Jump to content

DonL100

Honorary Members
 View Profile  See their activity

  • Posts

    44

  • Joined

  • Last visited

Reputation

0 Neutral

About DonL100

  • Birthday 09/03/1941

Profile Information

  • Location
    Prescott, AZ
  • Interests
    Hunting, Fishing, Exploring Arizona
  1. DonL100
    Thanks MrCharlie, I reinstalled and everything is working fine.......Thanks, Don
  2. DonL100
    I've had MB Premium for awhile and it has worked great. I opened it today and discovered that it will not update and all the protection has stopped. It will scan but the scan that normally lasts 7-10 minutes ran in 30 seconds. I tried Chameleon but it "failed to update" and "failed to start scan". Included are the files requested I would appreciate any help. Thanks, Don Addition.txt FRST.txt
  3. DonL100
    Here are the 3 files you requested. Thanks for your help.....Don Addition.txt FRST.txt Addition.txt CheckResults.txt FRST.txt
  4. DonL100
    I've had MB Premium for awhile and it has worked great. I opened it today and discovered that it will not update and all the protection has stopped. It will scan but the scan that normally lasts 7-10 minutes ran in 30 seconds. I tried Chameleon but it "failed to update" and "failed to start scan". I would appreciate any help. Thanks, Don
  5. DonL100
    Thanks Andro1d, I cancelled the account and changed my other two accounts passwords and log out every time I'm done. I will change my passwords every couple of weeks from now on. So far no more problems. Thanks again, Don
  6. DonL100
    Here are my "dds" logs Thanks, Don attach.txt dds.txt
  7. DonL100
    I'd be grateful for some help solving my hijacked email account problem. I had one account that was hijacked with outlook express so I closed the account. Now, what ever is doing this has got into my gmail account. I changed my passwords but my gmail is sending emails to people that I don't know supposedly with a virus in then (not sure about the virus). I've scanned my computer with McAfee, Malwarebytes Pro, Spybot S&S, Adwcleaner and Rogue Killer but have found no infections. I'd appreciate any help....thanks Don
  8. DonL100
    The PC is working as it should. Thanks. What about the six threats that ESET found?
  9. DonL100
    Eset found six threats. C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application C:\Users\Don\Desktop\Downloaded Programs\dfsetup215.exe Win32/Bundled.Toolbar.Google.D application C:\Users\Don\Desktop\Security\ccsetup409.exe Win32/Bundled.Toolbar.Google.D application C:\Users\Don\Downloads\cbsidlm-tr1_10a-NETGEAR_Genie-SEO-75803003.exe Win32/DownloadAdmin.G application C:\Users\Don\Downloads\RecipeHub.exe a variant of Win32/AdInstaller application
  10. DonL100
    ComboFix Log you requested. ComboFix 14-01-08.03 - Don 01/10/2014 10:57:14.8.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12279.9673 [GMT -7:00] Running from: c:\users\Don\Desktop\ComboFix.exe Command switches used :: c:\users\Don\Desktop\CFScript.txt AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF -------\Service_NPF . . ((((((((((((((((((((((((( Files Created from 2013-12-10 to 2014-01-10 ))))))))))))))))))))))))))))))) . . 2014-01-10 18:05 . 2014-01-10 18:05 -------- d-----w- c:\users\Public\AppData\Local\temp 2014-01-10 18:05 . 2014-01-10 18:05 -------- d-----w- c:\users\Donald\AppData\Local\temp 2014-01-10 18:05 . 2014-01-10 18:05 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-01-10 18:05 . 2014-01-10 18:05 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2014-01-09 20:45 . 2014-01-09 20:45 -------- d-----w- c:\users\Don\AppData\Local\Adobe 2013-12-28 20:17 . 2013-12-28 20:17 -------- d-----w- c:\program files (x86)\Common Files\Skype 2013-12-28 20:17 . 2013-12-28 20:17 -------- d-----r- c:\program files (x86)\Skype 2013-12-28 18:48 . 2014-01-06 17:33 -------- d-----w- c:\users\Don\AppData\Local\CrashDumps 2013-12-23 18:14 . 2013-12-23 18:14 -------- d-----w- c:\program files\My Dell 2013-12-18 17:10 . 2014-01-08 21:24 16896 ----a-w- c:\windows\system32\drivers\sfloppy.sys.bak 2013-12-18 17:09 . 2014-01-08 21:23 289664 ----a-w- c:\windows\system32\drivers\fltMgr.sys.bak 2013-12-18 10:56 . 2013-09-23 20:49 197704 ----a-w- c:\windows\system32\drivers\HipShieldK.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-12-14 20:18 . 2010-12-08 20:36 90708896 ----a-w- c:\windows\system32\MRT.exe 2013-12-11 17:59 . 2012-04-05 20:28 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-12-11 17:59 . 2011-06-08 19:13 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-12-10 16:45 . 2013-12-10 16:45 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-12-10 16:45 . 2013-12-10 16:45 194048 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-12-10 16:45 . 2013-12-10 16:45 942592 ----a-w- c:\windows\system32\jsIntl.dll 2013-12-10 16:45 . 2013-12-10 16:45 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-12-10 16:45 . 2013-12-10 16:45 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll 2013-12-10 16:45 . 2013-12-10 16:45 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2013-12-10 16:45 . 2013-12-10 16:45 84992 ----a-w- c:\windows\system32\mshtmled.dll 2013-12-10 16:45 . 2013-12-10 16:45 83968 ----a-w- c:\windows\system32\MshtmlDac.dll 2013-12-10 16:45 . 2013-12-10 16:45 81408 ----a-w- c:\windows\system32\icardie.dll 2013-12-10 16:45 . 2013-12-10 16:45 774144 ----a-w- c:\windows\system32\jscript.dll 2013-12-10 16:45 . 2013-12-10 16:45 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-12-10 16:45 . 2013-12-10 16:45 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-12-10 16:45 . 2013-12-10 16:45 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2013-12-10 16:45 . 2013-12-10 16:45 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll 2013-12-10 16:45 . 2013-12-10 16:45 626176 ----a-w- c:\windows\system32\msfeeds.dll 2013-12-10 16:45 . 2013-12-10 16:45 62464 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-12-10 16:45 . 2013-12-10 16:45 62464 ----a-w- c:\windows\system32\pngfilt.dll 2013-12-10 16:45 . 2013-12-10 16:45 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll 2013-12-10 16:45 . 2013-12-10 16:45 61952 ----a-w- c:\windows\SysWow64\iesetup.dll 2013-12-10 16:45 . 2013-12-10 16:45 616104 ----a-w- c:\windows\system32\ieapfltr.dat 2013-12-10 16:45 . 2013-12-10 16:45 548352 ----a-w- c:\windows\system32\vbscript.dll 2013-12-10 16:45 . 2013-12-10 16:45 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-12-10 16:45 . 2013-12-10 16:45 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll 2013-12-10 16:45 . 2013-12-10 16:45 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-12-10 16:45 . 2013-12-10 16:45 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-12-10 16:45 . 2013-12-10 16:45 48128 ----a-w- c:\windows\system32\imgutil.dll 2013-12-10 16:45 . 2013-12-10 16:45 454656 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-12-10 16:45 . 2013-12-10 16:45 453120 ----a-w- c:\windows\system32\dxtmsft.dll 2013-12-10 16:45 . 2013-12-10 16:45 413696 ----a-w- c:\windows\system32\html.iec 2013-12-10 16:45 . 2013-12-10 16:45 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll 2013-12-10 16:45 . 2013-12-10 16:45 36352 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-12-10 16:45 . 2013-12-10 16:45 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll 2013-12-10 16:45 . 2013-12-10 16:45 337408 ----a-w- c:\windows\SysWow64\html.iec 2013-12-10 16:45 . 2013-12-10 16:45 30208 ----a-w- c:\windows\system32\licmgr10.dll 2013-12-10 16:45 . 2013-12-10 16:45 296960 ----a-w- c:\windows\system32\dxtrans.dll 2013-12-10 16:45 . 2013-12-10 16:45 263376 ----a-w- c:\windows\system32\iedkcs32.dll 2013-12-10 16:45 . 2013-12-10 16:45 247808 ----a-w- c:\windows\system32\msls31.dll 2013-12-10 16:45 . 2013-12-10 16:45 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-12-10 16:45 . 2013-12-10 16:45 243200 ----a-w- c:\windows\system32\webcheck.dll 2013-12-10 16:45 . 2013-12-10 16:45 235520 ----a-w- c:\windows\system32\url.dll 2013-12-10 16:45 . 2013-12-10 16:45 235008 ----a-w- c:\windows\system32\elshyph.dll 2013-12-10 16:45 . 2013-12-10 16:45 195584 ----a-w- c:\windows\system32\msrating.dll 2013-12-10 16:45 . 2013-12-10 16:45 182272 ----a-w- c:\windows\SysWow64\msls31.dll 2013-12-10 16:45 . 2013-12-10 16:45 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-12-10 16:45 . 2013-12-10 16:45 151552 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-12-10 16:45 . 2013-12-10 16:45 147968 ----a-w- c:\windows\system32\occache.dll 2013-12-10 16:45 . 2013-12-10 16:45 143872 ----a-w- c:\windows\system32\wextract.exe 2013-12-10 16:45 . 2013-12-10 16:45 139264 ----a-w- c:\windows\SysWow64\wextract.exe 2013-12-10 16:45 . 2013-12-10 16:45 13824 ----a-w- c:\windows\system32\mshta.exe 2013-12-10 16:45 . 2013-12-10 16:45 135680 ----a-w- c:\windows\system32\iepeers.dll 2013-12-10 16:45 . 2013-12-10 16:45 13312 ----a-w- c:\windows\SysWow64\mshta.exe 2013-12-10 16:45 . 2013-12-10 16:45 13312 ----a-w- c:\windows\system32\msfeedssync.exe 2013-12-10 16:45 . 2013-12-10 16:45 131072 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-12-10 16:45 . 2013-12-10 16:45 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-12-10 16:45 . 2013-12-10 16:45 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-12-10 16:45 . 2013-12-10 16:45 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-12-10 16:45 . 2013-12-10 16:45 105984 ----a-w- c:\windows\system32\iesysprep.dll 2013-12-10 16:45 . 2013-12-10 16:45 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-12-10 16:45 . 2013-12-10 16:45 101376 ----a-w- c:\windows\system32\inseng.dll 2013-11-27 05:07 . 2013-11-27 05:07 10856 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys 2013-11-27 05:07 . 2013-11-27 05:07 96112 ----a-w- c:\windows\system32\drivers\mfencrk.sys 2013-11-27 05:07 . 2013-11-27 05:07 411944 ----a-w- c:\windows\system32\drivers\mfencbdc.sys 2013-11-23 18:26 . 2013-12-11 18:03 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll 2013-11-23 17:47 . 2013-12-11 18:03 465920 ----a-w- c:\windows\system32\WMPhoto.dll 2013-11-12 02:23 . 2013-12-11 17:59 2048 ----a-w- c:\windows\system32\tzres.dll 2013-11-12 02:07 . 2013-12-11 17:59 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2013-11-04 23:51 . 2010-01-06 00:04 70112 ----a-w- c:\windows\system32\drivers\cfwids.sys 2013-11-04 23:46 . 2010-01-06 00:04 343696 ----a-w- c:\windows\system32\drivers\mfewfpk.sys 2013-11-04 23:43 . 2010-01-06 00:04 782360 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2013-11-04 23:41 . 2010-01-06 00:04 519576 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2013-11-04 23:40 . 2010-01-06 00:04 311120 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2013-11-04 23:39 . 2010-01-06 00:04 179792 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2013-10-30 02:32 . 2013-12-11 18:03 335360 ----a-w- c:\windows\system32\msieftp.dll 2013-10-30 02:19 . 2013-12-11 18:03 301568 ----a-w- c:\windows\SysWow64\msieftp.dll 2013-10-30 01:24 . 2013-12-11 18:03 3155968 ----a-w- c:\windows\system32\win32k.sys 2013-10-19 02:18 . 2013-12-11 18:03 81408 ----a-w- c:\windows\system32\imagehlp.dll 2013-10-19 01:36 . 2013-12-11 18:03 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2013-10-15 01:00 . 2013-12-10 16:47 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480] "NETGEARGenie"="c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" [2012-10-16 1041736] "RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2013-08-05 109784] "E70DD2240FE0934D32B1AC60B724F3A5BD5F0669._service_run"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-12-04 863184] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696] "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 537512] "SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576] "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528] "mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 537512] . c:\users\Donald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-12-15 1324384] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x] R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [x] R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x] R3 MUD;Driver for Magellan USB Device;c:\windows\system32\DRIVERS\MUD.sys;c:\windows\SYSNATIVE\DRIVERS\MUD.sys [x] R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x] S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [x] S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [x] S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x] S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [x] S2 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x] S2 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [x] S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x] S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x] S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x] S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x] S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x] S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x] S3 LVUVC64;Logitech Webcam 250(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x] S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - NPF . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-12-05 20:28 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-01-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 17:59] . 2014-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-11 20:39] . 2014-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-11 20:39] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-23 10081312] "RunDLLEntry_THXCfg"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920] "RunDLLEntry_EptMon"="c:\windows\system32\EptMon64.dll" [2009-10-15 21504] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm Trusted Zone: internet Trusted Zone: mcafee.com TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\gzpr9n2j.default-1375900177010\ FF - ExtSQL: !HIDDEN! 2010-12-31 12:38; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Notify-SDWinLogon - SDWinLogon.dll . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-583441641-3973240248-463755501-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (S-1-5-21-583441641-3973240248-463755501-1001) @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-583441641-3973240248-463755501-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (S-1-5-21-583441641-3973240248-463755501-1001) @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe . ************************************************************************** . Completion time: 2014-01-10 11:19:47 - machine was rebooted ComboFix-quarantined-files.txt 2014-01-10 18:19 ComboFix2.txt 2014-01-09 22:01 . Pre-Run: 896,328,056,832 bytes free Post-Run: 895,997,276,160 bytes free . - - End Of File - - A019CC4CF3487EE091C479155866BF7B
  11. DonL100
    OK, I turned off the Mcafee live scan and the Spybot search & destroy scanning as I did before when using ComboFix but when I run ComboFix now it still says that S& D is still running. I've tried it twice after rebooting and turning the scanners off again and it still says S&D is till running. I then went to the website that you gave me before that shows how to close the scans and the instructions for S&D are archaic and don't match the newer S&D. Can I run Combofix when S&D scanning is running? Thanks, Don
  12. DonL100
    here's the ComboFix log ComboFix 14-01-08.03 - Don 01/09/2014 14:41:00.7.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12279.9961 [GMT -7:00] Running from: c:\users\Don\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\PCDr\6422\AddOnDownloaded\1aff7cd0-71c5-4682-8a81-f3488d648a52.dll c:\programdata\PCDr\6422\AddOnDownloaded\4024761b-0217-45f9-98b3-a2cd8c309252.dll c:\programdata\PCDr\6422\AddOnDownloaded\5eb0ad41-431b-4bf8-b498-110b0b5cd0ab.dll c:\programdata\PCDr\6422\AddOnDownloaded\721f0e40-f9ae-403d-b919-f31f136f926d.dll c:\programdata\PCDr\6422\AddOnDownloaded\a42876a0-cd50-444f-b999-c31d0b73f57c.dll c:\programdata\PCDr\6422\AddOnDownloaded\b46fef86-eb4a-44db-ad48-0c00477a0097.dll c:\programdata\PCDr\6422\AddOnDownloaded\ec1edaed-f34f-4e3a-96eb-bbdad2af9a8a.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF -------\Service_NPF . . ((((((((((((((((((((((((( Files Created from 2013-12-09 to 2014-01-09 ))))))))))))))))))))))))))))))) . . 2014-01-09 21:48 . 2014-01-09 21:48 -------- d-----w- c:\users\Donald\AppData\Local\temp 2014-01-09 21:48 . 2014-01-09 21:48 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-01-09 21:48 . 2014-01-09 21:48 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2014-01-09 20:45 . 2014-01-09 20:45 -------- d-----w- c:\users\Don\AppData\Local\Adobe 2013-12-28 20:17 . 2013-12-28 20:17 -------- d-----w- c:\program files (x86)\Common Files\Skype 2013-12-28 20:17 . 2013-12-28 20:17 -------- d-----r- c:\program files (x86)\Skype 2013-12-28 18:48 . 2014-01-06 17:33 -------- d-----w- c:\users\Don\AppData\Local\CrashDumps 2013-12-23 18:14 . 2013-12-23 18:14 -------- d-----w- c:\program files\My Dell 2013-12-18 17:10 . 2014-01-08 21:24 16896 ----a-w- c:\windows\system32\drivers\sfloppy.sys.bak 2013-12-18 17:09 . 2014-01-08 21:23 289664 ----a-w- c:\windows\system32\drivers\fltMgr.sys.bak 2013-12-18 10:56 . 2013-09-23 20:49 197704 ----a-w- c:\windows\system32\drivers\HipShieldK.sys 2013-12-11 18:03 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll 2013-12-11 18:03 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll 2013-12-11 18:03 . 2013-10-30 01:24 3155968 ----a-w- c:\windows\system32\win32k.sys 2013-12-11 18:03 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll 2013-12-11 18:03 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll 2013-12-11 18:03 . 2013-10-19 02:18 81408 ----a-w- c:\windows\system32\imagehlp.dll 2013-12-11 18:03 . 2013-10-19 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2013-12-11 17:59 . 2013-11-12 02:23 2048 ----a-w- c:\windows\system32\tzres.dll 2013-12-11 17:59 . 2013-11-12 02:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2013-12-11 17:58 . 2013-10-04 02:16 116736 ----a-w- c:\windows\system32\drivers\drmk.sys 2013-12-11 17:58 . 2013-10-04 01:36 230400 ----a-w- c:\windows\system32\drivers\portcls.sys 2013-12-11 17:58 . 2013-10-12 02:32 150016 ----a-w- c:\windows\system32\wshom.ocx 2013-12-11 17:58 . 2013-10-12 02:31 202752 ----a-w- c:\windows\system32\scrrun.dll 2013-12-11 17:58 . 2013-10-12 02:04 121856 ----a-w- c:\windows\SysWow64\wshom.ocx 2013-12-11 17:58 . 2013-10-12 02:03 163840 ----a-w- c:\windows\SysWow64\scrrun.dll 2013-12-11 17:58 . 2013-10-12 01:33 156160 ----a-w- c:\windows\system32\cscript.exe 2013-12-11 17:58 . 2013-10-12 01:33 168960 ----a-w- c:\windows\system32\wscript.exe 2013-12-11 17:58 . 2013-10-12 01:15 141824 ----a-w- c:\windows\SysWow64\wscript.exe 2013-12-11 17:58 . 2013-10-12 01:15 126976 ----a-w- c:\windows\SysWow64\cscript.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-12-14 20:18 . 2010-12-08 20:36 90708896 ----a-w- c:\windows\system32\MRT.exe 2013-12-11 17:59 . 2012-04-05 20:28 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-12-11 17:59 . 2011-06-08 19:13 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-12-10 16:45 . 2013-12-10 16:45 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-12-10 16:45 . 2013-12-10 16:45 194048 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-12-10 16:45 . 2013-12-10 16:45 942592 ----a-w- c:\windows\system32\jsIntl.dll 2013-12-10 16:45 . 2013-12-10 16:45 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-12-10 16:45 . 2013-12-10 16:45 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll 2013-12-10 16:45 . 2013-12-10 16:45 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2013-12-10 16:45 . 2013-12-10 16:45 84992 ----a-w- c:\windows\system32\mshtmled.dll 2013-12-10 16:45 . 2013-12-10 16:45 83968 ----a-w- c:\windows\system32\MshtmlDac.dll 2013-12-10 16:45 . 2013-12-10 16:45 81408 ----a-w- c:\windows\system32\icardie.dll 2013-12-10 16:45 . 2013-12-10 16:45 774144 ----a-w- c:\windows\system32\jscript.dll 2013-12-10 16:45 . 2013-12-10 16:45 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-12-10 16:45 . 2013-12-10 16:45 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-12-10 16:45 . 2013-12-10 16:45 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2013-12-10 16:45 . 2013-12-10 16:45 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll 2013-12-10 16:45 . 2013-12-10 16:45 626176 ----a-w- c:\windows\system32\msfeeds.dll 2013-12-10 16:45 . 2013-12-10 16:45 62464 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-12-10 16:45 . 2013-12-10 16:45 62464 ----a-w- c:\windows\system32\pngfilt.dll 2013-12-10 16:45 . 2013-12-10 16:45 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll 2013-12-10 16:45 . 2013-12-10 16:45 61952 ----a-w- c:\windows\SysWow64\iesetup.dll 2013-12-10 16:45 . 2013-12-10 16:45 616104 ----a-w- c:\windows\system32\ieapfltr.dat 2013-12-10 16:45 . 2013-12-10 16:45 548352 ----a-w- c:\windows\system32\vbscript.dll 2013-12-10 16:45 . 2013-12-10 16:45 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-12-10 16:45 . 2013-12-10 16:45 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll 2013-12-10 16:45 . 2013-12-10 16:45 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-12-10 16:45 . 2013-12-10 16:45 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-12-10 16:45 . 2013-12-10 16:45 48128 ----a-w- c:\windows\system32\imgutil.dll 2013-12-10 16:45 . 2013-12-10 16:45 454656 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-12-10 16:45 . 2013-12-10 16:45 453120 ----a-w- c:\windows\system32\dxtmsft.dll 2013-12-10 16:45 . 2013-12-10 16:45 413696 ----a-w- c:\windows\system32\html.iec 2013-12-10 16:45 . 2013-12-10 16:45 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll 2013-12-10 16:45 . 2013-12-10 16:45 36352 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-12-10 16:45 . 2013-12-10 16:45 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll 2013-12-10 16:45 . 2013-12-10 16:45 337408 ----a-w- c:\windows\SysWow64\html.iec 2013-12-10 16:45 . 2013-12-10 16:45 30208 ----a-w- c:\windows\system32\licmgr10.dll 2013-12-10 16:45 . 2013-12-10 16:45 296960 ----a-w- c:\windows\system32\dxtrans.dll 2013-12-10 16:45 . 2013-12-10 16:45 263376 ----a-w- c:\windows\system32\iedkcs32.dll 2013-12-10 16:45 . 2013-12-10 16:45 247808 ----a-w- c:\windows\system32\msls31.dll 2013-12-10 16:45 . 2013-12-10 16:45 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-12-10 16:45 . 2013-12-10 16:45 243200 ----a-w- c:\windows\system32\webcheck.dll 2013-12-10 16:45 . 2013-12-10 16:45 235520 ----a-w- c:\windows\system32\url.dll 2013-12-10 16:45 . 2013-12-10 16:45 235008 ----a-w- c:\windows\system32\elshyph.dll 2013-12-10 16:45 . 2013-12-10 16:45 195584 ----a-w- c:\windows\system32\msrating.dll 2013-12-10 16:45 . 2013-12-10 16:45 182272 ----a-w- c:\windows\SysWow64\msls31.dll 2013-12-10 16:45 . 2013-12-10 16:45 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-12-10 16:45 . 2013-12-10 16:45 151552 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-12-10 16:45 . 2013-12-10 16:45 147968 ----a-w- c:\windows\system32\occache.dll 2013-12-10 16:45 . 2013-12-10 16:45 143872 ----a-w- c:\windows\system32\wextract.exe 2013-12-10 16:45 . 2013-12-10 16:45 139264 ----a-w- c:\windows\SysWow64\wextract.exe 2013-12-10 16:45 . 2013-12-10 16:45 13824 ----a-w- c:\windows\system32\mshta.exe 2013-12-10 16:45 . 2013-12-10 16:45 135680 ----a-w- c:\windows\system32\iepeers.dll 2013-12-10 16:45 . 2013-12-10 16:45 13312 ----a-w- c:\windows\SysWow64\mshta.exe 2013-12-10 16:45 . 2013-12-10 16:45 13312 ----a-w- c:\windows\system32\msfeedssync.exe 2013-12-10 16:45 . 2013-12-10 16:45 131072 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-12-10 16:45 . 2013-12-10 16:45 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-12-10 16:45 . 2013-12-10 16:45 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-12-10 16:45 . 2013-12-10 16:45 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-12-10 16:45 . 2013-12-10 16:45 105984 ----a-w- c:\windows\system32\iesysprep.dll 2013-12-10 16:45 . 2013-12-10 16:45 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-12-10 16:45 . 2013-12-10 16:45 101376 ----a-w- c:\windows\system32\inseng.dll 2013-11-27 05:07 . 2013-11-27 05:07 10856 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys 2013-11-27 05:07 . 2013-11-27 05:07 96112 ----a-w- c:\windows\system32\drivers\mfencrk.sys 2013-11-27 05:07 . 2013-11-27 05:07 411944 ----a-w- c:\windows\system32\drivers\mfencbdc.sys 2013-11-04 23:51 . 2010-01-06 00:04 70112 ----a-w- c:\windows\system32\drivers\cfwids.sys 2013-11-04 23:46 . 2010-01-06 00:04 343696 ----a-w- c:\windows\system32\drivers\mfewfpk.sys 2013-11-04 23:43 . 2010-01-06 00:04 782360 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2013-11-04 23:41 . 2010-01-06 00:04 519576 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2013-11-04 23:40 . 2010-01-06 00:04 311120 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2013-11-04 23:39 . 2010-01-06 00:04 179792 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2013-10-15 01:00 . 2013-12-10 16:47 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE 2013-10-12 02:30 . 2013-11-13 11:50 830464 ----a-w- c:\windows\system32\nshwfp.dll 2013-10-12 02:29 . 2013-11-13 11:50 859648 ----a-w- c:\windows\system32\IKEEXT.DLL 2013-10-12 02:29 . 2013-11-13 11:50 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL 2013-10-12 02:03 . 2013-11-13 11:50 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll 2013-10-12 02:01 . 2013-11-13 11:50 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480] "NETGEARGenie"="c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" [2012-10-16 1041736] "RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2013-08-05 109784] "E70DD2240FE0934D32B1AC60B724F3A5BD5F0669._service_run"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-12-04 863184] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696] "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 537512] "SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576] "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528] "mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 537512] . c:\users\Donald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-12-15 1324384] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x] R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [x] R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x] R3 MUD;Driver for Magellan USB Device;c:\windows\system32\DRIVERS\MUD.sys;c:\windows\SYSNATIVE\DRIVERS\MUD.sys [x] R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x] S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [x] S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [x] S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x] S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [x] S2 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x] S2 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [x] S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x] S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x] S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x] S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x] S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x] S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x] S3 LVUVC64;Logitech Webcam 250(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x] S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - NPF . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-12-05 20:28 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 17:59] . 2014-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-11 20:39] . 2014-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-11 20:39] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-23 10081312] "RunDLLEntry_THXCfg"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920] "RunDLLEntry_EptMon"="c:\windows\system32\EptMon64.dll" [2009-10-15 21504] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm Trusted Zone: internet Trusted Zone: mcafee.com TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\gzpr9n2j.default-1375900177010\ FF - ExtSQL: !HIDDEN! 2010-12-31 12:38; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Notify-SDWinLogon - SDWinLogon.dll SafeBoot-76331507.sys SafeBoot-mbamchameleon HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-583441641-3973240248-463755501-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (S-1-5-21-583441641-3973240248-463755501-1001) @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-583441641-3973240248-463755501-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (S-1-5-21-583441641-3973240248-463755501-1001) @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe . ************************************************************************** . Completion time: 2014-01-09 15:01:50 - machine was rebooted ComboFix-quarantined-files.txt 2014-01-09 22:01 . Pre-Run: 896,746,827,776 bytes free Post-Run: 896,171,126,784 bytes free . - - End Of File - - A38AF7DB5641AEBC66C75B4451F1C7F1
  13. DonL100
    And the larger SSK file TDSSKiller.3.0.0.19_09.01.2014_13.50.09_log.txt
  14. DonL100
    I don't know why I couldn't post it. It's only 205KB. Here it is. Thanks, Don TDSSKiller.3.0.0.19_09.01.2014_11.15.57_log.txt
  15. DonL100
    I can't post the SSK log because it's to large
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.