Jump to content

Help_Needed

Members
  • Posts

    13
  • Joined

  • Last visited

Everything posted by Help_Needed

  1. The only update for Adobe is Adobe Reader Language Support. I don't that is necessary. Do you?
  2. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Windows Vista Home Premium x86 Ran by Chris on Tue 05/21/2013 at 19:38:56.19 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Tue 05/21/2013 at 19:41:27.56 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  3. Check Up Results of screen317's Security Check version 0.99.63 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! McAfee Anti-Virus and Anti-Spyware WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Secunia PSI (2.0.0.4003) Malwarebytes Anti-Malware version 1.75.0.1300 Java 6 Update 30 Java version out of Date! Adobe Reader 7 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0 % ````````````````````End of Log``````````````````````
  4. Haven't done the Security Check yet. Will work on that now. # AdwCleaner v2.301 - Logfile created 05/21/2013 at 07:17:24 # Updated 16/05/2013 by Xplode # Operating system : Windows Vista Home Premium Service Pack 2 (32 bits) # User : Chris - WORKHORSE # Boot Mode : Normal # Running from : C:\Users\Chris\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Deleted : HKCU\Software\Conduit Key Deleted : HKLM\Software\Conduit ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16483 [OK] Registry is clean. ************************* AdwCleaner[R1].txt - [722 octets] - [21/05/2013 06:19:37] AdwCleaner[R2].txt - [781 octets] - [21/05/2013 07:16:25] AdwCleaner[s1].txt - [717 octets] - [21/05/2013 07:17:24] ########## EOF - C:\AdwCleaner[s1].txt - [776 octets] ##########
  5. # AdwCleaner v2.301 - Logfile created 05/21/2013 at 06:19:37 # Updated 16/05/2013 by Xplode # Operating system : Windows Vista Home Premium Service Pack 2 (32 bits) # User : Chris - WORKHORSE # Boot Mode : Normal # Running from : C:\Users\Chris\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Found : HKCU\Software\Conduit Key Found : HKLM\Software\Conduit ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16483 [OK] Registry is clean. ************************* AdwCleaner[R1].txt - [595 octets] - [21/05/2013 06:19:37] ########## EOF - C:\AdwCleaner[R1].txt - [654 octets] ##########
  6. ComboFix 13-05-20.01 - Chris 05/20/2013 20:22:58.3.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.1266 [GMT -7:00] Running from: c:\users\Chris\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Resident AV is active . . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\$NtUninstallKB61696$ . . ((((((((((((((((((((((((( Files Created from 2013-04-21 to 2013-05-21 ))))))))))))))))))))))))))))))) . . 2013-05-21 03:46 . 2013-05-21 04:05 -------- d-----w- c:\users\Chris\AppData\Local\temp 2013-05-21 03:46 . 2013-05-21 04:01 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-05-21 03:46 . 2013-05-21 03:46 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-05-21 03:46 . 2013-05-21 03:46 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-05-21 03:46 . 2013-05-21 03:46 -------- d-----w- c:\users\Hooper\AppData\Local\temp 2013-05-21 03:46 . 2013-05-21 03:46 -------- d-----w- c:\users\Guest\AppData\Local\temp 2013-05-21 03:46 . 2013-05-21 03:46 -------- d-----w- c:\users\Angi\AppData\Local\temp 2013-05-20 03:29 . 2013-05-20 03:29 -------- d-----w- C:\FRST 2013-05-15 10:19 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2013-05-15 05:42 . 2013-04-15 14:20 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-05-15 05:42 . 2013-04-13 10:56 37376 ----a-w- c:\windows\system32\cdd.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-15 07:09 . 2012-04-07 16:37 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-05-15 07:09 . 2011-06-07 14:11 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-04-09 01:36 . 2013-05-15 05:42 2049024 ----a-w- c:\windows\system32\win32k.sys 2013-04-04 22:02 . 2013-05-15 10:01 1129472 ----a-w- c:\windows\system32\wininet.dll 2013-04-04 21:57 . 2013-05-15 10:01 420864 ----a-w- c:\windows\system32\vbscript.dll 2013-04-04 21:50 . 2010-10-24 16:15 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-11 13:25 . 2013-04-10 07:52 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-03-11 13:25 . 2013-04-10 07:52 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-09 03:45 . 2013-04-10 07:52 49152 ----a-w- c:\windows\system32\csrsrv.dll 2013-03-09 01:28 . 2013-04-10 07:52 64000 ----a-w- c:\windows\system32\smss.exe 2013-03-08 03:53 . 2013-04-10 07:53 376320 ----a-w- c:\windows\system32\winsrv.dll 2013-03-08 03:52 . 2013-04-10 07:53 2067968 ----a-w- c:\windows\system32\mstscax.dll 2013-03-03 19:07 . 2013-04-10 07:53 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-02-20 04:32 . 2013-02-20 04:32 6162704 ----a-w- c:\windows\system32\nvopencl.dll 2013-02-20 04:32 . 2013-02-20 04:32 10919200 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2013-02-20 04:32 . 2013-02-20 04:32 17560352 ----a-w- c:\windows\system32\nvcompiler.dll 2013-02-20 04:32 . 2008-09-19 23:09 2446416 ----a-w- c:\windows\system32\nvapi.dll 2013-02-20 04:32 . 2013-02-20 04:32 2577184 ----a-w- c:\windows\system32\nvcuvid.dll 2013-02-20 04:32 . 2013-02-20 04:32 1869088 ----a-w- c:\windows\system32\nvcuvenc.dll 2013-02-20 04:32 . 2013-02-20 04:32 15413704 ----a-w- c:\windows\system32\nvd3dum.dll 2013-02-20 04:32 . 2012-10-11 05:14 892704 ----a-w- c:\windows\system32\nvdispgenco32.dll 2013-02-20 04:32 . 2012-10-11 05:14 1010464 ----a-w- c:\windows\system32\nvdispco32.dll 2013-02-20 04:32 . 2013-02-20 04:32 7754560 ----a-w- c:\windows\system32\nvcuda.dll 2013-02-20 04:32 . 2013-02-20 04:32 19915552 ----a-w- c:\windows\system32\nvoglv32.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2006-11-12 446976] "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-05-20 32768] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-22 30192] "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2006-11-17 17920] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 94208] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "SigmatelSysTrayApp"="sttray.exe" [2007-02-08 303104] "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216] "nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-14 1278064] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "WD Quick View"="c:\program files\Western Digital\WD Quick View\WDDMStatus.exe" [2012-04-30 5235608] . c:\users\Angi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\users\Hooper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-5-19 450560] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-5-19 593920] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ymetray.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ymetray.lnk backup=c:\windows\pss\ymetray.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-01-23 03:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager] 2006-05-17 21:18 480816 ----a-w- c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX] 2006-05-17 17:12 243248 ----a-w- c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-11-11 07:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2013-05-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 07:09] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ Trusted Zone: secureserver.net\email14 Trusted Zone: secureserver.net\www.email TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12 DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} - hxxp://www3.authentium.com/cssrelease/bin/wizard.exe DPF: {3528A58B-595D-4AFD-A5F6-B914BD306DC3} - hxxp://dishconnectivity.sling.com/dpit/downloads/pc/SlingHealth.cab DPF: {42B182F9-3F08-484E-9913-07193A5D36A9} - hxxp://astak.dyndns.org:8080/web/WebClient.cab DPF: {CCA0B877-CB5E-4ADC-AD30-457C379512DD} - hxxp://68.101.171.235:82/xplugLiteAL.cab . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) SafeBoot-WudfPf SafeBoot-WudfRd . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-05-20 21:05 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,88,77,1d,12,35,f9,93,40,ab,0f,e4,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,88,77,1d,12,35,f9,93,40,ab,0f,e4,\ . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(5708) c:\program files\Logitech\SetPoint\lgscroll.dll c:\program files\Pure Networks\Network Magic\nmspce2.dll c:\program files\Pure Networks\Network Magic\nmrsrc.dll c:\program files\FileZilla FTP Client\fzshellext.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvvsvc.exe c:\program files\NVIDIA Corporation\Display\nvxdsync.exe c:\windows\system32\nvvsvc.exe c:\windows\System32\LEXBCES.EXE c:\windows\System32\LEXPPS.EXE c:\windows\system32\atashost.exe c:\windows\system32\dlbccoms.exe c:\windows\system32\mfevtps.exe c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe c:\program files\Secunia\PSI\sua.exe c:\program files\Dell Support Center\bin\sprtsvc.exe c:\program files\Western Digital\WD Drive Manager\WDDriveService.exe c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe c:\program files\Common Files\McAfee\SystemCore\mcshield.exe c:\windows\System32\WUDFHost.exe c:\program files\Common Files\McAfee\SystemCore\mfefire.exe c:\program files\Western Digital\WD SmartWare\WDBackupEngine.exe c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe c:\program files\NVIDIA Corporation\Display\nvtray.exe c:\windows\sttray.exe c:\progra~1\mcafee.com\agent\mcagent.exe c:\program files\Common Files\Logitech\KhalShared\KHALMNPR.EXE c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Completion time: 2013-05-20 21:18:28 - machine was rebooted ComboFix-quarantined-files.txt 2013-05-21 04:18 . Pre-Run: 25,774,116,864 bytes free Post-Run: 25,480,699,904 bytes free . - - End Of File - - 0D6347F94D368586A15802FAD0F96868
  7. I did restart computer before running second scan.
  8. Again, After First Scan - Running Second Scan Now Malwarebytes Anti-Rootkit BETA 1.05.0.1001 www.malwarebytes.org Database version: v2013.05.20.01 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Chris :: WORKHORSE [administrator] 5/19/2013 10:01:11 PM mbar-log-2013-05-19 (22-01-11).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 29990 Time elapsed: 1 hour(s), 54 minute(s), 33 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 1 c:\Windows\$NtUninstallKB61696$\1260042778 (Backdoor.0Access) -> Delete on reboot. Files Detected: 0 (No malicious items detected) (end)
  9. After First Scan - Running Second Scan Now --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.05.0.1001 © Malwarebytes Corporation 2011-2012 OS version: 6.0.6002 Windows Vista Service Pack 2 x86 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_30 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 2.004000 GHz Memory total: 2078023680, free: 1140490240 ------------ Kernel report ------------ 05/19/2013 20:05:50 ------------ Loaded modules ----------- \SystemRoot\system32\ntkrnlpa.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\acpi.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\nvstor.sys \SystemRoot\system32\drivers\storport.sys \SystemRoot\system32\DRIVERS\nvstor32.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\drivers\mfehidk.sys \SystemRoot\System32\Drivers\PxHelp20.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\msrpc.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\ecache.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\drivers\crcdisk.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\tunmp.sys \SystemRoot\system32\DRIVERS\amdk8.sys \SystemRoot\system32\DRIVERS\nvlddmkm.sys \SystemRoot\System32\Drivers\nvBridge.kmd \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\system32\DRIVERS\usbohci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\bcm4sbxp.sys \SystemRoot\system32\DRIVERS\ohci1394.sys \SystemRoot\system32\DRIVERS\1394BUS.SYS \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\msiscsi.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\stwrt.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\DRIVERS\rasacd.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\mfewfpk.sys \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\smb.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\drivers\mfeavfk.sys \SystemRoot\system32\drivers\mfefirek.sys \SystemRoot\system32\DRIVERS\wdcsam.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\System32\Drivers\dump_nvstor32.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\LHidKE.Sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\LMouKE.Sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\drivers\spsys.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\pnarp.sys \SystemRoot\system32\DRIVERS\purendis.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\system32\drivers\mrxdav.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\udfs.sys \??\C:\Program Files\DellSupport\Drivers\dsunidrv.sys \SystemRoot\System32\Drivers\LBeepKE.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\system32\drivers\mfeapfk.sys \SystemRoot\system32\DRIVERS\cdfs.sys \SystemRoot\system32\drivers\cfwids.sys \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk6\DR6 Upper Device Object: 0xffffffff876cb030 Upper Device Driver Name: \Driver\disk\ Lower Device Name: \Device\00000077\ Lower Device Object: 0xffffffff876bf9d0 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR Initialization returned 0x0 Load Function returned 0x0 <<<1>>> Upper Device Name: \Device\Harddisk5\DR5 Upper Device Object: 0xffffffff86fdaac8 Upper Device Driver Name: \Driver\disk\ Lower Device Name: \Device\00000063\ Lower Device Object: 0xffffffff8756e7c8 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk4\DR4 Upper Device Object: 0xffffffff87471430 Upper Device Driver Name: \Driver\disk\ Lower Device Name: \Device\00000061\ Lower Device Object: 0xffffffff87499cb8 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk3\DR3 Upper Device Object: 0xffffffff874397c0 Upper Device Driver Name: \Driver\disk\ Lower Device Name: \Device\00000060\ Lower Device Object: 0xffffffff87449058 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk2\DR2 Upper Device Object: 0xffffffff87439030 Upper Device Driver Name: \Driver\disk\ Lower Device Name: \Device\0000005f\ Lower Device Object: 0xffffffff87411030 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xffffffff8746c030 Upper Device Driver Name: \Driver\disk\ Lower Device Name: \Device\0000005e\ Lower Device Object: 0xffffffff87412cb8 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff860e13e0 Upper Device Driver Name: \Driver\disk\ Lower Device Name: \Device\00000054\ Lower Device Object: 0xffffffff84df9c90 Lower Device Driver Name: \Driver\nvstor32\ Driver name found: nvstor32 Initialization returned 0x0 Port sub-driver loaded: \??\C:\Windows\System32\drivers\Storport.sys (0x0) Load Function returned 0x0 Downloaded database version: v2013.05.20.01 Downloaded database version: v2013.05.14.03 Initializing... Done! <<<2>>> Device number: 0, partition: 3 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff860e13e0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff861002e0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff860e13e0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ DevicePointer: 0xffffffff84df9150, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffffffff84df9c90, DeviceName: \Device\00000054\, DriverName: \Driver\nvstor32\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ Upper DeviceData: 0xffffffffa7bebac0, 0xffffffff860e13e0, 0xffffffff861c5348 Lower DeviceData: 0xffffffffaa44dba0, 0xffffffff84df9c90, 0xffffffff85705b28 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 3 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: B0000000 Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 80262 Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 81920 Numsec = 20971520 Partition 2 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 21053440 Numsec = 291442688 Partition file system is NTFS Partition is bootable Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 160000000000 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-312480000-312500000)... Physical Sector Size: 0 Drive: 1, DevicePointer: 0xffffffff8746c030, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8746cd18, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff8746c030, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ DevicePointer: 0xffffffff87412cb8, DeviceName: \Device\0000005e\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 2, DevicePointer: 0xffffffff87439030, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff87439d18, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff87439030, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\ DevicePointer: 0xffffffff87411030, DeviceName: \Device\0000005f\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 3, DevicePointer: 0xffffffff874397c0, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff87471020, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff874397c0, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\ DevicePointer: 0xffffffff87449058, DeviceName: \Device\00000060\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 4, DevicePointer: 0xffffffff87471430, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8746daf0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff87471430, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\ DevicePointer: 0xffffffff87499cb8, DeviceName: \Device\00000061\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 5, DevicePointer: 0xffffffff86fdaac8, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff86fd7bc8, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff86fdaac8, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\disk\ DevicePointer: 0xffffffff8756e7c8, DeviceName: \Device\00000063\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 512 Drive: 6, DevicePointer: 0xffffffff876cb030, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff876cbd18, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff876cb030, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\disk\ DevicePointer: 0xffffffff876bf9d0, DeviceName: \Device\00000077\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\disk\ Upper DeviceData: 0xffffffffad1a9d08, 0xffffffff876cb030, 0xffffffff866208f8 Lower DeviceData: 0xffffffffa5f44540, 0xffffffff876bf9d0, 0xffffffff86114520 Drive 6 Scanning MBR on drive 6... Inspecting partition table: MBR Signature: 55AA Disk Signature: 6EAEE6 Partition information: Partition 0 type is Other (0xb) Partition is ACTIVE. Partition starts at LBA: 32 Numsec = 4071392 Partition file system is FAT32 Partition is not bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 2084569088 bytes Sector size: 512 bytes Done! Performing system, memory and registry scan... Infected: c:\Windows\$NtUninstallKB61696$\1260042778 --> [backdoor.0Access] Done! Scan finished Creating System Restore point... Scheduling clean up... <<<2>>> Device number: 0, partition: 3 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Executing an action fixdamage.exe... Success! Removal successful. No system shutdown is required. =======================================
  10. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 18-05-2013 Ran by SYSTEM at 2013-05-19 19:54:24 Run:1 Running from K:\ Boot Mode: Recovery ============================================== HKEY_USERS\Chris\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully. C:\Users\Chris\AppData\Roaming\skype.dat => Moved successfully. C:\Users\Chris\AppData\Roaming\skype.ini => Moved successfully. C:\Users\Chris\Application Data\skype.dat => File/Directory not found. C:\Users\Chris\Application Data\skype.ini => File/Directory not found. C:\ProgramData\ntuser.dat => Moved successfully. C:\ProgramData\qci.pad => Moved successfully. C:\ProgramData\redaertaborca.pad => Moved successfully. ==== End of Fixlog ====
  11. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-05-2013 Ran by SYSTEM on 19-05-2013 19:29:28 Running from K:\ Windows Vista Home Premium (X86) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [221184 2006-10-03] (Macrovision Corporation) HKLM\...\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [81920 2006-10-03] (Macrovision Corporation) HKLM\...\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup [30192 2010-08-22] (Google) HKLM\...\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe [17920 2006-11-17] ( ) HKLM\...\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE [x] HKLM\...\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [16384 2007-11-15] ( ) HKLM\...\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.) HKLM\...\Run: [sigmatelSysTrayApp] sttray.exe [x] HKLM\...\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [647216 2009-07-07] (Cisco Systems, Inc.) HKLM\...\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash [472112 2009-07-08] (Cisco Systems, Inc.) HKLM\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1278064 2013-03-13] (McAfee, Inc.) HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.) HKLM\...\Run: [WD Quick View] C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5235608 2012-04-30] (Western Digital Technologies, Inc.) HKLM\...\Winlogon: [system] HKU\Angi\...\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup [ 2006-11-11] (Gteko Ltd.) HKU\Angi\...\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [ 2007-05-19] (Logitech) HKU\Angi\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [ 2008-01-18] (Microsoft Corporation) HKU\Chris\...\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup [ 2006-11-11] (Gteko Ltd.) HKU\Chris\...\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [ 2007-05-19] (Logitech) HKU\Chris\...\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [ 2009-05-21] (SupportSoft, Inc.) HKU\Chris\...\Winlogon: [shell] explorer.exe,C:\Users\Chris\AppData\Roaming\skype.dat <==== ATTENTION HKU\Default\...\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup [ 2006-11-11] (Gteko Ltd.) HKU\Default User\...\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup [ 2006-11-11] (Gteko Ltd.) HKU\Guest\...\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [ 2007-05-19] (Logitech) HKU\Hooper\...\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup [ 2006-11-11] (Gteko Ltd.) HKU\Hooper\...\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [ 2007-05-19] (Logitech) HKU\Hooper\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [ 2008-01-18] (Microsoft Corporation) HKU\UpdatusUser\...\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup [ 2006-11-11] (Gteko Ltd.) Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) Startup: C:\ProgramData\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk ShortcutTarget: Logitech Desktop Messenger.lnk -> C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech) Startup: C:\ProgramData\Start Menu\Programs\Startup\Logitech SetPoint.lnk ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.) Startup: C:\Users\Angi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Hooper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ========================== Services (Whitelisted) ================= S4 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144712 2009-06-05] (Apple Inc.) S2 dlbc_device; C:\Windows\system32\dlbccoms.exe [538096 2007-02-07] ( ) S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [70656 2006-11-07] () S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-22] (Google) S2 LexBceS; C:\Windows\System32\LEXBCES.EXE [311296 2004-03-04] (Lexmark International, Inc.) S2 McMPFSvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.) S2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.) S2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.) S2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.) S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [279048 2012-11-16] (McAfee, Inc.) S2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.) S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [203840 2013-02-19] (McAfee, Inc.) S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169320 2013-02-19] (McAfee, Inc.) S2 mfevtp; C:\Windows\system32\mfevtps.exe [172416 2013-02-19] (McAfee, Inc.) S2 nmservice; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [647216 2009-07-07] (Cisco Systems, Inc.) S3 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [994360 2011-10-13] (Secunia) S2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [399416 2011-10-13] (Secunia) S2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-13] (SupportSoft, Inc.) S2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1150368 2012-04-24] (Western Digital ) S2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [247704 2012-04-11] (Western Digital) ==================== Drivers (Whitelisted) ==================== S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [60920 2013-02-19] (McAfee, Inc.) S3 DSproct; C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.) S2 dsunidrv; C:\Program Files\DellSupport\Drivers\dsunidrv.sys [7424 2006-08-17] (Gteko Ltd.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [146872 2012-04-20] (McAfee, Inc.) S3 Jukebox; C:\Windows\System32\DRIVERS\ctpdusb2.sys [16890 2003-10-28] (Creative Technology Ltd.) S2 LBeepKE; C:\Windows\System32\Drivers\LBeepKE.sys [3712 2006-05-24] (Logitech, Inc.) S3 LHidKe; C:\Windows\System32\DRIVERS\LHidKE.Sys [27264 2006-05-10] (Logitech, Inc.) S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [133416 2013-02-19] (McAfee, Inc.) S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [235264 2013-02-19] (McAfee, Inc.) S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [65928 2013-02-19] (McAfee, Inc.) S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [363080 2013-02-19] (McAfee, Inc.) S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [565888 2013-02-19] (McAfee, Inc.) S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [92632 2013-02-19] (McAfee, Inc.) S1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [210608 2013-02-19] (McAfee, Inc.) S3 mr7910; C:\Windows\System32\DRIVERS\mr7910.sys [46848 2007-03-20] (Mars Semiconductor Corp.) S2 pnarp; C:\Windows\System32\DRIVERS\pnarp.sys [26672 2009-07-07] (Cisco Systems, Inc.) S3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia) S2 purendis; C:\Windows\System32\DRIVERS\purendis.sys [27696 2009-07-07] (Cisco Systems, Inc.) S3 STHDA; C:\Windows\System32\drivers\stwrt.sys [647680 2007-02-07] (SigmaTel, Inc.) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 mfeavfk01; No ImagePath S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-05-19 19:29 - 2013-05-19 19:29 - 00000000 ____D C:\FRST 2013-05-15 05:48 - 2013-05-15 05:49 - 00000004 ____A C:\Users\Chris\AppData\Roaming\skype.ini 2013-05-15 02:19 - 2013-05-05 11:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-05-15 02:19 - 2013-05-05 11:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-05-15 02:01 - 2013-04-04 14:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-05-15 02:01 - 2013-04-04 14:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-05-15 02:01 - 2013-04-04 14:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-05-15 02:01 - 2013-04-04 14:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-05-15 02:01 - 2013-04-04 14:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-05-15 02:01 - 2013-04-04 13:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-05-15 02:01 - 2013-04-04 13:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-05-15 02:01 - 2013-04-04 13:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-05-15 02:01 - 2013-04-04 13:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-05-15 02:01 - 2013-04-04 13:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-05-15 02:01 - 2013-04-04 13:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-05-15 02:01 - 2013-04-04 13:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-05-15 02:01 - 2013-04-04 13:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-05-15 02:00 - 2013-04-04 14:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-05-14 21:42 - 2013-04-15 06:20 - 00638328 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys 2013-05-14 21:42 - 2013-04-13 02:56 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll 2013-05-14 21:42 - 2013-04-08 17:36 - 02049024 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys ==================== One Month Modified Files and Folders ======== 2013-05-19 19:29 - 2013-05-19 19:29 - 00000000 ____D C:\FRST 2013-05-15 05:49 - 2013-05-15 05:48 - 00000004 ____A C:\Users\Chris\AppData\Roaming\skype.ini 2013-05-15 05:09 - 2012-04-07 08:37 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-05-15 04:40 - 2006-11-02 04:47 - 00003568 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-05-15 04:40 - 2006-11-02 04:47 - 00003568 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-05-15 03:10 - 2007-05-10 10:39 - 01680306 ____A C:\Windows\WindowsUpdate.log 2013-05-15 03:00 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET 2013-05-15 02:50 - 2012-12-11 15:22 - 00262144 ____A C:\Windows\System32\config\ELAM 2013-05-15 02:47 - 2006-11-02 02:33 - 00703516 ____A C:\Windows\System32\PerfStringBackup.INI 2013-05-15 02:40 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-05-15 02:39 - 2006-11-02 04:47 - 00313136 ____A C:\Windows\System32\FNTCACHE.DAT 2013-05-15 02:36 - 2006-11-02 05:01 - 00032528 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-05-15 02:03 - 2006-11-02 02:24 - 72607752 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe 2013-05-14 23:09 - 2012-04-07 08:37 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2013-05-14 23:09 - 2011-06-07 06:11 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2013-05-14 15:23 - 2007-05-10 11:14 - 00243584 ____A C:\Windows\PFRO.log 2013-05-05 11:25 - 2013-05-15 02:19 - 12324864 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-05-05 11:12 - 2013-05-15 02:19 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-05-02 19:53 - 2009-07-05 21:01 - 00000000 ____D C:\Users\Chris\Desktop\From Phone 2013-04-27 06:03 - 2012-01-04 08:22 - 00000908 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-04-27 06:03 - 2010-10-24 08:15 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware Other Malware: =========== C:\Users\Chris\AppData\Roaming\skype.dat C:\Users\Chris\AppData\Roaming\skype.ini C:\Users\Chris\Application Data\skype.dat C:\Users\Chris\Application Data\skype.ini C:\ProgramData\ntuser.dat C:\ProgramData\qci.pad C:\ProgramData\redaertaborca.pad ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-04-16 18:12:59 Restore point made on: 2013-04-17 23:00:30 Restore point made on: 2013-04-18 23:00:32 Restore point made on: 2013-04-19 23:00:30 Restore point made on: 2013-04-20 23:00:28 Restore point made on: 2013-04-21 20:03:40 Restore point made on: 2013-04-21 22:36:00 Restore point made on: 2013-04-22 03:57:10 Restore point made on: 2013-04-22 04:23:10 Restore point made on: 2013-04-22 05:07:14 Restore point made on: 2013-04-22 05:37:14 Restore point made on: 2013-04-22 10:05:19 Restore point made on: 2013-04-22 11:40:21 Restore point made on: 2013-04-22 12:50:24 Restore point made on: 2013-04-22 13:21:29 Restore point made on: 2013-04-22 14:09:29 Restore point made on: 2013-04-22 18:48:33 Restore point made on: 2013-04-23 07:21:44 Restore point made on: 2013-04-23 19:27:54 Restore point made on: 2013-04-23 19:39:54 Restore point made on: 2013-04-23 19:52:55 Restore point made on: 2013-04-24 18:31:53 Restore point made on: 2013-04-24 18:42:25 Restore point made on: 2013-04-24 18:49:44 Restore point made on: 2013-04-24 19:00:45 Restore point made on: 2013-04-24 19:06:44 Restore point made on: 2013-04-24 19:12:45 Restore point made on: 2013-04-24 20:10:45 Restore point made on: 2013-04-25 17:22:58 Restore point made on: 2013-04-25 17:28:00 Restore point made on: 2013-04-25 17:36:58 Restore point made on: 2013-04-25 17:56:02 Restore point made on: 2013-04-25 18:12:58 Restore point made on: 2013-04-26 06:03:08 Restore point made on: 2013-04-26 16:19:16 Restore point made on: 2013-04-26 17:58:18 Restore point made on: 2013-04-26 18:16:18 Restore point made on: 2013-04-27 05:59:28 Restore point made on: 2013-04-28 17:19:39 Restore point made on: 2013-04-29 05:01:51 Restore point made on: 2013-04-29 07:14:53 Restore point made on: 2013-04-29 12:08:58 Restore point made on: 2013-04-29 12:55:00 Restore point made on: 2013-04-29 14:06:01 Restore point made on: 2013-04-29 22:03:08 Restore point made on: 2013-05-02 17:58:29 Restore point made on: 2013-05-02 20:50:32 Restore point made on: 2013-05-03 14:53:56 Restore point made on: 2013-05-03 15:51:24 Restore point made on: 2013-05-03 17:29:25 Restore point made on: 2013-05-06 08:28:17 Restore point made on: 2013-05-08 17:48:04 Restore point made on: 2013-05-08 21:11:15 Restore point made on: 2013-05-08 22:02:28 Restore point made on: 2013-05-09 18:02:06 Restore point made on: 2013-05-10 19:19:52 Restore point made on: 2013-05-10 19:55:46 Restore point made on: 2013-05-10 22:46:49 Restore point made on: 2013-05-11 08:33:57 Restore point made on: 2013-05-11 11:38:56 Restore point made on: 2013-05-11 12:01:57 Restore point made on: 2013-05-11 13:48:01 Restore point made on: 2013-05-11 14:15:00 Restore point made on: 2013-05-11 14:45:59 Restore point made on: 2013-05-11 15:59:00 Restore point made on: 2013-05-12 08:12:42 Restore point made on: 2013-05-12 11:37:45 Restore point made on: 2013-05-12 16:03:48 Restore point made on: 2013-05-12 16:35:49 Restore point made on: 2013-05-15 02:00:13 Restore point made on: 2013-05-15 02:00:49 Restore point made on: 2013-05-15 02:02:19 Restore point made on: 2013-05-15 02:05:13 Restore point made on: 2013-05-15 02:15:17 Restore point made on: 2013-05-15 02:19:13 Restore point made on: 2013-05-15 02:35:36 Restore point made on: 2013-05-15 05:48:40 ==================== Memory info =========================== Percentage of memory in use: 13% Total physical RAM: 1981.88 MB Available physical RAM: 1705.6 MB Total Pagefile: 1915.61 MB Available Pagefile: 1777.77 MB Total Virtual: 2047.88 MB Available Virtual: 1975.72 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:138.97 GB) (Free:19.9 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive j: (WD Unlocker) (CDROM) (Total:0.02 GB) (Free:0 GB) UDF Drive k: () (Removable) (Total:1.94 GB) (Free:1.9 GB) FAT32 Drive x: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.47 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows Vista) (Size: 149 GB) (Disk ID: B0000000) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS) Partition 3: (Active) - (Size=139 GB) - (Type=07 NTFS) Attempted reading MBR returned 0 bytes. Could not read MBR for disk 5. ======================================================== Disk: 6 (Size: 2 GB) (Disk ID: 006EAEE6) Partition 1: (Active) - (Size=2 GB) - (Type=0B) Last Boot: 2013-05-15 02:53 ==================== End Of Log ============================
  12. Please help. I saw the FBI Moneypak pop up on my screen and I instantly powered off the computer and have not turn it back on. What is my first step? I am running Vista. Thank you in advance
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.