Licit

Members

View Profile See their activity

Posts
7
Joined
September 3, 2011
Last visited
September 25, 2011

Reputation

0 Neutral

stolen.data bunch of files

Licit replied to Licit's topic in Resolved Malware Removal Logs

OK done. ComboFix 11-09-21.04 - Tim2011 09/22/2011 8:23.4.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5941.4603 [GMT -4:00] Running from: c:\users\Tim2011\Desktop\ComboFix.exe Command switches used :: c:\users\Tim2011\Desktop\CFScript.txt SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\PCDr\5830\Downloads\b3c595f3-948c-4aae-b2a9-7aaa0df99c97.dll . . ((((((((((((((((((((((((( Files Created from 2011-08-22 to 2011-09-22 ))))))))))))))))))))))))))))))) . . 2011-09-22 12:35 . 2011-09-22 12:35 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-09-15 04:21 . 2011-09-15 04:21 -------- d-----w- c:\users\Tim2011\AppData\Local\Google 2011-09-15 04:20 . 2011-09-15 04:21 -------- d-----w- c:\program files (x86)\Google 2011-09-13 09:02 . 2011-09-21 12:50 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE 2011-09-13 06:07 . 2011-09-16 06:31 -------- d-----w- c:\users\Tim2011\DownloadsSplit 2011-09-10 14:31 . 2011-09-10 14:31 -------- d--h--w- c:\programdata\Common Files 2011-09-10 14:31 . 2011-09-22 11:07 -------- d-----w- c:\programdata\AVG2012 2011-09-10 14:30 . 2011-09-10 14:30 -------- d-----w- c:\program files (x86)\AVG 2011-09-10 14:28 . 2011-09-22 11:06 -------- d-----w- c:\programdata\MFAData 2011-08-24 13:53 . 2011-07-09 05:14 2048 ----a-w- c:\windows\system32\tzres.dll 2011-08-24 13:53 . 2011-07-09 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-09-15 04:20 . 2011-06-11 09:11 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-08-31 21:00 . 2011-06-18 05:37 25416 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-08 18:00 . 2011-08-18 05:26 86016 ----a-w- c:\windows\system32\ff_vfw.dll 2011-08-08 08:00 . 2011-08-12 03:57 74752 ----a-w- c:\windows\SysWow64\ff_vfw.dll 2011-07-22 05:35 . 2011-08-10 11:22 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-07-22 04:56 . 2011-08-10 11:22 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb 2011-07-16 14:17 . 2011-08-12 03:57 151552 ----a-w- c:\windows\SysWow64\ac3acm.acm 2011-07-16 05:26 . 2011-08-10 11:23 362496 ----a-w- c:\windows\system32\wow64win.dll 2011-07-16 05:26 . 2011-08-10 11:23 243200 ----a-w- c:\windows\system32\wow64.dll 2011-07-16 05:26 . 2011-08-10 11:23 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2011-07-16 05:26 . 2011-08-10 11:23 214528 ----a-w- c:\windows\system32\winsrv.dll 2011-07-16 05:24 . 2011-08-10 11:23 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2011-07-16 05:21 . 2011-08-10 11:23 422400 ----a-w- c:\windows\system32\KernelBase.dll 2011-07-16 05:17 . 2011-08-10 11:23 338432 ----a-w- c:\windows\system32\conhost.exe 2011-07-16 05:04 . 2011-08-10 11:23 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 11:23 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 11:23 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 11:23 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 11:23 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 11:23 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 11:23 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 11:23 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 11:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 11:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 11:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 11:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 11:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 11:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 11:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 11:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 11:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 11:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 11:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 11:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 11:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 11:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 11:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 11:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 11:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 11:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 11:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 11:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2011-07-16 04:36 . 2011-08-10 11:23 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2011-07-16 04:32 . 2011-08-10 11:23 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2011-07-16 04:31 . 2011-08-10 11:23 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2011-07-16 04:30 . 2011-08-10 11:23 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2011-07-16 04:30 . 2011-08-10 11:23 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll 2011-07-16 04:19 . 2011-08-10 11:23 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 11:23 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 11:23 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 11:23 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 11:23 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 11:23 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 11:23 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 11:23 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 11:23 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 11:23 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 11:23 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 11:23 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 11:23 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 11:23 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 11:23 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 11:23 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 11:23 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 11:23 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 11:23 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 11:23 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 11:23 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 11:23 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 11:23 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 11:23 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll 2011-07-16 02:26 . 2011-08-10 11:23 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2011-07-16 02:26 . 2011-08-10 11:23 2048 ----a-w- c:\windows\SysWow64\user.exe 2011-07-16 02:21 . 2011-08-10 11:23 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2011-07-16 02:21 . 2011-08-10 11:23 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2011-07-16 02:21 . 2011-08-10 11:23 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2011-07-16 02:21 . 2011-08-10 11:23 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2011-07-09 02:44 . 2011-08-10 11:23 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-06-24 14:44 . 2011-08-12 03:57 243200 ----a-w- c:\windows\SysWow64\xvidvfw.dll 2011-06-24 14:28 . 2011-08-12 03:57 650752 ----a-w- c:\windows\SysWow64\xvidcore.dll . . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\users\Tim2011\AppData\Roaming ---- . . . ((((((((((((((((((((((((((((( SnapShot_2011-09-15_05.27.12 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-14 04:54 . 2011-09-22 01:58 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2011-09-15 04:16 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2011-09-22 01:58 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2011-09-15 04:16 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2011-09-15 04:16 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2011-09-22 01:58 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-11-04 02:09 . 2011-09-22 12:37 33998 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2011-09-22 12:37 27796 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-06-10 04:11 . 2011-09-22 12:37 13710 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2179761902-2918485941-3184494024-1001_UserData.bin + 2010-11-04 02:16 . 2011-09-22 12:36 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-11-04 02:16 . 2011-09-15 05:20 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-11-04 02:16 . 2011-09-15 05:20 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-11-04 02:16 . 2011-09-22 12:36 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2011-09-22 12:36 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2011-09-15 05:20 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-06-10 04:11 . 2011-09-22 12:37 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-06-10 04:11 . 2011-09-15 05:22 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:46 . 2011-09-20 15:41 80352 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat - 2009-07-14 04:46 . 2011-09-13 01:27 80352 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2011-06-10 04:11 . 2011-09-22 12:37 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2011-06-10 04:11 . 2011-09-15 05:22 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2011-06-10 04:11 . 2011-09-22 12:37 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-06-10 04:11 . 2011-09-15 05:22 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-06-10 04:10 . 2011-09-22 12:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-06-10 04:10 . 2011-09-15 05:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-06-10 04:10 . 2011-09-22 12:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-06-10 04:10 . 2011-09-15 05:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-09-22 12:36 . 2011-09-22 12:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-09-15 05:20 . 2011-09-15 05:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-09-22 12:36 . 2011-09-22 12:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2011-09-15 05:20 . 2011-09-15 05:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-09-14 05:17 . 2011-07-27 04:30 361472 c:\windows\SysWOW64\IME\IMEJP10\IMJPAPI.DLL - 2009-07-13 23:26 . 2009-07-14 01:15 361472 c:\windows\SysWOW64\IME\IMEJP10\IMJPAPI.DLL + 2011-06-11 08:23 . 2011-09-22 01:55 221426 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin + 2011-06-10 12:40 . 2011-09-20 21:23 240230 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2009-07-14 02:36 . 2011-09-22 11:12 627812 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2011-09-15 05:24 627812 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2011-09-15 05:24 107926 c:\windows\system32\perfc009.dat + 2009-07-14 02:36 . 2011-09-22 11:12 107926 c:\windows\system32\perfc009.dat + 2011-09-14 05:17 . 2011-07-27 05:31 546304 c:\windows\system32\IME\IMEJP10\IMJPAPI.DLL - 2009-07-13 23:40 . 2009-07-14 01:41 546304 c:\windows\system32\IME\IMEJP10\IMJPAPI.DLL + 2011-06-10 10:01 . 2011-09-22 11:07 480568 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2011-06-10 10:01 . 2011-09-15 04:15 480568 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2009-07-14 05:01 . 2011-09-15 05:19 237492 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2011-09-22 12:35 237492 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2011-06-09 18:32 . 2011-09-15 05:19 471604 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2179761902-2918485941-3184494024-1001-8192.dat + 2011-06-09 18:32 . 2011-09-22 12:35 471604 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2179761902-2918485941-3184494024-1001-8192.dat - 2009-07-14 04:45 . 2011-09-11 14:15 3802522 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat + 2009-07-14 04:45 . 2011-09-17 21:38 3802522 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat + 2011-09-16 06:36 . 2011-09-16 06:36 2830336 c:\windows\Installer\55045c5.msi + 2011-09-21 12:49 . 2011-09-21 12:49 7546880 c:\windows\Installer\200e7c.msi - 2009-07-14 02:34 . 2011-09-07 07:10 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT + 2009-07-14 02:34 . 2011-09-15 06:11 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT + 2011-06-10 09:33 . 2011-09-15 05:59 47946184 c:\windows\system32\MRT.exe . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk&inst=NzctNzI3MzkyMjA2LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ∏=90&ver=2012.0.1809&mid=cd33587ccdc847d1b2912104e4b340c9-23825aab87f0b15c15cc5fcc00dbf40e8023182c" [?] "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-06-11 560128] "Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-01-13 165184] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216] Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-15 136176] R3 appliand;Applian Network Service;c:\windows\system32\DRIVERS\appliand.sys [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-15 136176] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2010/11/03 21:32];c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl [2009-12-29 21:35 146928] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208] S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-06-07 408576] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920] S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-06-07 911872] S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x] S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [x] S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x] S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [x] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x] S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x] S3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver64.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2011-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-15 04:21] . 2011-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-15 04:21] . 2011-09-09 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09] . 2011-09-22 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-14 10144288] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-08 166424] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-08 391192] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-08 413720] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976] "IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-06-08 1441792] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Tim2011\AppData\Roaming\Mozilla\Firefox\Profiles\ms1ac464.default\ . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}] "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe c:\program files (x86)\Dell DataSafe Local Backup\Toaster.exe . ************************************************************************** . Completion time: 2011-09-22 08:42:15 - machine was rebooted ComboFix-quarantined-files.txt 2011-09-22 12:42 ComboFix2.txt 2011-09-15 05:31 ComboFix3.txt 2011-09-09 11:23 . Pre-Run: 82,833,244,160 bytes free Post-Run: 82,766,340,096 bytes free . - - End Of File - - 22215BD964B60AC3E16F0492CFC4E535 . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26 Run by Tim2011 at 8:48:26 on 2011-09-22 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5941.4524 [GMT -4:00] . SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE C:\Windows\Explorer.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\notepad.exe C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\Updates\DataSafe_9_4_51_9_4_60_x64_Update.exe C:\Users\Tim2011\AppData\Local\Temp\_ir_vp2_temp_0\vpatch.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk"&"inst=NzctNzI3MzkyMjA2LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ"&"prod=90"&"ver=2012.0.1809"&"mid=cd33587ccdc847d1b2912104e4b340c9-23825aab87f0b15c15cc5fcc00dbf40e8023182c mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{30268699-7812-4AB4-9212-4F902675A6CB} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{30268699-7812-4AB4-9212-4F902675A6CB}\361627C616370227F657475627 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{30268699-7812-4AB4-9212-4F902675A6CB}\478656B6C6F647A7E6562737 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{30268699-7812-4AB4-9212-4F902675A6CB}\7796C6569737 : DhcpNameServer = 68.87.72.134 68.87.77.134 TCP: Interfaces\{30268699-7812-4AB4-9212-4F902675A6CB}\B696C6C656270353 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{ECCB850B-16B8-45F2-BFC8-75EDC20BEC45} : DhcpNameServer = 66.233.175.12 75.94.255.12 BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll BHO-X64: Search Helper - No File BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk"&"inst=NzctNzI3MzkyMjA2LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ"&"prod=90"&"ver=2012.0.1809"&"mid=cd33587ccdc847d1b2912104e4b340c9-23825aab87f0b15c15cc5fcc00dbf40e8023182c mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Tim2011\AppData\Roaming\Mozilla\Firefox\Profiles\ms1ac464.default\ FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2010/11/03 21:32:23];C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [2010-11-3 146928] R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-11-4 98208] R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-6-7 408576] R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-11-3 705856] R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-3 2320920] R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-6-7 911872] R3 appliandMP;appliandMP;C:\Windows\system32\DRIVERS\appliand.sys --> C:\Windows\system32\DRIVERS\appliand.sys [?] R3 bpenum;bpenum;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?] R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\system32\DRIVERS\bpmp.sys --> C:\Windows\system32\DRIVERS\bpmp.sys [?] R3 bpusb;bpusb;C:\Windows\system32\Drivers\bpusb.sys --> C:\Windows\system32\Drivers\bpusb.sys [?] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?] R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?] R3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;C:\Windows\system32\DRIVERS\stdriver64.sys --> C:\Windows\system32\DRIVERS\stdriver64.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-15 136176] S3 appliand;Applian Network Service;C:\Windows\system32\DRIVERS\appliand.sys --> C:\Windows\system32\DRIVERS\appliand.sys [?] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-15 136176] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?] S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?] . =============== Created Last 30 ================ . 2011-09-18 05:09:33 -------- d-----w- C:\Windows\pss 2011-09-15 04:21:07 -------- d-----w- C:\Users\Tim2011\AppData\Local\Google 2011-09-13 09:02:03 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE 2011-09-13 06:07:25 -------- d-----w- C:\Users\Tim2011\DownloadsSplit 2011-09-10 14:40:55 -------- d-----w- C:\Users\Tim2011\AppData\Roaming\AVG2012 2011-09-10 14:31:36 -------- d--h--w- C:\ProgramData\Common Files 2011-09-10 14:31:12 -------- d-----w- C:\ProgramData\AVG2012 2011-09-10 14:30:39 -------- d-----w- C:\Program Files (x86)\AVG 2011-09-10 14:28:07 -------- d-----w- C:\ProgramData\MFAData 2011-09-09 11:15:41 98816 ----a-w- C:\Windows\sed.exe 2011-09-09 11:15:41 518144 ----a-w- C:\Windows\SWREG.exe 2011-09-09 11:15:41 256000 ----a-w- C:\Windows\PEV.exe 2011-09-09 11:15:41 208896 ----a-w- C:\Windows\MBR.exe 2011-08-24 13:53:55 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2011-08-24 13:53:55 2048 ----a-w- C:\Windows\System32\tzres.dll . ==================== Find3M ==================== . 2011-09-15 04:20:40 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-08-31 21:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-08-08 18:00:00 86016 ----a-w- C:\Windows\System32\ff_vfw.dll 2011-08-08 08:00:00 74752 ----a-w- C:\Windows\SysWow64\ff_vfw.dll 2011-07-22 05:35:08 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2011-07-22 04:56:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-07-16 14:17:06 151552 ----a-w- C:\Windows\SysWow64\ac3acm.acm 2011-07-16 05:26:54 362496 ----a-w- C:\Windows\System32\wow64win.dll 2011-07-16 05:26:53 243200 ----a-w- C:\Windows\System32\wow64.dll 2011-07-16 05:26:53 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2011-07-16 05:26:18 214528 ----a-w- C:\Windows\System32\winsrv.dll 2011-07-16 05:24:09 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2011-07-16 05:21:32 422400 ----a-w- C:\Windows\System32\KernelBase.dll 2011-07-16 05:17:46 338432 ----a-w- C:\Windows\System32\conhost.exe 2011-07-16 04:36:09 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2011-07-16 04:32:14 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2011-07-16 04:31:50 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2011-07-16 04:30:29 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2011-07-16 04:30:27 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2011-07-16 02:26:12 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2011-07-16 02:26:11 2048 ----a-w- C:\Windows\SysWow64\user.exe 2011-07-16 02:21:47 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2011-07-16 02:21:47 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2011-07-16 02:21:47 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2011-07-16 02:21:47 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2011-07-09 02:44:55 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys 2011-06-24 14:44:30 243200 ----a-w- C:\Windows\SysWow64\xvidvfw.dll 2011-06-24 14:28:22 650752 ----a-w- C:\Windows\SysWow64\xvidcore.dll . ============= FINISH: 8:53:42.23 ===============
- September 22, 2011
- 13 replies
stolen.data bunch of files

Licit replied to Licit's topic in Resolved Malware Removal Logs

And here is a log of malwarebytes quick scan I just ran, still getting 12 stolen data files in the results. Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 7719 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 9/15/2011 1:48:11 AM mbam-log-2011-09-15 (01-48-11).txt Scan type: Quick scan Objects scanned: 204701 Time elapsed: 9 minute(s), 14 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 12 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Users\Tim2011\AppData\Roaming\24cca13 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\26d0319 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\43c0493 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\489c346 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\527c926 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\5796121 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\6099174 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\6103a43 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\76e1595 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\76e9f68 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\8981039 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\94ea407 (Stolen.Data) -> Quarantined and deleted successfully.
- September 15, 2011
- 13 replies
stolen.data bunch of files

Licit replied to Licit's topic in Resolved Malware Removal Logs

I ran the prgram and it said all mcafee components were removed but combofix still said there were 2 mcafee components running. I ran it anyway and here is the result. ComboFix 11-09-14.02 - Tim2011 09/15/2011 1:01.3.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5941.4749 [GMT -4:00] Running from: c:\users\Tim2011\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . c:\programdata\PCDr\5830\Downloads\0d85b53c-d766-4bf0-8940-17b534910268.dll c:\programdata\PCDr\5830\Downloads\a30a02da-a4ca-4f1c-af5c-d8dd738b134a.dll c:\programdata\PCDr\5830\Downloads\ed901639-e445-40c0-9422-74d70d0b1449.dll c:\users\Tim2011\08282011vortex.cgi_files c:\users\Tim2011\08282011vortex.cgi_files\calendar.js c:\users\Tim2011\08282011vortex.cgi_files\ecom.js c:\users\Tim2011\08282011vortex.cgi_files\EHO_logo.gif c:\users\Tim2011\08282011vortex.cgi_files\gmac2_styles.css c:\users\Tim2011\08282011vortex.cgi_files\mbox.js c:\users\Tim2011\08282011vortex.cgi_files\pixel.gif c:\users\Tim2011\08282011vortex.cgi_files\prototype.js c:\users\Tim2011\08282011vortex.cgi_files\standard c:\users\Tim2011\GoToAssistDownloadHelper.exe . . ((((((((((((((((((((((((( Files Created from 2011-08-15 to 2011-09-15 ))))))))))))))))))))))))))))))) . . 2011-09-15 05:19 . 2011-09-15 05:19 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-09-15 04:21 . 2011-09-15 04:21 -------- d-----w- c:\users\Tim2011\AppData\Local\Google 2011-09-15 04:20 . 2011-09-15 04:21 -------- d-----w- c:\program files (x86)\Google 2011-09-13 09:02 . 2011-09-14 18:07 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE 2011-09-13 06:07 . 2011-09-13 06:08 -------- d-----w- c:\users\Tim2011\DownloadsSplit 2011-09-10 14:31 . 2011-09-10 14:31 -------- d--h--w- c:\programdata\Common Files 2011-09-10 14:31 . 2011-09-15 04:55 -------- d-----w- c:\programdata\AVG2012 2011-09-10 14:30 . 2011-09-10 14:30 -------- d-----w- c:\program files (x86)\AVG 2011-09-10 14:28 . 2011-09-15 04:54 -------- d-----w- c:\programdata\MFAData 2011-08-24 13:53 . 2011-07-09 05:14 2048 ----a-w- c:\windows\system32\tzres.dll 2011-08-24 13:53 . 2011-07-09 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2011-08-18 21:13 . 2011-08-18 21:13 -------- d-----w- c:\users\Tim2011\drcolorchip-thankyou.cgi_files 2011-08-18 05:26 . 2011-08-08 18:00 86016 ----a-w- c:\windows\system32\ff_vfw.dll 2011-08-18 05:26 . 2011-03-02 10:43 203264 ----a-w- c:\windows\system32\unrar.dll 2011-08-18 05:26 . 2011-08-18 05:26 -------- d-----w- c:\program files\K-Lite Codec Pack x64 2011-08-18 03:39 . 2011-08-18 03:39 -------- d-----w- c:\users\Tim2011\KC_CUSTOM_MENU_01.KC_ZC_HMPG_CMPT.GBL-2_files . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-09-15 04:20 . 2011-06-11 09:11 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-08-31 21:00 . 2011-06-18 05:37 25416 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-08 08:00 . 2011-08-12 03:57 74752 ----a-w- c:\windows\SysWow64\ff_vfw.dll 2011-07-22 05:35 . 2011-08-10 11:22 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-07-22 04:56 . 2011-08-10 11:22 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb 2011-07-16 14:17 . 2011-08-12 03:57 151552 ----a-w- c:\windows\SysWow64\ac3acm.acm 2011-07-16 05:26 . 2011-08-10 11:23 362496 ----a-w- c:\windows\system32\wow64win.dll 2011-07-16 05:26 . 2011-08-10 11:23 243200 ----a-w- c:\windows\system32\wow64.dll 2011-07-16 05:26 . 2011-08-10 11:23 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2011-07-16 05:26 . 2011-08-10 11:23 214528 ----a-w- c:\windows\system32\winsrv.dll 2011-07-16 05:24 . 2011-08-10 11:23 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2011-07-16 05:21 . 2011-08-10 11:23 422400 ----a-w- c:\windows\system32\KernelBase.dll 2011-07-16 05:17 . 2011-08-10 11:23 338432 ----a-w- c:\windows\system32\conhost.exe 2011-07-16 05:04 . 2011-08-10 11:23 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 11:23 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 11:23 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 11:23 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 11:23 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 11:23 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 11:23 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 11:23 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 11:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 11:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 11:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 11:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 11:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 11:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 11:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 11:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 11:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 11:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 11:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 11:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 11:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 11:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 11:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 11:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 11:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 11:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 11:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 11:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2011-07-16 04:36 . 2011-08-10 11:23 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2011-07-16 04:32 . 2011-08-10 11:23 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2011-07-16 04:31 . 2011-08-10 11:23 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2011-07-16 04:30 . 2011-08-10 11:23 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2011-07-16 04:30 . 2011-08-10 11:23 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll 2011-07-16 04:19 . 2011-08-10 11:23 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 11:23 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 11:23 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 11:23 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 11:23 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 11:23 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 11:23 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 11:23 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 11:23 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 11:23 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 11:23 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 11:23 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 11:23 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 11:23 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 11:23 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 11:23 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 11:23 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 11:23 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 11:23 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 11:23 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 11:23 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 11:23 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 11:23 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 11:23 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll 2011-07-16 02:26 . 2011-08-10 11:23 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2011-07-16 02:26 . 2011-08-10 11:23 2048 ----a-w- c:\windows\SysWow64\user.exe 2011-07-16 02:21 . 2011-08-10 11:23 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2011-07-16 02:21 . 2011-08-10 11:23 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2011-07-16 02:21 . 2011-08-10 11:23 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2011-07-16 02:21 . 2011-08-10 11:23 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2011-07-09 02:44 . 2011-08-10 11:23 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-06-24 14:44 . 2011-08-12 03:57 243200 ----a-w- c:\windows\SysWow64\xvidvfw.dll 2011-06-24 14:28 . 2011-08-12 03:57 650752 ----a-w- c:\windows\SysWow64\xvidcore.dll 2011-06-23 05:31 . 2011-08-10 11:22 5474688 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-06-23 04:32 . 2011-08-10 11:22 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2011-06-23 04:32 . 2011-08-10 11:22 3911552 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2011-06-21 06:27 . 2011-08-10 11:23 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-06-21 06:20 . 2011-08-10 11:22 1197056 ----a-w- c:\windows\system32\wininet.dll 2011-06-21 06:20 . 2011-08-10 11:22 57856 ----a-w- c:\windows\system32\licmgr10.dll 2011-06-21 05:36 . 2011-08-10 11:22 981504 ----a-w- c:\windows\SysWow64\wininet.dll 2011-06-21 05:35 . 2011-08-10 11:22 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll 2011-06-21 05:05 . 2011-08-10 11:22 482816 ----a-w- c:\windows\system32\html.iec 2011-06-21 04:26 . 2011-08-10 11:22 386048 ----a-w- c:\windows\SysWow64\html.iec . . ((((((((((((((((((((((((((((( SnapShot@2011-09-09_11.19.52 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-14 04:54 . 2011-09-15 04:16 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2011-09-07 12:02 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2011-09-15 04:16 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2011-09-07 12:02 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2011-09-07 12:02 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2011-09-15 04:16 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-11-04 02:09 . 2011-09-15 04:57 33422 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2011-09-15 04:57 27516 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-06-10 04:11 . 2011-09-15 04:57 12730 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2179761902-2918485941-3184494024-1001_UserData.bin + 2010-11-04 02:16 . 2011-09-15 05:20 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-11-04 02:16 . 2011-09-09 11:19 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-11-04 02:16 . 2011-09-09 11:19 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-11-04 02:16 . 2011-09-15 05:20 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2011-09-09 11:19 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2011-09-15 05:20 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-06-10 04:11 . 2011-09-15 05:22 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-06-10 04:11 . 2011-09-09 11:11 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:46 . 2011-09-13 01:27 80352 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2011-06-10 04:11 . 2011-09-15 05:22 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2011-06-10 04:11 . 2011-09-09 11:11 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2011-06-10 04:11 . 2011-09-09 11:11 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-06-10 04:11 . 2011-09-15 05:22 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-06-10 04:10 . 2011-09-09 11:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-06-10 04:10 . 2011-09-15 05:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-06-10 04:10 . 2011-09-15 05:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-06-10 04:10 . 2011-09-09 11:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-09-15 04:21 . 2011-09-15 04:21 25088 c:\windows\Installer\5393c.msi + 2011-07-02 11:57 . 2011-09-10 14:23 3032 c:\windows\system32\wdi\ERCQueuedResolutions.dat + 2011-09-15 05:20 . 2011-09-15 05:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-09-09 11:19 . 2011-09-09 11:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-09-09 11:19 . 2011-09-09 11:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-09-15 05:20 . 2011-09-15 05:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-09-15 04:20 . 2011-09-15 04:20 243360 c:\windows\SysWOW64\Macromed\Flash\FlashUtil10w_Plugin.exe + 2011-09-15 04:13 . 2011-09-15 04:13 262144 c:\windows\SysWOW64\config\TxR\NTUSER.DAT + 2011-09-15 04:13 . 2011-09-15 04:13 262144 c:\windows\SysWOW64\config\RegBack\NTUSER.DAT + 2011-09-15 04:13 . 2011-09-15 04:13 262144 c:\windows\SysWOW64\config\Journal\NTUSER.DAT + 2011-06-10 12:40 . 2011-09-15 02:25 239798 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2009-07-14 02:36 . 2011-09-15 05:24 627812 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2011-09-09 11:13 627812 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2011-09-15 05:24 107926 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2011-09-09 11:13 107926 c:\windows\system32\perfc009.dat - 2011-06-10 10:01 . 2011-09-09 11:08 480568 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2011-06-10 10:01 . 2011-09-15 04:15 480568 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2009-07-14 05:01 . 2011-09-09 11:08 237492 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2011-09-15 05:19 237492 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2011-06-09 18:32 . 2011-09-09 11:08 471604 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2179761902-2918485941-3184494024-1001-8192.dat + 2011-06-09 18:32 . 2011-09-15 05:19 471604 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2179761902-2918485941-3184494024-1001-8192.dat + 2011-09-15 04:45 . 2011-09-15 04:45 237492 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2179761902-2918485941-3184494024-1001-12288.dat + 2011-09-10 14:29 . 2011-09-10 14:29 223232 c:\windows\Installer\5d119.msi + 2011-06-11 09:11 . 2011-09-15 04:20 6277280 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll - 2011-06-11 09:11 . 2011-08-15 12:21 6277280 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll + 2009-07-14 04:45 . 2011-09-11 14:15 3802522 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat - 2009-07-14 04:45 . 2011-09-07 11:44 3802522 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat + 2011-09-14 04:55 . 2011-09-14 04:55 2830336 c:\windows\Installer\ae68314.msi + 2011-09-10 14:28 . 2011-09-10 14:28 7524352 c:\windows\Installer\5d126.msi + 2011-09-10 14:29 . 2011-09-10 14:29 8544256 c:\windows\Installer\5d11e.msi . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520] "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk&inst=NzctNzIxMjE2MzQwLVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ∏=90&ver=2012.0.1796&mid=cd33587ccdc847d1b2912104e4b340c9-23825aab87f0b15c15cc5fcc00dbf40e8023182c" [?] "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-06-11 560128] "Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-01-13 165184] . c:\users\Tim2011\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216] Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-15 136176] R3 appliand;Applian Network Service;c:\windows\system32\DRIVERS\appliand.sys [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-15 136176] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2010/11/03 21:32];c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl [2009-12-29 21:35 146928] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208] S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-06-07 408576] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920] S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-06-07 911872] S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x] S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [x] S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x] S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [x] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x] S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x] S3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver64.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2011-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-15 04:21] . 2011-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-15 04:21] . 2011-09-09 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09] . 2011-09-15 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-14 10144288] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-08 166424] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-08 391192] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-08 413720] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976] "IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-06-08 1441792] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Tim2011\AppData\Roaming\Mozilla\Firefox\Profiles\ms1ac464.default\ . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}] "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE c:\program files (x86)\Dell DataSafe Local Backup\Toaster.exe . ************************************************************************** . Completion time: 2011-09-15 01:31:28 - machine was rebooted ComboFix-quarantined-files.txt 2011-09-15 05:31 ComboFix2.txt 2011-09-09 11:23 . Pre-Run: 21,666,856,960 bytes free Post-Run: 21,341,708,288 bytes free . - - End Of File - - C01FCFBDF554AB81556ED1BD2C4978D4
- September 15, 2011
- 13 replies
stolen.data bunch of files

Licit replied to Licit's topic in Resolved Malware Removal Logs

OK here is combofix text and dds text. One note Combofix told me that two mcafee processes were running but mcafee was uninstalled right after I got this laptop. ComboFix 11-09-02.04 - Tim2011 09/09/2011 7:17.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5941.4753 [GMT -4:00] Running from: c:\users\Tim2011\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . - REDUCED FUNCTIONALITY MODE - . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\PCDr\5830\Downloads\0d85b53c-d766-4bf0-8940-17b534910268.dll c:\programdata\PCDr\5830\Downloads\2e066da0-02f5-4227-80e6-d506c5c8890d.dll c:\programdata\PCDr\5830\Downloads\6fd9c210-a946-4464-b5b4-66b9f96ead1b.dll c:\programdata\PCDr\5830\Downloads\a30a02da-a4ca-4f1c-af5c-d8dd738b134a.dll c:\programdata\PCDr\5830\Downloads\c63422ee-d520-4a37-943a-c51b83c90a81.dll c:\programdata\PCDr\5830\Downloads\ed901639-e445-40c0-9422-74d70d0b1449.dll . . ((((((((((((((((((((((((( Files Created from 2011-08-09 to 2011-09-09 ))))))))))))))))))))))))))))))) . . 2011-09-09 11:18 . 2011-09-09 11:18 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-08-28 05:18 . 2011-08-28 05:18 -------- d-----w- c:\users\Tim2011\08282011vortex.cgi_files 2011-08-24 13:53 . 2011-07-09 05:14 2048 ----a-w- c:\windows\system32\tzres.dll 2011-08-24 13:53 . 2011-07-09 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2011-08-18 21:13 . 2011-08-18 21:13 -------- d-----w- c:\users\Tim2011\drcolorchip-thankyou.cgi_files 2011-08-18 05:26 . 2011-08-08 18:00 86016 ----a-w- c:\windows\system32\ff_vfw.dll 2011-08-18 05:26 . 2011-03-02 10:43 203264 ----a-w- c:\windows\system32\unrar.dll 2011-08-18 05:26 . 2011-08-18 05:26 -------- d-----w- c:\program files\K-Lite Codec Pack x64 2011-08-18 03:39 . 2011-08-18 03:39 -------- d-----w- c:\users\Tim2011\KC_CUSTOM_MENU_01.KC_ZC_HMPG_CMPT.GBL-2_files 2011-08-12 04:50 . 2011-09-09 07:12 -------- d-----w- c:\users\Tim2011\DownloadsCurrent-300M or bigger 2011-08-12 03:57 . 2011-03-02 10:43 175616 ----a-w- c:\windows\SysWow64\unrar.dll 2011-08-12 03:57 . 2011-08-08 08:00 74752 ----a-w- c:\windows\SysWow64\ff_vfw.dll 2011-08-12 03:57 . 2011-07-16 14:17 151552 ----a-w- c:\windows\SysWow64\ac3acm.acm 2011-08-12 03:57 . 2011-06-24 14:44 243200 ----a-w- c:\windows\SysWow64\xvidvfw.dll 2011-08-12 03:57 . 2011-06-24 14:28 650752 ----a-w- c:\windows\SysWow64\xvidcore.dll 2011-08-12 03:57 . 2010-11-03 18:08 237568 ----a-w- c:\windows\SysWow64\yv12vfw.dll 2011-08-12 03:57 . 2008-09-24 18:41 839680 ----a-w- c:\windows\SysWow64\lameACM.acm 2011-08-12 03:57 . 2011-08-12 03:57 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-15 12:21 . 2011-06-11 09:11 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-07-21 05:20 . 2011-07-21 05:20 103784 ----a-w- c:\users\Tim2011\GoToAssistDownloadHelper.exe 2011-07-16 04:32 . 2011-08-10 11:23 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2011-07-06 23:52 . 2011-06-18 05:37 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2011-07-06 23:52 . 2011-06-18 05:37 25912 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-12 11:13 . 2011-06-12 11:13 56408 ----a-w- c:\windows\system32\drivers\stdriver64.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520] "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-06-11 560128] "Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-01-13 165184] . c:\users\Tim2011\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216] Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R3 appliand;Applian Network Service;c:\windows\system32\DRIVERS\appliand.sys [x] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2010/11/03 21:32];c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl [2009-12-29 21:35 146928] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208] S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-06-07 408576] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920] S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-06-07 911872] S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x] S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [x] S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x] S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [x] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x] S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x] S3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver64.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x] . . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8208ce73-b13c-11e0-aec6-d0c52e595c52}] \shell\AutoRun\command - "E:\WD SmartWare.exe" autoplay=true . Contents of the 'Scheduled Tasks' folder . 2011-09-09 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09] . 2011-09-09 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-14 10144288] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-08 166424] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-08 391192] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-08 413720] "QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-04-06 3203440] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976] "IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-06-08 1441792] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm FF - ProfilePath - c:\users\Tim2011\AppData\Roaming\Mozilla\Firefox\Profiles\ms1ac464.default\ . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}] "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE c:\program files (x86)\Dell DataSafe Local Backup\Toaster.exe . ************************************************************************** . Completion time: 2011-09-09 07:23:52 - machine was rebooted ComboFix-quarantined-files.txt 2011-09-09 11:23 . Pre-Run: 8,350,715,904 bytes free Post-Run: 13,740,335,104 bytes free . - - End Of File - - C8CD81CBCCA62A2E58D2774EE1703387 And dds . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26 Run by Tim2011 at 7:26:30 on 2011-09-09 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5941.4620 [GMT -4:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE C:\Windows\System32\vds.exe C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\sppsvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe StartupFolder: C:\Users\Tim2011\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{30268699-7812-4AB4-9212-4F902675A6CB} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{30268699-7812-4AB4-9212-4F902675A6CB}\361627C616370227F657475627 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{30268699-7812-4AB4-9212-4F902675A6CB}\7796C6569737 : DhcpNameServer = 68.87.72.134 68.87.77.134 TCP: Interfaces\{30268699-7812-4AB4-9212-4F902675A6CB}\B696C6C656270353 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{ECCB850B-16B8-45F2-BFC8-75EDC20BEC45} : DhcpNameServer = 66.233.175.12 75.94.255.12 BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll BHO-X64: Search Helper - No File BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Tim2011\AppData\Roaming\Mozilla\Firefox\Profiles\ms1ac464.default\ FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2010/11/03 21:32:23];C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [2010-11-3 146928] R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-11-4 98208] R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-6-7 408576] R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-11-3 705856] R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-3 2320920] R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-6-7 911872] R3 appliandMP;appliandMP;C:\Windows\system32\DRIVERS\appliand.sys --> C:\Windows\system32\DRIVERS\appliand.sys [?] R3 bpenum;bpenum;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?] R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\system32\DRIVERS\bpmp.sys --> C:\Windows\system32\DRIVERS\bpmp.sys [?] R3 bpusb;bpusb;C:\Windows\system32\Drivers\bpusb.sys --> C:\Windows\system32\Drivers\bpusb.sys [?] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?] R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?] R3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;C:\Windows\system32\DRIVERS\stdriver64.sys --> C:\Windows\system32\DRIVERS\stdriver64.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?] S3 appliand;Applian Network Service;C:\Windows\system32\DRIVERS\appliand.sys --> C:\Windows\system32\DRIVERS\appliand.sys [?] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?] S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?] . =============== Created Last 30 ================ . 2011-09-09 11:15:41 98816 ----a-w- C:\Windows\sed.exe 2011-09-09 11:15:41 518144 ----a-w- C:\Windows\SWREG.exe 2011-09-09 11:15:41 256000 ----a-w- C:\Windows\PEV.exe 2011-09-09 11:15:41 208896 ----a-w- C:\Windows\MBR.exe 2011-08-28 05:18:27 -------- d-----w- C:\Users\Tim2011\08282011vortex.cgi_files 2011-08-24 13:53:55 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2011-08-24 13:53:55 2048 ----a-w- C:\Windows\System32\tzres.dll 2011-08-18 21:13:54 -------- d-----w- C:\Users\Tim2011\drcolorchip-thankyou.cgi_files 2011-08-18 05:26:38 86016 ----a-w- C:\Windows\System32\ff_vfw.dll 2011-08-18 05:26:38 203264 ----a-w- C:\Windows\System32\unrar.dll 2011-08-18 05:26:37 -------- d-----w- C:\Program Files\K-Lite Codec Pack x64 2011-08-18 03:39:35 -------- d-----w- C:\Users\Tim2011\KC_CUSTOM_MENU_01.KC_ZC_HMPG_CMPT.GBL-2_files 2011-08-12 04:50:28 -------- d-----w- C:\Users\Tim2011\DownloadsCurrent-300M or bigger 2011-08-12 03:57:19 175616 ----a-w- C:\Windows\SysWow64\unrar.dll 2011-08-12 03:57:18 839680 ----a-w- C:\Windows\SysWow64\lameACM.acm 2011-08-12 03:57:18 74752 ----a-w- C:\Windows\SysWow64\ff_vfw.dll 2011-08-12 03:57:18 650752 ----a-w- C:\Windows\SysWow64\xvidcore.dll 2011-08-12 03:57:18 243200 ----a-w- C:\Windows\SysWow64\xvidvfw.dll 2011-08-12 03:57:18 237568 ----a-w- C:\Windows\SysWow64\yv12vfw.dll 2011-08-12 03:57:18 151552 ----a-w- C:\Windows\SysWow64\ac3acm.acm 2011-08-12 03:57:16 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack . ==================== Find3M ==================== . 2011-08-15 12:21:33 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-07-22 05:35:08 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2011-07-22 04:56:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-07-21 05:20:19 103784 ----a-w- C:\Users\Tim2011\GoToAssistDownloadHelper.exe 2011-07-16 05:26:54 362496 ----a-w- C:\Windows\System32\wow64win.dll 2011-07-16 05:26:53 243200 ----a-w- C:\Windows\System32\wow64.dll 2011-07-16 05:26:53 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2011-07-16 05:26:18 214528 ----a-w- C:\Windows\System32\winsrv.dll 2011-07-16 05:24:09 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2011-07-16 05:21:32 422400 ----a-w- C:\Windows\System32\KernelBase.dll 2011-07-16 05:17:46 338432 ----a-w- C:\Windows\System32\conhost.exe 2011-07-16 04:36:09 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2011-07-16 04:32:14 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2011-07-16 04:31:50 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2011-07-16 04:30:29 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2011-07-16 04:30:27 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2011-07-16 02:26:12 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2011-07-16 02:26:11 2048 ----a-w- C:\Windows\SysWow64\user.exe 2011-07-16 02:21:47 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2011-07-16 02:21:47 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2011-07-16 02:21:47 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2011-07-16 02:21:47 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2011-07-09 02:44:55 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys 2011-07-06 23:52:42 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2011-07-06 23:52:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-06-23 05:31:31 5474688 ----a-w- C:\Windows\System32\ntoskrnl.exe 2011-06-23 04:32:02 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2011-06-23 04:32:02 3911552 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2011-06-21 06:27:14 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2011-06-21 06:20:48 1197056 ----a-w- C:\Windows\System32\wininet.dll 2011-06-21 06:20:06 57856 ----a-w- C:\Windows\System32\licmgr10.dll 2011-06-21 05:36:36 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-06-21 05:35:05 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll 2011-06-21 05:05:13 482816 ----a-w- C:\Windows\System32\html.iec 2011-06-21 04:26:02 386048 ----a-w- C:\Windows\SysWow64\html.iec 2011-06-15 09:58:31 212992 ----a-w- C:\Windows\System32\odbctrac.dll 2011-06-15 09:58:31 163840 ----a-w- C:\Windows\System32\odbccp32.dll 2011-06-15 09:58:31 106496 ----a-w- C:\Windows\System32\odbccu32.dll 2011-06-15 09:58:31 106496 ----a-w- C:\Windows\System32\odbccr32.dll 2011-06-15 09:04:46 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll 2011-06-15 09:04:46 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll 2011-06-15 09:04:46 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll 2011-06-15 09:04:46 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll 2011-06-15 09:04:46 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll 2011-06-12 11:13:58 56408 ----a-w- C:\Windows\System32\drivers\stdriver64.sys . ============= FINISH: 7:31:46.55 =============== Thanx in advance!
- September 9, 2011
- 13 replies
stolen.data bunch of files

Licit replied to Licit's topic in Resolved Malware Removal Logs

Any help from the above posted text? I've run a couple scans again and I got 3 and then 2 stolen.data files. It will always scan clean the first time scanning after it comes back with a couple stolen.data files.
- September 7, 2011
- 13 replies
stolen.data bunch of files

Licit replied to Licit's topic in Resolved Malware Removal Logs

Well I had run a scan yesterday and it had 22 files. Then a full scan said clean and I just ran a quick scan for the log you wanted, then after it I will post the text file dds: Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7654 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 9/5/2011 9:41:25 AM mbam-log-2011-09-05 (09-41-25).txt Scan type: Quick scan Objects scanned: 193333 Time elapsed: 7 minute(s), 43 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) --------------------------------------------------------------------------------------------- DDS.txt DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26 Run by Tim2011 at 9:42:11 on 2011-09-05 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5941.4116 [GMT -4:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uDefault_Page_URL = g.msn.com/USCON/1 mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe StartupFolder: C:\Users\Tim2011\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe uPolicies-explorer: HideSCAHealth = 1 (0x1) mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab TCP: Interfaces\{30268699-7812-4AB4-9212-4F902675A6CB} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{30268699-7812-4AB4-9212-4F902675A6CB}\361627C616370227F657475627 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{30268699-7812-4AB4-9212-4F902675A6CB}\478656B6C6F647A7E6562737 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{30268699-7812-4AB4-9212-4F902675A6CB}\7796C6569737 : DhcpNameServer = 68.87.72.134 68.87.77.134 TCP: Interfaces\{30268699-7812-4AB4-9212-4F902675A6CB}\B696C6C656270353 : DhcpNameServer = 192.168.1.1 BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll BHO-X64: Search Helper - No File BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Tim2011\AppData\Roaming\Mozilla\Firefox\Profiles\ms1ac464.default\ FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2010/11/03 21:32:23];C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [2010-11-3 146928] R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-11-4 98208] R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-6-7 408576] R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-11-3 705856] R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-3 2320920] R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-6-7 911872] R3 appliandMP;appliandMP;C:\Windows\system32\DRIVERS\appliand.sys --> C:\Windows\system32\DRIVERS\appliand.sys [?] R3 bpenum;bpenum;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?] R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\system32\DRIVERS\bpmp.sys --> C:\Windows\system32\DRIVERS\bpmp.sys [?] R3 bpusb;bpusb;C:\Windows\system32\Drivers\bpusb.sys --> C:\Windows\system32\Drivers\bpusb.sys [?] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?] R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?] R3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;C:\Windows\system32\DRIVERS\stdriver64.sys --> C:\Windows\system32\DRIVERS\stdriver64.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?] S3 appliand;Applian Network Service;C:\Windows\system32\DRIVERS\appliand.sys --> C:\Windows\system32\DRIVERS\appliand.sys [?] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?] S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?] . =============== Created Last 30 ================ . 2011-08-28 05:18:27 -------- d-----w- C:\Users\Tim2011\08282011vortex.cgi_files 2011-08-24 13:53:55 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2011-08-24 13:53:55 2048 ----a-w- C:\Windows\System32\tzres.dll 2011-08-18 21:13:54 -------- d-----w- C:\Users\Tim2011\drcolorchip-thankyou.cgi_files 2011-08-18 05:26:38 86016 ----a-w- C:\Windows\System32\ff_vfw.dll 2011-08-18 05:26:38 203264 ----a-w- C:\Windows\System32\unrar.dll 2011-08-18 05:26:37 -------- d-----w- C:\Program Files\K-Lite Codec Pack x64 2011-08-18 03:39:35 -------- d-----w- C:\Users\Tim2011\KC_CUSTOM_MENU_01.KC_ZC_HMPG_CMPT.GBL-2_files 2011-08-12 04:50:28 -------- d-----w- C:\Users\Tim2011\DownloadsCurrent-300M or bigger 2011-08-12 03:57:19 175616 ----a-w- C:\Windows\SysWow64\unrar.dll 2011-08-12 03:57:18 839680 ----a-w- C:\Windows\SysWow64\lameACM.acm 2011-08-12 03:57:18 74752 ----a-w- C:\Windows\SysWow64\ff_vfw.dll 2011-08-12 03:57:18 650752 ----a-w- C:\Windows\SysWow64\xvidcore.dll 2011-08-12 03:57:18 243200 ----a-w- C:\Windows\SysWow64\xvidvfw.dll 2011-08-12 03:57:18 237568 ----a-w- C:\Windows\SysWow64\yv12vfw.dll 2011-08-12 03:57:18 151552 ----a-w- C:\Windows\SysWow64\ac3acm.acm 2011-08-12 03:57:16 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack . ==================== Find3M ==================== . 2011-08-15 12:21:33 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-07-22 05:35:08 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2011-07-22 04:56:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-07-21 05:20:19 103784 ----a-w- C:\Users\Tim2011\GoToAssistDownloadHelper.exe 2011-07-16 05:26:54 362496 ----a-w- C:\Windows\System32\wow64win.dll 2011-07-16 05:26:53 243200 ----a-w- C:\Windows\System32\wow64.dll 2011-07-16 05:26:53 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2011-07-16 05:26:18 214528 ----a-w- C:\Windows\System32\winsrv.dll 2011-07-16 05:24:09 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2011-07-16 05:21:32 422400 ----a-w- C:\Windows\System32\KernelBase.dll 2011-07-16 05:17:46 338432 ----a-w- C:\Windows\System32\conhost.exe 2011-07-16 04:36:09 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2011-07-16 04:32:14 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2011-07-16 04:31:50 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2011-07-16 04:30:29 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2011-07-16 04:30:27 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2011-07-16 02:26:12 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2011-07-16 02:26:11 2048 ----a-w- C:\Windows\SysWow64\user.exe 2011-07-16 02:21:47 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2011-07-16 02:21:47 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2011-07-16 02:21:47 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2011-07-16 02:21:47 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2011-07-09 02:44:55 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys 2011-07-06 23:52:42 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2011-07-06 23:52:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-06-23 05:31:31 5474688 ----a-w- C:\Windows\System32\ntoskrnl.exe 2011-06-23 04:32:02 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2011-06-23 04:32:02 3911552 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2011-06-21 06:27:14 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2011-06-21 06:20:48 1197056 ----a-w- C:\Windows\System32\wininet.dll 2011-06-21 06:20:06 57856 ----a-w- C:\Windows\System32\licmgr10.dll 2011-06-21 05:36:36 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-06-21 05:35:05 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll 2011-06-21 05:05:13 482816 ----a-w- C:\Windows\System32\html.iec 2011-06-21 04:26:02 386048 ----a-w- C:\Windows\SysWow64\html.iec 2011-06-15 09:58:31 212992 ----a-w- C:\Windows\System32\odbctrac.dll 2011-06-15 09:58:31 163840 ----a-w- C:\Windows\System32\odbccp32.dll 2011-06-15 09:58:31 106496 ----a-w- C:\Windows\System32\odbccu32.dll 2011-06-15 09:58:31 106496 ----a-w- C:\Windows\System32\odbccr32.dll 2011-06-15 09:04:46 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll 2011-06-15 09:04:46 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll 2011-06-15 09:04:46 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll 2011-06-15 09:04:46 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll 2011-06-15 09:04:46 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll 2011-06-12 11:13:58 56408 ----a-w- C:\Windows\System32\drivers\stdriver64.sys 2011-06-11 02:56:44 3134464 ----a-w- C:\Windows\System32\win32k.sys . ============= FINISH: 9:42:36.71 ===============
- September 5, 2011
- 13 replies
stolen.data bunch of files

Licit posted a topic in Resolved Malware Removal Logs

I had the stolen.data result on 186 entries but they were all just text files of boilsoft video splitter info when I checked them. They have all been removed by malwarebytes and I ran a full scan after restart and it was clean. I went ahead and changed my banking password anyway to be safe. Now I may change all my credit cards passes as well. I've seen threads like this before but I am pretty sure they had more important info stolen than I did? Just wondering what is up now? Sorry here is the text for results: Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7639 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 9/2/2011 8:15:43 PM mbam-log-2011-09-02 (20-15-43).txt Scan type: Quick scan Objects scanned: 191931 Time elapsed: 8 minute(s), 25 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 186 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Users\Tim2011\AppData\Roaming\1053b65 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\1065c70 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\107e932 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\11d4790 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\1238827 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\1273532 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\1346c01 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\13bef77 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\13cab05 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\13db558 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\1480212 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\1634420 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\164ae29 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\1777460 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\17f7a65 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\1808418 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\184f775 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\1888156 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\18fad35 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\191bb41 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\1986592 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\19fde30 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\2040e91 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\2054257 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\2240480 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\230ac10 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\239bf28 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\2409d73 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\245c324 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\2482100 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\2488d56 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\2581f25 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\260b153 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\280d444 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\2815002 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\2881c27 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\2899a15 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\28d0175 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\28dbf46 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\2947307 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\2966d09 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\29d1a15 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\3002813 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\300e024 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\3042f49 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\30b5967 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\30cd896 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\32aa521 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\32ac232 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\330b074 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\3359932 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\3398c30 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\33dae42 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\33f7392 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\3411382 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\3505f50 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\3579999 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\369e719 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\36c7050 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\36eb341 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\3709b82 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\3716519 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\372b591 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\378f542 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\379ba82 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\3826818 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\3895306 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\38f3874 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\3999a04 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\415c025 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\416e456 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\417da28 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\4217b28 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\4277370 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\431ab68 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\4346f30 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\43f0d80 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\4426573 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\4489b44 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\44d1d83 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\44dc903 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\4501e39 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\4535971 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\4670f30 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\4693316 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\46c9814 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\4727661 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\472ee75 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\47e7135 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\47f1172 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\4825f15 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\485a727 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\491a924 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\491cc44 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\498df34 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\49b0e11 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\5143f17 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\51ac732 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\51d1395 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\51d5779 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\521f536 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\5261816 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\5387938 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\53a3949 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\541cd76 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\5509839 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\55f5619 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\58fc338 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\592fe35 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\6000979 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\60cb938 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\618b617 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\6235a66 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\6255104 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\62f7509 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\62fcf28 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\637d798 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\63d0f38 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\640d863 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\640e447 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\645e021 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\647ac33 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\64def94 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\662db11 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\66a8b38 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\66dcb58 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\66e8685 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\6727086 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\6789e95 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\6820038 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\68e7970 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\69a3857 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\7007030 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\7037420 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\70d5222 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\71f4e01 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\720fe44 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\72c6a87 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\7417872 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\7480a54 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\7485847 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\749ac07 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\74d8840 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\74e3305 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\7518575 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\7576f91 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\75a3089 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\7631e86 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\7645b58 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\7742908 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\784b271 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\78acd50 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\7921016 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\79b8639 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\8027e35 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\8069d75 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\809d581 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\82ea182 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\8308757 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\845e065 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\85e9975 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\8640656 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\8665942 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\86aac83 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\87f3a77 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\886ad10 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\8870935 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\9000b41 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\918d576 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\91f5350 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\92bc801 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\9332a37 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\9348f44 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\934e886 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\9395a96 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\94f3671 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\9534e59 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\960c272 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\96b9a76 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\97f9497 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\9807e45 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\980e411 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\9812319 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\98a8b68 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\98f7017 (Stolen.Data) -> Quarantined and deleted successfully. c:\Users\Tim2011\AppData\Roaming\9951748 (Stolen.Data) -> Quarantined and deleted successfully.
- September 3, 2011
- 13 replies

Sign In

Licit

Posts

Joined

Last visited

Reputation

stolen.data bunch of files

stolen.data bunch of files

stolen.data bunch of files

stolen.data bunch of files

stolen.data bunch of files

stolen.data bunch of files

stolen.data bunch of files

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information