Jump to content

Salmoniform

Members
 View Profile  See their activity

  • Posts

    18

  • Joined

  • Last visited

 Content Type 

Everything posted by Salmoniform

  1. Salmoniform
    I have attempted to run Disk Check multiple times. When I click "Do It" my computer restarts, but then the check never initiates on reboot. On my last attempt, I left my computer idle for 1.5 hours (in case it was running in the background) and nothing. Should I attempt SFC without completing Disk Check?
  2. Salmoniform
    Farbar Service Scanner Version: 16-06-2013 Ran by Josh (administrator) on 25-06-2013 at 07:35:28 Running from "C:\Users\Josh\Desktop\Malwarebytes" Windows Vista Home Premium Service Pack 2 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Security Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{FD6905CE-952F-41F1-9A6F-135D9C6622CC} key. The key does not exist. Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Other Services: ============== File Check: ======== C:\Windows\system32\nsisvc.dll => MD5 is legit C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit C:\Windows\system32\dhcpcsvc.dll => MD5 is legit C:\Windows\system32\Drivers\afd.sys => MD5 is legit C:\Windows\system32\Drivers\tdx.sys => MD5 is legit C:\Windows\system32\Drivers\tcpip.sys [2013-06-12 14:11] - [2013-05-07 21:37] - 0905576 ____A (Microsoft Corporation) 548E198BAE21EFC21F8B5F0C1728AD27 C:\Windows\system32\dnsrslvr.dll => MD5 is legit C:\Windows\system32\mpssvc.dll => MD5 is legit C:\Windows\system32\bfe.dll => MD5 is legit C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit C:\Windows\system32\SDRSVC.dll => MD5 is legit C:\Windows\system32\vssvc.exe => MD5 is legit C:\Windows\system32\wscsvc.dll => MD5 is legit C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\system32\wuaueng.dll => MD5 is legit C:\Windows\system32\qmgr.dll => MD5 is legit C:\Windows\system32\es.dll => MD5 is legit C:\Windows\system32\cryptsvc.dll [2013-06-12 14:11] - [2013-04-23 21:00] - 0133120 ____A (Microsoft Corporation) 3EDE4C1F9672C972479201544969ADCB C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit **** End of log ****
  3. Salmoniform
    Everything seemed fine, but I have 20 Windows Updates that keep failing to download. I also attempted to upgrade to a newer version of Norton 360 and that download/installation failed as well. I am now left unable to update Windows and and am left unprotected by Norton.
  4. Salmoniform
    Results of screen317's Security Check version 0.99.67 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Windows Firewall Enabled! Norton 360 WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` SUPERAntiSpyware Malwarebytes Anti-Malware version 1.75.0.1300 Java 6 Update 30 Java version out of Date! Adobe Flash Player 11.7.700.224 Adobe Reader 9 Adobe Reader out of Date! Adobe Reader 10.1.7 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Josh Desktop Malwarebytes SecurityCheck.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log``````````````````````
  5. Salmoniform
    # AdwCleaner v2.303 - Logfile created 06/22/2013 at 04:35:21 # Updated 08/06/2013 by Xplode # Operating system : Windows Vista Home Premium Service Pack 2 (32 bits) # User : Josh - LAPTOP-PC # Boot Mode : Normal # Running from : C:\Users\Josh\Desktop\Malwarebytes\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16490 [OK] Registry is clean. -\\ Google Chrome v [unable to get version] File : C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [1195 octets] - [20/06/2013 12:09:57] AdwCleaner[s2].txt - [748 octets] - [22/06/2013 04:35:21] ########## EOF - C:\AdwCleaner[s2].txt - [807 octets] ##########
  6. Salmoniform
    ComboFix 13-06-21.02 - Josh 06/21/2013 6:26.4.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3002.1558 [GMT -7:00] Running from: c:\users\Josh\Desktop\Malwarebytes\ComboFix.exe Command switches used :: c:\users\Josh\Desktop\Malwarebytes\CFScript.txt AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\McAfee PC Security.lnk" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\McAfeeSecurePC c:\users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\McAfee PC Security.lnk c:\windows\system32\%APPDATA% c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat c:\windows\system32\drivers\etc\hosts.ics . . ((((((((((((((((((((((((( Files Created from 2013-05-21 to 2013-06-21 ))))))))))))))))))))))))))))))) . . 2013-06-21 13:39 . 2013-06-21 13:39 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-06-20 14:40 . 2013-06-20 14:40 -------- d-----w- c:\program files\ESET 2013-06-13 23:29 . 2013-06-14 00:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2013-06-12 21:11 . 2013-05-08 04:37 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-06-12 21:11 . 2013-05-02 04:04 443904 ----a-w- c:\windows\system32\win32spl.dll 2013-06-12 21:11 . 2013-05-02 04:03 37376 ----a-w- c:\windows\system32\printcom.dll 2013-06-12 21:11 . 2013-04-24 04:00 985600 ----a-w- c:\windows\system32\crypt32.dll 2013-06-12 21:11 . 2013-04-24 04:00 98304 ----a-w- c:\windows\system32\cryptnet.dll 2013-06-12 21:11 . 2013-04-24 04:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2013-06-12 21:11 . 2013-04-24 04:00 41984 ----a-w- c:\windows\system32\certenc.dll 2013-06-12 21:11 . 2013-04-24 01:46 812544 ----a-w- c:\windows\system32\certutil.exe 2013-06-12 21:11 . 2013-05-02 22:03 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-06-12 21:11 . 2013-05-02 22:03 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-06-12 21:11 . 2013-04-17 12:30 24576 ----a-w- c:\windows\system32\cryptdlg.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-20 00:53 . 2012-04-04 00:45 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-06-20 00:53 . 2011-07-24 15:55 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-04-15 14:20 . 2013-05-15 23:21 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-04-13 10:56 . 2013-05-15 23:21 37376 ----a-w- c:\windows\system32\cdd.dll 2013-04-09 01:36 . 2013-05-15 23:21 2049024 ----a-w- c:\windows\system32\win32k.sys 2013-04-04 21:50 . 2012-04-06 19:25 22856 ----a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "HP Officejet 6600 (NET)"="c:\program files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe" [2011-09-09 1804648] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264] "UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] "UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032] "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] "UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-03-28 450560] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2012-12-13 116608] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2013-06-20 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 00:53] . 2013-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 02:16] . 2013-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 02:16] . 2013-06-21 c:\windows\Tasks\HP Photo Creations Communicator.job - c:\programdata\HP Photo Creations\Communicator.exe [2011-11-18 10:11] . 2013-06-18 c:\windows\Tasks\HPCeeScheduleForJosh.job - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-04-22 18:34] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.1.1 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-06-21 06:42 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360] "ImagePath"="\"c:\program files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.4.1.14\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2013-06-21 06:44:43 ComboFix-quarantined-files.txt 2013-06-21 13:44 ComboFix2.txt 2013-06-20 20:05 ComboFix3.txt 2013-06-20 14:29 ComboFix4.txt 2013-06-20 05:38 . Pre-Run: 151,418,433,536 bytes free Post-Run: 151,633,215,488 bytes free . - - End Of File - - DDF991908B39EF8C4A1656FA9AD5DA2D 588AE8F0C685C02BA11F30D9CD7E61A0
  7. Salmoniform
    After another restart, the system tray items returned. The McAfee run.dll error came up again, but I can just click "OK" and the box closes.
  8. Salmoniform
    After Combofix restarted my computer, I now have less items in my system tray (network printer, lightscribe, and a couple of other items).
  9. Salmoniform
    ComboFix 13-06-20.01 - Josh 06/20/2013 12:48:44.3.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3002.1849 [GMT -7:00] Running from: c:\users\Josh\Desktop\Malwarebytes\ComboFix.exe Command switches used :: c:\users\Josh\Desktop\Malwarebytes\CFScript.txt AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\drivers\etc\hosts.ics . . ((((((((((((((((((((((((( Files Created from 2013-05-20 to 2013-06-20 ))))))))))))))))))))))))))))))) . . 2013-06-20 20:02 . 2013-06-20 20:02 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-06-20 14:40 . 2013-06-20 14:40 -------- d-----w- c:\program files\ESET 2013-06-19 18:21 . 2013-06-19 18:21 -------- d-sh--w- c:\windows\system32\%APPDATA% 2013-06-18 16:32 . 2013-06-20 05:26 -------- d-----w- c:\programdata\McAfeeSecurePC 2013-06-13 23:29 . 2013-06-14 00:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2013-06-12 21:11 . 2013-05-08 04:37 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-06-12 21:11 . 2013-05-02 04:04 443904 ----a-w- c:\windows\system32\win32spl.dll 2013-06-12 21:11 . 2013-05-02 04:03 37376 ----a-w- c:\windows\system32\printcom.dll 2013-06-12 21:11 . 2013-04-24 04:00 985600 ----a-w- c:\windows\system32\crypt32.dll 2013-06-12 21:11 . 2013-04-24 04:00 98304 ----a-w- c:\windows\system32\cryptnet.dll 2013-06-12 21:11 . 2013-04-24 04:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2013-06-12 21:11 . 2013-04-24 04:00 41984 ----a-w- c:\windows\system32\certenc.dll 2013-06-12 21:11 . 2013-04-24 01:46 812544 ----a-w- c:\windows\system32\certutil.exe 2013-06-12 21:11 . 2013-05-02 22:03 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-06-12 21:11 . 2013-05-02 22:03 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-06-12 21:11 . 2013-04-17 12:30 24576 ----a-w- c:\windows\system32\cryptdlg.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-20 00:53 . 2012-04-04 00:45 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-06-20 00:53 . 2011-07-24 15:55 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-04-15 14:20 . 2013-05-15 23:21 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-04-13 10:56 . 2013-05-15 23:21 37376 ----a-w- c:\windows\system32\cdd.dll 2013-04-09 01:36 . 2013-05-15 23:21 2049024 ----a-w- c:\windows\system32\win32k.sys 2013-04-04 21:50 . 2012-04-06 19:25 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-23 01:09 . 2013-03-23 01:09 354656 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl . . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\programdata\McAfeeSecurePC ---- . . ---- Directory of c:\windows\system32\%APPDATA% ---- . 2013-06-19 18:21 . 2013-06-19 18:32 262144 --sha-w- c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "HP Officejet 6600 (NET)"="c:\program files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe" [2011-09-09 1804648] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264] "UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] "UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032] "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] "UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-03-28 450560] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952] . c:\users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee PC Security.lnk - c:\windows\system32\rundll32.exe "c:\programdata\McAfeeSecurePC\mcafeesecurepc.dll",#3 [2006-11-2 44544] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2012-12-13 116608] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2013-06-20 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 00:53] . 2013-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 02:16] . 2013-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 02:16] . 2013-06-20 c:\windows\Tasks\HP Photo Creations Communicator.job - c:\programdata\HP Photo Creations\Communicator.exe [2011-11-18 10:11] . 2013-06-18 c:\windows\Tasks\HPCeeScheduleForJosh.job - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-04-22 18:34] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.1.1 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-06-20 13:03 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360] "ImagePath"="\"c:\program files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.4.1.14\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2013-06-20 13:05:43 ComboFix-quarantined-files.txt 2013-06-20 20:05 ComboFix2.txt 2013-06-20 14:29 ComboFix3.txt 2013-06-20 05:38 . Pre-Run: 150,554,206,208 bytes free Post-Run: 150,587,359,232 bytes free . - - End Of File - - 50A1308E13A1C2A2AD2BEAD23C8905C3 588AE8F0C685C02BA11F30D9CD7E61A0
  10. Salmoniform
    I can click "OK" and everything seems alright. The DOJ malware has not locked my computer after connecting to the network.
  11. Salmoniform
    When Windows loads, I get an error notification that states: Run DLL - Error loading C:\ProgramData\McAfeeSecurePC\mcafeesecurepc.dll - The specified module could not be found
  12. Salmoniform
    Results of screen317's Security Check version 0.99.67 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Norton 360 WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` SUPERAntiSpyware Malwarebytes Anti-Malware version 1.75.0.1300 Java 6 Update 30 Java version out of Date! Adobe Flash Player 11.7.700.224 Adobe Reader 9 Adobe Reader out of Date! Adobe Reader 10.1.7 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Josh Desktop Malwarebytes SecurityCheck.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1 % ````````````````````End of Log``````````````````````
  13. Salmoniform
    # AdwCleaner v2.303 - Logfile created 06/20/2013 at 12:09:57 # Updated 08/06/2013 by Xplode # Operating system : Windows Vista Home Premium Service Pack 2 (32 bits) # User : Josh - LAPTOP-PC # Boot Mode : Safe mode with networking # Running from : C:\Users\Josh\Desktop\Malwarebytes\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk Folder Deleted : C:\Users\Josh\AppData\LocalLow\boost_interprocess ***** [Registry] ***** Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A} ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16490 [OK] Registry is clean. -\\ Google Chrome v [unable to get version] File : C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [1066 octets] - [20/06/2013 12:09:57] ########## EOF - C:\AdwCleaner[s1].txt - [1126 octets] ##########
  14. Salmoniform
    C:\Qoobox\Quarantine\C\$RECYCLE.BIN\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\n.vir Win32/Sirefef.EV trojan C:\Qoobox\Quarantine\C\Users\Josh\4syprb61rwv6o.exe.vir a variant of Win32/Kryptik.BDYX trojan C:\Qoobox\Quarantine\C\Users\Josh\AppData\Roaming\Ukyco\elke.exe.vir Win32/Spy.Zbot.AAO trojan
  15. Salmoniform
    ComboFix 13-06-20.01 - Josh 06/20/2013 7:09.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3002.1889 [GMT -7:00] Running from: c:\users\Josh\Desktop\Malwarebytes\ComboFix.exe Command switches used :: c:\users\Josh\Desktop\Malwarebytes\CFScript.txt AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\Tasks\Security Center Update - 518368305.job" . file zipped: c:\windows\system32\zuroehbuid.exe . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Josh\AppData\Roaming\Musacui c:\users\Josh\AppData\Roaming\Musacui\agniyz.exe c:\users\Josh\AppData\Roaming\Oquru c:\users\Josh\AppData\Roaming\Xaevi c:\users\Josh\AppData\Roaming\Xaevi\gezae.teg c:\users\Josh\Desktop\SMART_HDD.lnk c:\windows\assembly\GAC\Desktop.ini c:\windows\system32\AutoRun.inf c:\windows\system32\drivers\etc\hosts.ics c:\windows\system32\zuroehbuid.exe c:\windows\Tasks\Security Center Update - 518368305.job c:\windows\wininit.ini . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_SecurityCenterServer518368305 . . ((((((((((((((((((((((((( Files Created from 2013-05-20 to 2013-06-20 ))))))))))))))))))))))))))))))) . . 2013-06-19 18:21 . 2013-06-19 18:21 -------- d-sh--w- c:\windows\system32\%APPDATA% 2013-06-18 16:32 . 2013-06-20 05:26 -------- d-----w- c:\programdata\McAfeeSecurePC 2013-06-13 23:29 . 2013-06-14 00:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2013-06-12 21:11 . 2013-05-08 04:37 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-06-12 21:11 . 2013-05-02 04:04 443904 ----a-w- c:\windows\system32\win32spl.dll 2013-06-12 21:11 . 2013-05-02 04:03 37376 ----a-w- c:\windows\system32\printcom.dll 2013-06-12 21:11 . 2013-04-24 04:00 985600 ----a-w- c:\windows\system32\crypt32.dll 2013-06-12 21:11 . 2013-04-24 04:00 98304 ----a-w- c:\windows\system32\cryptnet.dll 2013-06-12 21:11 . 2013-04-24 04:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2013-06-12 21:11 . 2013-04-24 04:00 41984 ----a-w- c:\windows\system32\certenc.dll 2013-06-12 21:11 . 2013-04-24 01:46 812544 ----a-w- c:\windows\system32\certutil.exe 2013-06-12 21:11 . 2013-05-02 22:03 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-06-12 21:11 . 2013-05-02 22:03 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-06-12 21:11 . 2013-04-17 12:30 24576 ----a-w- c:\windows\system32\cryptdlg.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-20 00:53 . 2012-04-04 00:45 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-06-20 00:53 . 2011-07-24 15:55 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-04-15 14:20 . 2013-05-15 23:21 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-04-13 10:56 . 2013-05-15 23:21 37376 ----a-w- c:\windows\system32\cdd.dll 2013-04-09 01:36 . 2013-05-15 23:21 2049024 ----a-w- c:\windows\system32\win32k.sys 2013-04-04 21:50 . 2012-04-06 19:25 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-23 01:09 . 2013-03-23 01:09 354656 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "HP Officejet 6600 (NET)"="c:\program files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe" [2011-09-09 1804648] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264] "UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] "UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032] "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] "UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-03-28 450560] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952] . c:\users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee PC Security.lnk - c:\windows\system32\rundll32.exe "c:\programdata\McAfeeSecurePC\mcafeesecurepc.dll",#3 [2006-11-2 44544] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2012-12-13 116608] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2013-06-20 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 00:53] . 2013-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 02:16] . 2013-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 02:16] . 2013-06-20 c:\windows\Tasks\HP Photo Creations Communicator.job - c:\programdata\HP Photo Creations\Communicator.exe [2011-11-18 10:11] . 2013-06-18 c:\windows\Tasks\HPCeeScheduleForJosh.job - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-04-22 18:34] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.1.1 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-06-20 07:24 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360] "ImagePath"="\"c:\program files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.4.1.14\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\WLANExt.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe c:\program files\SMINST\BLService.exe c:\program files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe c:\program files\CyberLink\Shared files\RichVideo.exe c:\windows\system32\DRIVERS\xaudio.exe c:\windows\system32\igfxsrvc.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE c:\windows\system32\wbem\unsecapp.exe c:\program files\Hewlett-Packard\Shared\HpqToaster.exe c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe c:\\?\c:\windows\system32\wbem\WMIADAP.EXE . ************************************************************************** . Completion time: 2013-06-20 07:28:41 - machine was rebooted ComboFix-quarantined-files.txt 2013-06-20 14:28 ComboFix2.txt 2013-06-20 05:38 . Pre-Run: 151,255,011,328 bytes free Post-Run: 151,045,689,344 bytes free . - - End Of File - - D152964FEBF2E022C5E6502EA0ED69C3 588AE8F0C685C02BA11F30D9CD7E61A0 Upload was successful
  16. Salmoniform
    ComboFix 13-06-18.02 - Josh 06/19/2013 22:19:01.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3002.1844 [GMT -7:00] Running from: c:\users\Josh\Desktop\Malwarebytes\ComboFix.exe AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\$recycle.bin\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\@ c:\$recycle.bin\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\n c:\programdata\McAfeeSecurePC\mcafeesecurepc.dll c:\users\Josh\4syprb61rwv6o.exe c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\Yahoo! Sports Fantasy Pro Football Pickem.url c:\users\Josh\AppData\Roaming\Musacui\agniyz.exe c:\users\Josh\AppData\Roaming\Ukyco c:\users\Josh\AppData\Roaming\Ukyco\elke.exe c:\users\Josh\javaw.dll . . ((((((((((((((((((((((((( Files Created from 2013-05-20 to 2013-06-20 ))))))))))))))))))))))))))))))) . . 2013-06-20 05:27 . 2013-06-20 05:27 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-06-20 01:02 . 2010-02-28 09:04 232545 ----a-w- c:\windows\system32\zuroehbuid.exe 2013-06-20 01:02 . 2013-06-20 05:31 -------- d-----w- c:\users\Josh\AppData\Roaming\Musacui 2013-06-20 01:02 . 2013-06-20 01:02 -------- d-----w- c:\users\Josh\AppData\Roaming\Xaevi 2013-06-20 01:02 . 2013-06-20 01:09 -------- d-----w- c:\users\Josh\AppData\Roaming\Oquru 2013-06-19 18:21 . 2013-06-19 18:21 -------- d-sh--w- c:\windows\system32\%APPDATA% 2013-06-18 16:32 . 2013-06-20 05:26 -------- d-----w- c:\programdata\McAfeeSecurePC 2013-06-13 23:29 . 2013-06-14 00:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2013-06-12 21:11 . 2013-05-08 04:37 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-06-12 21:11 . 2013-05-02 04:04 443904 ----a-w- c:\windows\system32\win32spl.dll 2013-06-12 21:11 . 2013-05-02 04:03 37376 ----a-w- c:\windows\system32\printcom.dll 2013-06-12 21:11 . 2013-04-24 04:00 985600 ----a-w- c:\windows\system32\crypt32.dll 2013-06-12 21:11 . 2013-04-24 04:00 98304 ----a-w- c:\windows\system32\cryptnet.dll 2013-06-12 21:11 . 2013-04-24 04:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2013-06-12 21:11 . 2013-04-24 04:00 41984 ----a-w- c:\windows\system32\certenc.dll 2013-06-12 21:11 . 2013-04-24 01:46 812544 ----a-w- c:\windows\system32\certutil.exe 2013-06-12 21:11 . 2013-05-02 22:03 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-06-12 21:11 . 2013-05-02 22:03 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-06-12 21:11 . 2013-04-17 12:30 24576 ----a-w- c:\windows\system32\cryptdlg.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-20 00:53 . 2012-04-04 00:45 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-06-20 00:53 . 2011-07-24 15:55 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-04-15 14:20 . 2013-05-15 23:21 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-04-13 10:56 . 2013-05-15 23:21 37376 ----a-w- c:\windows\system32\cdd.dll 2013-04-09 01:36 . 2013-05-15 23:21 2049024 ----a-w- c:\windows\system32\win32k.sys 2013-04-04 21:50 . 2012-04-06 19:25 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-23 01:09 . 2013-03-23 01:09 354656 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "HP Officejet 6600 (NET)"="c:\program files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe" [2011-09-09 1804648] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "Coivdiqoezyrek"="c:\users\Josh\AppData\Roaming\Musacui\agniyz.exe" [2013-06-20 232545] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264] "UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] "UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032] "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] "UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-03-28 450560] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952] "Coivdiqoezyrek"="c:\users\Josh\AppData\Roaming\Musacui\agniyz.exe" [2013-06-20 232545] . c:\users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee PC Security.lnk - c:\windows\system32\rundll32.exe "c:\programdata\McAfeeSecurePC\mcafeesecurepc.dll",#3 [2006-11-2 44544] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2012-12-13 116608] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2013-06-20 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 00:53] . 2013-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 02:16] . 2013-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 02:16] . 2013-06-20 c:\windows\Tasks\HP Photo Creations Communicator.job - c:\programdata\HP Photo Creations\Communicator.exe [2011-11-18 10:11] . 2013-06-18 c:\windows\Tasks\HPCeeScheduleForJosh.job - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-04-22 18:34] . 2013-06-20 c:\windows\Tasks\Security Center Update - 518368305.job - c:\users\Josh\AppData\Roaming\Musacui\agniyz.exe [2010-02-28 05:31] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . HKCU-Run-FXoIuAOxAoT.exe - c:\programdata\FXoIuAOxAoT.exe HKCU-Run-McAfeeSecurePC - c:\programdata\McAfeeSecurePC\mcafeesecurepc.dll HKCU-Run-Wounb - c:\users\Josh\AppData\Roaming\Ukyco\elke.exe HKLM-Run-HotSync - c:\program files\PalmSource\Desktop\HotSync.exe HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\hpzsetup.LNK - c:\program files\HP\Temp\{B2C61EBB-F47C-48ba-B375-27A40F8F48F7}\hpzstub.exe -run "c:\program files\HP\Temp\{B2C61EBB-F47C-48ba-B375-27A40F8F48F7}\hpzsetup.exe" "-*Stub" "273875162" /rerun 4 -f "c:\windows\hpoins14.dat" SafeBoot-WudfPf SafeBoot-WudfRd . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-06-19 22:32 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360] "ImagePath"="\"c:\program files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.4.1.14\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\WLANExt.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe c:\program files\SMINST\BLService.exe c:\program files\CyberLink\Shared files\RichVideo.exe c:\program files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe c:\windows\system32\zuroehbuid.exe c:\windows\system32\DRIVERS\xaudio.exe c:\windows\system32\igfxsrvc.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe c:\program files\Hewlett-Packard\Shared\HpqToaster.exe c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Completion time: 2013-06-19 22:38:44 - machine was rebooted ComboFix-quarantined-files.txt 2013-06-20 05:38 . Pre-Run: 151,323,029,504 bytes free Post-Run: 151,331,270,656 bytes free . - - End Of File - - 79BD9DC600818DCC6E5177B63018CFDA 588AE8F0C685C02BA11F30D9CD7E61A0
  17. Salmoniform
    GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-06-19 07:04:36 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK2555GSX rev.FG002C 232.89GB Running: lswvhm1k.exe; Driver: C:\Users\Josh\AppData\Local\Temp\uxdirpow.sys ---- System - GMER 2.1 ---- SSDT 87DCD860 ZwAlertResumeThread SSDT 87DCD940 ZwAlertThread SSDT 87DCB308 ZwAllocateVirtualMemory SSDT 87CE4158 ZwAlpcConnectPort SSDT 87DCEC20 ZwAssignProcessToJobObject SSDT 87DCD5B0 ZwCreateMutant SSDT 87DCE940 ZwCreateSymbolicLinkObject SSDT 87DCA048 ZwCreateThread SSDT 87DCED00 ZwDebugActiveProcess SSDT 87DCB4D8 ZwDuplicateObject SSDT 87DCB0C0 ZwFreeVirtualMemory SSDT 87DCD6A0 ZwImpersonateAnonymousToken SSDT 87DCD780 ZwImpersonateThread SSDT 87CEEFD0 ZwLoadDriver SSDT 87DCDF70 ZwMapViewOfSection SSDT 87DCD4D0 ZwOpenEvent SSDT 87DCB6B8 ZwOpenProcess SSDT 87DCB3F8 ZwOpenProcessToken SSDT 87DCEF28 ZwOpenSection SSDT 87DCB5C8 ZwOpenThread SSDT 87DCEB30 ZwProtectVirtualMemory SSDT 87DCDA20 ZwResumeThread SSDT 87DCDCC0 ZwSetContextThread SSDT 87DCDDA0 ZwSetInformationProcess SSDT 87DCEDE0 ZwSetSystemInformation SSDT 87DCE008 ZwSuspendProcess SSDT 87DCDB00 ZwSuspendThread SSDT 87DCA148 ZwTerminateProcess SSDT 87DCDBE0 ZwTerminateThread SSDT 87DCDE90 ZwUnmapViewOfSection SSDT 87DCB1B0 ZwWriteVirtualMemory SSDT 87DCEA30 ZwCreateThreadEx ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\Ecache\Parameters@LastBootPlanUserTime Wed, Jun 19 13, 06:24:52 AM???????????? Reg HKLM\SYSTEM\CurrentControlSet\Services\Ecache\Parameters@LastBootPlanTime 0xF0 0x6C 0xCE 0x01 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\Ecache\Parameters@MemoryCacheSize 382803057 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----
  18. Salmoniform
    DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16490 Run by Josh at 22:21:39 on 2013-06-18 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3002.1846 [GMT -7:00] . AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\WLANExt.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Windows\system32\taskeng.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Windows\ehome\ehtray.exe C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Windows\System32\rundll32.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe C:\Program Files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe C:\Program Files\SMINST\BLService.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\alg.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup . ============== Pseudo HJT Report =============== . uSearch Bar = Preserve uProxyServer = :0 BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\6.4.1.14\coieplg.dll BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\6.4.1.14\ips\ipsbho.dll BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\6.4.1.14\coieplg.dll uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [FXoIuAOxAoT.exe] c:\programdata\FXoIuAOxAoT.exe uRun: [HP Officejet 6600 (NET)] "c:\program files\hp\hp officejet 6600\bin\ScanToPCActivationApp.exe" -deviceID "CN231290DG05RN:NW" -scfn "HP Officejet 6600 (NET)" -AutoStart 1 uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [McAfeeSecurePC] rundll32.exe "c:\programdata\mcafeesecurepc\mcafeesecurepc.dll",#3 mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe" mRun: [updateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5" mRun: [updatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter" mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start mRun: [updateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0" mRun: [updatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0" mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe mRun: [HotSync] "c:\program files\palmsource\desktop\HotSync.exe" -AllUsers mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW StartupFolder: c:\users\josh\appdata\roaming\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\windows\system32\rundll32.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpzsetup.lnk - c:\program files\hp\temp\{b2c61ebb-f47c-48ba-b375-27a40f8f48f7}\hpzstub.exe mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smartprint\smartprintsetup.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} TCP: NameServer = 192.168.1.1 TCP: Interfaces\{08F46703-A7D7-478D-A637-B3B69C52CEBC} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{1C67EBB9-B8A5-4441-867A-7A29EC35158B} : DHCPNameServer = 192.168.1.1 Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: igfxcui - igfxdev.dll SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0604010.00e\symds.sys [2013-2-5 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0604010.00e\symefa.sys [2013-2-5 924320] R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.0.0.145\definitions\bashdefs\20130531.001\BHDrvx86.sys [2013-5-31 1002072] R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\0604010.00e\ccsetx86.sys [2013-2-5 132768] R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.0.0.145\definitions\ipsdefs\20130615.001\IDSvix86.sys [2013-6-17 386720] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0604010.00e\ironx86.sys [2013-2-5 149624] R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0604010.00e\symtdiv.sys [2013-2-5 345208] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-11 116608] R2 N360;Norton 360;c:\program files\norton 360\engine\6.4.1.14\ccsvchst.exe [2013-2-5 138272] R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-4-22 365952] R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-4-22 193840] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-15 106656] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2013-06-18 16:32:59 -------- d-----w- c:\programdata\McAfeeSecurePC 2013-06-18 16:32:54 64512 ----a-w- c:\users\josh\javaw.dll 2013-06-13 23:29:15 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2013-06-12 21:11:43 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-06-12 21:11:41 443904 ----a-w- c:\windows\system32\win32spl.dll 2013-06-12 21:11:40 37376 ----a-w- c:\windows\system32\printcom.dll 2013-06-12 21:11:32 985600 ----a-w- c:\windows\system32\crypt32.dll 2013-06-12 21:11:32 98304 ----a-w- c:\windows\system32\cryptnet.dll 2013-06-12 21:11:32 812544 ----a-w- c:\windows\system32\certutil.exe 2013-06-12 21:11:32 41984 ----a-w- c:\windows\system32\certenc.dll 2013-06-12 21:11:32 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2013-06-12 21:11:26 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-06-12 21:11:25 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-06-12 21:11:19 24576 ----a-w- c:\windows\system32\cryptdlg.dll . ==================== Find3M ==================== . 2013-06-15 13:27:15 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-06-15 13:27:15 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-05-16 22:39:39 1800704 ----a-w- c:\windows\system32\jscript9.dll 2013-05-16 22:28:26 1129472 ----a-w- c:\windows\system32\wininet.dll 2013-05-16 22:27:30 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2013-05-16 22:21:37 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2013-05-16 22:20:30 420864 ----a-w- c:\windows\system32\vbscript.dll 2013-05-16 22:16:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2013-04-15 14:20:04 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-04-13 10:56:44 37376 ----a-w- c:\windows\system32\cdd.dll 2013-04-09 01:36:18 2049024 ----a-w- c:\windows\system32\win32k.sys 2013-04-04 21:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-23 01:09:28 354656 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl . ============= FINISH: 22:23:58.84 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 7/16/2009 9:39:20 AM System Uptime: 6/18/2013 10:20:27 PM (0 hours ago) . Motherboard: Wistron | | 3612 Processor: Pentium® Dual-Core CPU T4200 @ 2.00GHz | CPU | 1200/800mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 222 GiB total, 139.865 GiB free. D: is FIXED (NTFS) - 11 GiB total, 1.799 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 32 Bit HP CIO Components Installer Acrobat.com Activation Assistant for the 2007 Microsoft Office suites ActiveCheck component for HP Active Support Library Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.7) Adobe Shockwave Player AIO_CDA_ProductContext AIO_CDA_Software AIO_Scan Atheros Driver Installation Program BeerSmith BeerSmith 2 Bonjour BufferChm Compatibility Pack for the 2007 Office system Conexant HD Audio Copy CustomerResearchQFolder CyberLink DVD Suite Destinations DeviceManagementQFolder DivX Setup dj_aio_corporate DJ_AIO_Software_min DocProc DocProcQFolder ESU for Microsoft Vista eSupportQFolder Facebook Plug-In Fax Google Earth Google Update Helper HDAUDIO Soft Data Fax Modem with SmartCP Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Active Support Library HP Customer Experience Enhancements HP Customer Participation Program 8.0 HP Deskjet All-In-One Driver Software 9.0.A Corporate Edition HP Doc Viewer HP DVD Play 3.7 HP Help and Support HP Imaging Device Functions 8.0 HP OCR Software 8.0 HP Officejet 6600 Basic Device Software HP Officejet 6600 Help HP Officejet 6600 Product Improvement Study HP Photo Creations HP Photosmart Essential HP Photosmart.All-In-One Driver Software 8.0 .A HP Product Assistant HP Quick Launch Buttons 6.40 H2 HP Solution Center 8.0 HP Total Care Advisor HP Total Care Setup HP Update HP User Guides 0118 HP Wireless Assistant HPAsset component for HP Active Support Library HPNetworkAssistant HPProductAssistant HPSSupply I.R.I.S. OCR Intel® Graphics Media Accelerator Driver Java Auto Updater Java 6 Update 30 LabelPrint LightScribe System Software 1.14.17.1 LightScribe Template Labeler Malwarebytes Anti-Malware version 1.75.0.1300 MarketResearch Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Live Search Toolbar Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Works MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK muvee Reveal My HP Games NetWaiting Norton 360 Norton Internet Security OGA Notifier 2.0.0048.0 Palm Desktop by ACCESS Power2Go PowerDirector QuickTime Realtek 8169 8168 8101E 8102E Ethernet Driver Realtek USB 2.0 Card Reader Scan Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition SolutionCenter Spelling Dictionaries Support For Adobe Reader 9 Status SUPERAntiSpyware Synaptics Pointing Device Driver Toolbox TrayApp UnloadSupport Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) VC80CRTRedist - 8.0.50727.6195 WebReg . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.