Jump to content

camarograna2

Honorary Members
  • Posts

    35
  • Joined

  • Last visited

Reputation

0 Neutral
  1. My PC keeps running slow and ran malwarebytes scan. I quarantined this thing like 4 times already and it keeps coming back. Help Addition.txt FRST.txt
  2. much better already thanks. I had tried the normal uninstall before and didnt work so glad that this made it install properly.
  3. no worries on the delay as the help is always appreciated. 0816 log.txt
  4. Computer has been acting weird today. Not being able to launch malwarebytes. Tried uninstalling software and installing but receive internal error: Expression error "Runtime Error (at 79:177): External Exception EOD6D7363"Addition.txtFRST.txt
  5. TwinHeadedEagle. please find the zoek-results logfile zoek-results.txt Zoek.exe v5.0.0.0 Updated 29-07-2014 Tool run by Cesar on Wed 07/30/2014 at 14:32:35.70. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Cesar\Desktop\zoek.exe [scan all users] [script inserted] ==== System Restore Info ====================== 7/30/2014 2:34:37 PM Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-521779877-2123867905-2105020738-1001\Software\Microsoft\Internet Explorer\SearchScopes\{F3762D1C-C78E-4D4C-AC80-B1D42F610475} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted C:\Users\Cesar\Searches deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\Users\Cesar\Desktop\4K Video Downloader.lnk deleted ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor" [07/27/2014 09:25 PM] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "{e4f94d1e-2f53-401e-8885-681602c0ddd8}"="C:\ProgramData\McAfee Security Scan\Extensions \{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi" [04/04/2014 05:36 AM] ==== Firefox Extensions ====================== AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Cesar\AppData\Roaming\Mozilla\Firefox\Profiles\m93195py.default- 1406725745870 4390CCD3790F8D9C427C0C29590C62D7 - C:\Windows\SysWOW64\Macromed\Flash \NPSWF32_14_0_0_145.dll - Shockwave Flash DCB0BCEF594E2C410793C4A823C318F3 - C:\Windows\SysWOW64\Adobe\Director \np32dsw_1213153.dll - Shockwave for Director / Shockwave for Director ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions fheoggkfdfchfphceeifdbepaooicaho - No path found[] SiteAdvisor - Ana\AppData\Local\Google\Chrome\User Data\Default\Extensions \fheoggkfdfchfphceeifdbepaooicaho Google Voice Search Hotword (Beta) - Cesar\AppData\Local\Google\Chrome\User Data\Default \Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn SiteAdvisor - Cesar\AppData\Local\Google\Chrome\User Data\Default\Extensions \fheoggkfdfchfphceeifdbepaooicaho Google Voice Search Hotword (Beta) - Jeanette\AppData\Local\Google\Chrome\User Data \Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn SiteAdvisor - jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions \fheoggkfdfchfphceeifdbepaooicaho ==== Chrome Fix ====================== C:\Users\Ana\AppData\Local\Google\Chrome\User Data\Default\Extensions \fheoggkfdfchfphceeifdbepaooicaho deleted successfully C:\Users\Cesar\AppData\Local\Google\Chrome\User Data\Default\Extensions \fheoggkfdfchfphceeifdbepaooicaho deleted successfully C:\Users\jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions \fheoggkfdfchfphceeifdbepaooicaho deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q= {searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q= {searchTerms}&src=IE-SearchBox&FORM=IE11SR" ==== Reset Google Chrome ====================== C:\Users\Ana\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully C:\Users\Cesar\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Jeanette\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully C:\Users\jessica\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully C:\Users\Ana\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\Cesar\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\Jeanette\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\jessica\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions \fheoggkfdfchfphceeifdbepaooicaho deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Ana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Ana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Ana\AppData\Local\temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Cesar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Cesar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Jeanette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Jeanette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Ana\AppData\Local\Mozilla\Firefox\Profiles\d7xwyxe5.default\Cache emptied successfully C:\Users\Cesar\AppData\Local\Mozilla\Firefox\Profiles\m93195py.default-1406725745870\Cache emptied successfully C:\Users\Jeanette\AppData\Local\Mozilla\Firefox\Profiles\485bcbhx.default\Cache emptied successfully C:\Users\jessica\AppData\Local\Mozilla\Firefox\Profiles\rdg7ogdk.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Ana\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Cesar\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Jeanette\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\jessica\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=81 folders=11 295619 bytes) ==== Empty Temp Folders ====================== C:\Users\Ana\AppData\Local\temp emptied successfully C:\Users\Cesar\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\temp emptied successfully C:\Users\Default User\AppData\Local\temp emptied successfully C:\Users\Jeanette\AppData\Local\temp emptied successfully C:\Users\jessica\AppData\Local\temp emptied successfully C:\Users\Public\AppData\Local\temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Cesar\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on Wed 07/30/2014 at 14:55:39.27 ======================
  6. TwinHeadedEagle. please find the updated logs FRST new log 1.txtAdwCleanerS1.txt
  7. hello TwinHeadedEagle. thanks for the help. Attached is the log scan.txt
  8. As titled states PUP.Optional.Trovi.A keeps coming back even after i select quarantine all after malwarebytes is run. Logs attached Addition.txt FRST.txt
  9. Here you go Gringo C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\hstart.exe a variant of Win32/HiddenStart.A application C:\Program Files (x86)\WhiteSmoke\Registration.exe probably a variant of Win32/WhiteSmoke application C:\Program Files (x86)\WhiteSmoke\html\english\dictClientDic\index.html HTML/WhiteSmoke application C:\Users\Ana\AppData\LocalLow\WhiteSmoke\html\english\dictClientDic\index.html HTML/WhiteSmoke application
  10. Good day/evening/night Gringo_pr Computer running good. The ony coment i have to say is that when i put my computer to sleep and wake back up the next day it runs real slow. As soon as i restart it, its fine and fast. Important to note that i did not remove WhiteSmoke. This is a valid paid licensed software which purpose is to correct grammar. My wife uses it allot and they dont allow to unistall/reinstall it reusing same serial key (sucks i know) Here are the logs you requested Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.02.15.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Ana :: ANA-PC [administrator] 2/14/2013 7:52:47 PM mbam-log-2013-02-14 (19-52-47).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 240900 Time elapsed: 3 minute(s), 21 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:05:53 PM, on 2/14/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16464) Boot mode: Normal Running processes: C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Secunia\PSI\psi_tray.exe C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Ana\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file) O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120320125118.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing) O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll O4 - HKLM\..\Run: [Panda Security URL Filtering] "C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKUS\S-1-5-18\..\RunOnce: [panda2_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda2_0dn" /f (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [panda2_0dn_XP] reg.exe delete "HKCU\Software\panda2_0dn" /f (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [panda4_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_0dn" /f (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [panda4_0dn_XP] reg.exe delete "HKCU\Software\panda4_0dn" /f (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [panda2_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda2_0dn" /f (User 'Default user') O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user') O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - (no file) O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TurboBoost - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 14992 bytes
  11. ok so havent noticed the computer acting up for the last 2 days so everything seems to be running better. here is the log from combofix based on the script u gave me ComboFix 13-02-07.02 - Ana 02/09/2013 22:43:45.2.4 - x64 Running from: c:\users\Ana\Desktop\ComboFix.exe Command switches used :: c:\users\Ana\Desktop\CFScript.txt . . ((((((((((((((((((((((((( Files Created from 2013-01-10 to 2013-02-10 ))))))))))))))))))))))))))))))) . . 2013-02-10 05:20 . 2013-02-10 05:20 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-02-10 05:20 . 2013-02-10 05:20 -------- d-----w- c:\users\Cesar\AppData\Local\temp 2013-02-09 18:39 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9A1BDB63-768D-48A3-BA97-835AB6A0B0EC}\mpengine.dll 2013-02-09 18:28 . 2012-11-07 15:00 58360 ----a-w- c:\windows\system32\drivers\PSKMAD.sys 2013-02-08 14:44 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-01-19 02:36 . 2013-01-19 02:36 -------- d-----w- c:\users\Cesar\AppData\Local\Programs 2013-01-19 02:27 . 2013-01-19 02:27 191984 ----a-w- c:\windows\system32\javaws.exe 2013-01-19 02:27 . 2013-01-19 02:27 172528 ----a-w- c:\windows\system32\javaw.exe 2013-01-19 02:27 . 2013-01-19 02:27 172528 ----a-w- c:\windows\system32\java.exe 2013-01-19 02:25 . 2013-01-19 02:25 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-01-19 02:25 . 2013-01-19 02:25 -------- d-----w- c:\program files (x86)\Java 2013-01-18 03:49 . 2013-01-18 03:49 -------- d-----w- c:\program files (x86)\Common Files\Skype . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-08 04:31 . 2012-04-06 22:50 697712 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-02-08 04:31 . 2011-05-15 03:40 74096 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-30 10:53 . 2011-05-04 04:50 273840 ------w- c:\windows\system32\MpSigStub.exe 2013-01-19 02:27 . 2012-06-21 01:01 544240 ----a-w- c:\windows\system32\npdeployJava1.dll 2013-01-19 02:27 . 2010-12-02 09:20 525808 ----a-w- c:\windows\system32\deployJava1.dll 2013-01-19 02:25 . 2012-06-21 01:04 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2013-01-19 02:25 . 2010-12-02 09:19 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-01-09 03:29 . 2010-12-14 15:48 67599240 ----a-w- c:\windows\system32\MRT.exe 2012-12-16 17:11 . 2012-12-23 09:00 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 14:45 . 2012-12-23 09:00 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13 . 2012-12-23 09:00 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-16 14:13 . 2012-12-23 09:00 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-14 22:49 . 2011-05-04 03:13 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-29 01:44 . 2012-11-29 01:49 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A759195E-5B96-498A-B6F0-5FD509994C01}\gapaengine.dll 2012-11-23 03:26 . 2013-01-09 01:42 3149824 ----a-w- c:\windows\system32\win32k.sys 2012-11-23 03:13 . 2013-01-09 01:42 68608 ----a-w- c:\windows\system32\taskhost.exe 2012-11-20 05:48 . 2013-01-09 01:42 307200 ----a-w- c:\windows\system32\ncrypt.dll 2012-11-20 04:51 . 2013-01-09 01:42 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll 2012-11-14 07:06 . 2012-12-13 04:00 17811968 ----a-w- c:\windows\system32\mshtml.dll 2012-11-14 06:32 . 2012-12-13 04:00 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-11-14 06:11 . 2012-12-13 04:00 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 06:04 . 2012-12-13 04:00 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-11-14 06:04 . 2012-12-13 04:00 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 06:02 . 2012-12-13 04:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 06:02 . 2012-12-13 04:00 237056 ----a-w- c:\windows\system32\url.dll 2012-11-14 05:59 . 2012-12-13 04:00 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-11-14 05:58 . 2012-12-13 04:00 816640 ----a-w- c:\windows\system32\jscript.dll 2012-11-14 05:57 . 2012-12-13 04:00 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 05:57 . 2012-12-13 04:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 05:55 . 2012-12-13 04:00 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-11-14 05:55 . 2012-12-13 04:00 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-11-14 05:53 . 2012-12-13 04:00 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-11-14 05:52 . 2012-12-13 04:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-14 05:46 . 2012-12-13 04:00 248320 ----a-w- c:\windows\system32\ieui.dll 2012-11-14 02:09 . 2012-12-13 04:00 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-11-14 01:58 . 2012-12-13 04:00 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-11-14 01:57 . 2012-12-13 04:00 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-11-14 01:49 . 2012-12-13 04:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-11-14 01:48 . 2012-12-13 04:00 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-11-14 01:44 . 2012-12-13 04:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files (x86)\pandasecuritytb\pandasecurityDx.dll" [2012-10-15 87176] . [HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}] 2012-10-15 13:02 87176 ----a-w- c:\program files (x86)\pandasecuritytb\pandasecurityDx.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files (x86)\pandasecuritytb\pandasecurityDx.dll" [2012-10-15 87176] . [HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18708224] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Panda Security URL Filtering"="c:\programdata\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2012-10-15 221832] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "PSUAMain"="c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2012-11-15 32032] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "panda2_0dn"="reg.exe delete HKCU\Software\AppDataLow\Software\panda2_0dn" [X] "panda2_0dn_XP"="reg.exe delete HKCU\Software\panda2_0dn" [X] "panda4_0dn"="reg.exe delete HKCU\Software\AppDataLow\Software\panda4_0dn" [X] "panda4_0dn_XP"="reg.exe delete HKCU\Software\panda4_0dn" [X] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\DRIVERS\NNSNAHSL.sys [2012-10-22 33320] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-12-06 208536] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-10-15 65264] R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2010-08-24 74320] R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2010-08-24 13392] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-10-15 481768] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-10-15 100912] R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-05-07 245792] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-14 1255736] R4 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys [2012-11-09 83496] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-10-15 75808] S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys [2012-11-09 127016] S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys [2012-11-09 136232] S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys [2012-11-09 154152] S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys [2012-11-09 134696] S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys [2012-11-09 139304] S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys [2012-11-09 397864] S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys [2012-11-09 150568] S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys [2012-11-09 135208] S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys [2012-11-09 291368] S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys [2012-11-09 148520] S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2012-11-10 204328] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648] S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2012-11-12 140064] S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456] S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2012-11-10 167976] S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2012-11-10 119848] S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2012-11-10 123944] S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2012-11-10 133160] S2 PSUAService;Panda Product Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe [2012-11-15 36640] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360] S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-01 2533400] S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [2010-02-02 20984] S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-03-31 53800] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-31 35104] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-06-21 287232] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-12-22 74280] S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896] S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976] . . --- Other Services/Drivers In Memory --- . *Deregistered* - PSKMAD . Contents of the 'Scheduled Tasks' folder . 2013-02-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-21 04:31] . 2013-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-30 14:45] . 2013-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-30 14:45] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: mcafee.com TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Ana\AppData\Roaming\Mozilla\Firefox\Profiles\ct340nql.default\ FF - prefs.js: browser.search.selectedEngine - Panda Safe Search FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z201&form=ZGAADF&install_date=20111217&q= FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2013-01-18 20:25; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-02-09 23:23:30 ComboFix-quarantined-files.txt 2013-02-10 05:23 ComboFix2.txt 2013-02-08 05:53 . Pre-Run: 423,477,485,568 bytes free Post-Run: 423,421,673,472 bytes free . - - End Of File - - 17D54C11EB1AA8D9CA25B48012AC8F53
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.