensions\{8372a3f0-cc4e-43cb-a718-042e7a05e608}\defaults\preferences\xulcache.js c:\users\Jacklyn\AppData\Roaming\Mozilla\Firefox\Profiles\3dpxxwta.default\extensions\{8372a3f0-cc4e-43cb-a718-042e7a05e608}\install.rdf c:\windows\svchost.exe c:\windows\SysWow64\URTTemp c:\windows\SysWow64\URTTemp\regtlib.exe . . ((((((((((((((((((((((((( Files Created from 2012-10-14 to 2012-11-14 ))))))))))))))))))))))))))))))) . . 2012-11-14 09:07 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-14 09:07 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-14 09:07 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2012-11-14 09:07 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-14 09:02 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-14 09:02 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-14 09:01 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-14 09:01 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-14 09:01 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-14 09:01 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-14 09:01 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-13 12:05 . 2012-11-13 12:05 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-11-12 01:25 . 2009-07-14 01:14 20480 ----a-w- c:\windows\svchost.exe 2012-10-22 03:17 . 2012-11-14 18:43 -------- d-----w- c:\users\Jacklyn\AppData\Local\Spotify 2012-10-22 03:17 . 2012-11-14 18:43 -------- d-----w- c:\users\Jacklyn\AppData\Roaming\Spotify . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-14 09:02 . 2011-05-11 03:53 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-10-28 15:52 . 2012-04-24 02:11 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-28 15:52 . 2011-12-01 21:15 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-30 00:54 . 2011-05-11 01:21 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-14 19:19 . 2012-10-09 22:40 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-09 22:40 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-08-31 18:19 . 2012-10-09 22:41 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-30 18:03 . 2012-10-09 22:41 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-09 22:41 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-09 22:41 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-08-24 18:05 . 2012-10-09 22:41 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-08-24 18:05 . 2012-09-22 15:34 1188864 ----a-w- c:\windows\system32\wininet.dll 2012-08-24 18:05 . 2012-09-22 15:34 1494528 ----a-w- c:\windows\system32\urlmon.dll 2012-08-24 18:05 . 2012-09-22 15:34 134144 ----a-w- c:\windows\system32\url.dll 2012-08-24 18:03 . 2012-09-22 15:34 9056256 ----a-w- c:\windows\system32\mshtml.dll 2012-08-24 18:03 . 2012-09-22 15:34 97792 ----a-w- c:\windows\system32\mshtmled.dll 2012-08-24 18:03 . 2012-09-22 15:34 735744 ----a-w- c:\windows\system32\msfeeds.dll 2012-08-24 18:03 . 2012-09-22 15:34 64512 ----a-w- c:\windows\system32\jsproxy.dll 2012-08-24 18:02 . 2012-09-22 15:34 247808 ----a-w- c:\windows\system32\ieui.dll 2012-08-24 18:02 . 2012-09-22 15:34 12295680 ----a-w- c:\windows\system32\ieframe.dll 2012-08-24 18:02 . 2012-09-22 15:34 2453504 ----a-w- c:\windows\system32\iertutil.dll 2012-08-24 16:57 . 2012-10-09 22:41 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-08-24 16:57 . 2012-09-22 15:34 981504 ----a-w- c:\windows\SysWow64\wininet.dll 2012-08-24 15:59 . 2012-09-22 15:34 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-24 15:20 . 2012-09-22 15:34 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-08-22 18:12 . 2012-09-12 03:26 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-08-22 18:12 . 2012-09-12 03:26 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 18:12 . 2012-09-12 03:26 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-21 21:01 . 2012-09-25 21:18 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-08-21 18:01 . 2012-09-24 04:17 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-08-21 18:01 . 2009-12-25 21:59 125872 ----a-w- c:\windows\system32\GEARAspi64.dll 2012-08-21 18:01 . 2009-12-25 21:59 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll 2012-08-20 18:48 . 2012-10-09 22:41 243200 ----a-w- c:\windows\system32\wow64.dll 2012-08-20 18:48 . 2012-10-09 22:41 362496 ----a-w- c:\windows\system32\wow64win.dll 2012-08-20 18:48 . 2012-10-09 22:41 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2012-08-20 18:48 . 2012-10-09 22:41 215040 ----a-w- c:\windows\system32\winsrv.dll 2012-08-20 18:48 . 2012-10-09 22:41 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2012-08-20 18:48 . 2012-10-09 22:41 424448 ----a-w- c:\windows\system32\KernelBase.dll 2012-08-20 18:48 . 2012-10-09 22:41 1162240 ----a-w- c:\windows\system32\kernel32.dll 2012-08-20 18:46 . 2012-10-09 22:41 338432 ----a-w- c:\windows\system32\conhost.exe 2012-08-20 18:38 . 2012-10-09 22:41 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2012-08-20 18:38 . 2012-10-09 22:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2012-08-20 18:38 . 2012-10-09 22:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2012-08-20 18:38 . 2012-10-09 22:41 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 18:38 . 2012-10-09 22:41 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2012-08-20 18:38 . 2012-10-09 22:41 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2012-08-20 18:38 . 2012-10-09 22:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2012-08-20 18:38 . 2012-10-09 22:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 18:38 . 2012-10-09 22:41 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-08-20 18:38 . 2012-10-09 22:41 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2012-08-20 18:38 . 2012-10-09 22:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-08-20 18:38 . 2012-10-09 22:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2012-08-20 18:38 . 2012-10-09 22:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2012-08-20 18:38 . 2012-10-09 22:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2012-08-20 18:38 . 2012-10-09 22:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2012-08-20 18:38 . 2012-10-09 22:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2012-08-20 18:38 . 2012-10-09 22:41 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2012-08-20 18:38 . 2012-10-09 22:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2012-08-20 18:38 . 2012-10-09 22:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2012-08-20 18:38 . 2012-10-09 22:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2012-08-20 18:38 . 2012-10-09 22:41 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2012-08-20 18:38 . 2012-10-09 22:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2012-08-20 18:38 . 2012-10-09 22:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2012-08-20 18:38 . 2012-10-09 22:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2012-08-20 18:38 . 2012-10-09 22:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2012-08-20 18:38 . 2012-10-09 22:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2012-08-20 18:38 . 2012-10-09 22:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2012-08-20 18:38 . 2012-10-09 22:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2012-08-20 17:40 . 2012-10-09 22:41 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2012-08-20 17:38 . 2012-10-09 22:41 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-08-20 17:38 . 2012-10-09 22:41 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2012-08-20 17:37 . 2012-10-09 22:41 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2012-08-20 17:37 . 2012-10-09 22:41 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll 2012-08-20 17:32 . 2012-10-09 22:41 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll 2012-08-20 17:32 . 2012-10-09 22:41 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll 2012-08-20 17:32 . 2012-10-09 22:41 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll 2012-08-20 17:32 . 2012-10-09 22:41 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll 2012-08-20 17:32 . 2012-10-09 22:41 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll 2012-08-20 17:32 . 2012-10-09 22:41 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll 2012-08-20 17:32 . 2012-10-09 22:41 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll 2012-08-20 17:32 . 2012-10-09 22:41 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll 2012-08-20 17:32 . 2012-10-09 22:41 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll 2012-08-20 17:32 . 2012-10-09 22:41 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll 2012-08-20 17:32 . 2012-10-09 22:41 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll 2012-08-20 17:32 . 2012-10-09 22:41 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll 2012-08-20 17:32 . 2012-10-09 22:41 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll 2012-08-20 17:32 . 2012-10-09 22:41 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-08-20 17:32 . 2012-10-09 22:41 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll 2012-08-20 17:32 . 2012-10-09 22:41 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll 2012-08-20 17:32 . 2012-10-09 22:41 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll 2012-08-20 17:32 . 2012-10-09 22:41 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll 2012-08-20 17:32 . 2012-10-09 22:41 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll 2012-08-20 17:32 . 2012-10-09 22:41 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll 2012-08-20 17:32 . 2012-10-09 22:41 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll 2012-08-20 17:32 . 2012-10-09 22:41 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll 2012-08-20 17:32 . 2012-10-09 22:41 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll 2012-08-20 17:32 . 2012-10-09 22:41 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll 2012-08-20 15:38 . 2012-10-09 22:41 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2012-08-20 15:38 . 2012-10-09 22:41 2048 ----a-w- c:\windows\SysWow64\user.exe 2012-08-20 15:33 . 2012-10-09 22:41 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}] 2012-06-11 21:22 1307728 ----a-w- c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Fitbit Service Monitor"="c:\program files (x86)\Fitbit\fitbit-tray.exe" [2012-04-11 2177056] "Spotify"="c:\users\Jacklyn\AppData\Roaming\Spotify\Spotify.exe" [2012-10-28 7880664] "Spotify Web Helper"="c:\users\Jacklyn\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-28 1199576] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744] "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064] "DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2010-02-18 177472] "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-11 559616] . c:\users\Jacklyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ EvernoteClipper.lnk - [N/A] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] RescueTime.lnk - c:\program files (x86)\RescueTime\RescueTime.exe [2012-7-6 2727936] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv . R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208] R3 clr_optimization_v4.0.20506_32;.NET Runtime Optimization Service v4.0.20506_X86;c:\windows\Microsoft.NET\Framework\v4.0.20506\mscorsvw.exe [2009-05-06 104272] R3 clr_optimization_v4.0.20506_64;.NET Runtime Optimization Service v4.0.20506_X64;c:\windows\Microsoft.NET\Framework64\v4.0.20506\mscorsvw.exe [2009-05-06 122192] R3 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-12-21 170640] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [2012-04-02 26856] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-05 1255736] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128] R4 msvsmon100;Visual Studio 10 Remote Debugger;c:\program files\Microsoft Visual Studio 10.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [2009-05-06 5013840] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-10 369688] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-12-21 141264] S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648] S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-01-12 810144] S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-12-21 50624] S2 Fitbit;Fitbit Data Uploader;c:\program files (x86)\Fitbit\fitbit.exe [2012-04-11 770080] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.exe [2011-01-13 705856] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928] S3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [2009-05-14 5435904] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-05-08 215552] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-05-20 393728] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-11-14 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 15:52] . 2012-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-11 18:49] . 2012-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-11 18:49] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2918656] "MRT"="c:\windows\system32\MRT.exe" [2012-11-14 66395536] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 208.180.42.68 208.180.42.100 FF - ProfilePath - c:\users\Jacklyn\AppData\Roaming\Mozilla\Firefox\Profiles\3dpxxwta.default\ . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) SafeBoot-MCODS Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-FITBIT&10C4&84C4 - c:\program files (x86)\Fitbit\Base Station\DriverUninstaller.exe USBXpress\FITBIT&10C4&84C4 . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}] @Denied: (A 2) (Everyone) @="IFlashBroker2" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files (x86)\Dell DataSafe Local Backup\Toaster.exe c:\\.\globalroot\systemroot\svchost.exe c:\\.\globalroot\systemroot\svchost.exe c:\\.\globalroot\systemroot\svchost.exe c:\\.\globalroot\systemroot\svchost.exe c:\\.\globalroot\systemroot\svchost.exe c:\\.\globalroot\systemroot\svchost.exe c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe . ************************************************************************** . Completion time: 2012-11-14 14:29:23 - machine was rebooted ComboFix-quarantined-files.txt 2012-11-14 20:29 . Pre-Run: 319,866,875,904 bytes free Post-Run: 324,323,012,608 bytes free . - - End Of File - - 1A08DC393277242C33E1BC7917AC37AE
  7. jcargill
    Following are the reports you requested. Thank you very much for your assistance! RogueKiller V8.2.3 [11/07/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/4 13-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Jacklyn [Admin rights] Mode : Remove -- Date : 11/14/2012 12:46:41 ¤¤¤ Bad processes : 1 ¤¤¤ [sVCHOST] svchost.exe -- \\.\globalroot \systemroot\svchost.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 6 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : WindowsTrayProfile (rundll32.exe "C: \ProgramData \WindowsTrayProfile.dll",DllRegisterServer) -> DELETED [TASK][sUSP PATH] winupd : C:\Users \Jacklyn\AppData\Local\Temp:winupd.exe -> DELETED [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8- 08002B30309D} (1) -> REPLACED (0) [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8- 08002B30309D} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8- 08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : Root.MBR ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD5000BEVT-75ZAT0 +++++ --- User --- [MBR] a3c2745bcb0f17de2b125b5cf467b36b [bSP] 9b3acc45867630ac3f6291154c4bc36d : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 298 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 612352 | Size: 19328 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 40196096 | Size: 457312 Mo User != LL1 ... KO! --- LL1 --- [MBR] c61052dc9f93372fc06fbbf2a45930a3 [bSP] 3b41dc44e40dc7d2243e3db9b609b8db : PiHar MBR Code! Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 298 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 612352 | Size: 19328 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 40196096 | Size: 457312 Mo User != LL2 ... KO! --- LL2 --- [MBR] c61052dc9f93372fc06fbbf2a45930a3 [bSP] 3b41dc44e40dc7d2243e3db9b609b8db : PiHar MBR Code! Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 298 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 612352 | Size: 19328 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 40196096 | Size: 457312 Mo Finished : << RKreport[2] _D_11142012_02d1246.txt >> RKreport[1]_S_11142012_02d1246.txt ; RKreport[2]_D_11142012_02d1246.txt ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Results of screen317's Security Check version 0.99.54 Windows 7 Service Pack 1 x64 (UAC is enabled) ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! ESET Smart Security 4.2 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.1.1000 Java 6 Update 24 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 11.4.402.287 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (16.0.2) ````````Process Check: objlist.exe by Laurent```````` ESET NOD32 Antivirus egui.exe ESET NOD32 Antivirus ekrn.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` ------------------------------------------------------------------------------------------------------------------------------------------------------------ # AdwCleaner v2.007 - Logfile created 11/14/2012 at 12:40:50 # Updated 06/11/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Jacklyn - JACKLYN-LAPTOP # Boot Mode : Normal # Running from : C:\Users\Jacklyn\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.7601.17514 [OK] Registry is clean. -\\ Mozilla Firefox v16.0.2 (en-US) Profile name : default File : C:\Users\Jacklyn\AppData\Roaming\Mozilla\Firefox\Profiles\3dpxxwta.default\prefs.js C:\Users\Jacklyn\AppData\Roaming\Mozilla\Firefox\Profiles\3dpxxwta.default\user.js ... Deleted ! [OK] File is clean. ************************* AdwCleaner[s1].txt - [806 octets] - [14/11/2012 12:40:50] ########## EOF - C:\AdwCleaner[s1].txt - [865 octets] ##########
  8. jcargill
    I ran a (long-overdue) scan on my laptop and found two trojans: Trojan.Agent File C:\WINDOWS\svchost.exe Trojan.Agent Memory Process C:\WINDOWS\svchost.exe 4024 Attached are my files from running, as recommended (here: I'm infected - What do I do now?) the dds.scr Thank you for your assistance! attach.txt dds.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.