Jump to content

Recommended Posts

I couldn't get the tool to run a full scan. It would get part way through, then just close.

I did a quick scan, which closed itself and created this log:

08:09:06 gpitts ERROR IsValidLicenseKey failed with error code 13

08:09:06 gpitts MESSAGE Protection stopped

08:41:24 gpitts ERROR IsValidLicenseKey failed with error code 13

08:41:24 gpitts MESSAGE Protection stopped

10:08:34 gpitts ERROR IsValidLicenseKey failed with error code 13

10:08:34 gpitts MESSAGE Protection stopped

I tried to download the DDS script, but the link kept going to a blank page and even when I manually surfed to the correct page the download would not begin. I used a different PC to download the DDS.SCR program and copied it to this PC and ran it. The tool instructed me to zip the attach.txt and attach here, which I have done. The result of DDS.TXT is:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24

Run by gpitts at 10:31:03 on 2011-11-23

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8073.6209 [GMT -5:00]

.

AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Host Intrusion Prevention Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\windows\system32\svchost.exe -k LocalService

C:\Windows\system32\WUDFHost.exe

C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbClientManager.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\IDT\WDM\AESTSr64.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe

C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe

C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe

C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe

C:\Windows\system32\mfevtps.exe

C:\ProgramData\Oracle\MyDesktop\MyDesktopService.exe

C:\windows\system32\DRIVERS\o2flash.exe

C:\ProgramData\Oracle\MyDesktop\MyDesktopQOS.exe

C:\Program Files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeCoreService.exe

C:\Program Files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeProxy32.exe

C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe

C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe

C:\windows\system32\conhost.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

C:\Program Files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeCore.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeProxy32.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe

C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe

C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe

C:\Users\gpitts\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe

C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Oracle\Oracle Open Office 3\program\soffice.exe

C:\Windows\SysWOW64\kmw_run.exe

C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe

C:\Program Files (x86)\Oracle\Oracle Open Office 3\program\soffice.bin

C:\Program Files (x86)\McAfee\Common Framework\McTray.exe

C:\windows\system32\igfxext.exe

C:\windows\system32\igfxsrvc.exe

C:\Program Files\Dell\Dell System Manager\PanelHelper32.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\windows\system32\svchost.exe -k bthsvcs

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\Apntex.exe

C:\windows\system32\conhost.exe

C:\Program Files\DellTPad\HidFind.exe

C:\windows\SysWOW64\RunDll32.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Users\gpitts\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\gpitts\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\gpitts\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\gpitts\AppData\Local\Google\Chrome\Application\chrome.exe

C:\windows\SysWOW64\rundll32.exe

C:\Users\gpitts\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\gpitts\Downloads\Anti Malware\Defogger.exe

C:\windows\system32\conhost.exe

C:\windows\system32\taskeng.exe

C:\Windows\system32\WUDFHost.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

C:\windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://my.oracle.com

uInternet Settings,ProxyOverride = *.oracle.com;*.oracleads.com;*.us.oracle.com;*.uk.oracle.com;*.ca.oracle.com;*.oraclecorp.com;*.oracleportal.com;*.local;<local>

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

BHO: IEHlprObjClass: {ce7c3cf0-4b15-11d1-abed-709549c10000} - C:\Program Files (x86)\Kensington\MouseWorks\IE_KMW.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED

uRun: [Google Update] "C:\Users\gpitts\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot

mRun: [shStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

mRun: [McAfee Host Intrusion Prevention Tray] "C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe"

mRun: [safeBootTrayManager] "C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe"

mRun: [safeBootTokenWatcher] "C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe"

mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [kmw_run.exe] kmw_run.exe

mRun: [MSWheel]

dRunOnce: [ClickToCallConfig] C:\ProgramData\Oracle\BaseImage\config\realplayerent_config.exe /SS=YES

StartupFolder: C:\Users\gpitts\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\gpitts\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\gpitts\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ORACLE~1.LNK - C:\Program Files (x86)\Oracle\Oracle Open Office 3\program\quickstart.exe

StartupFolder: C:\Users\gpitts\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PDANET~1.LNK - C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLSY~1.LNK - C:\Program Files (x86)\Dell\Dell System Manager\DCPSysMgr.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: HideFastUserSwitching = 1 (0x1)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a}

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

Trusted Zone: oracle.com\login

Trusted Zone: oraclecorp.com\global-ebusiness

Trusted Zone: oraclecorp.com\global-erp

Trusted Zone: oraclecorp.com\global-hrms

Trusted Zone: oraclecorp.com\global-service

Trusted Zone: oraclevpn.com\myaccess

Trusted Zone: oracle.com\login

Trusted Zone: oraclecorp.com\global-ebusiness

Trusted Zone: oraclecorp.com\global-erp

Trusted Zone: oraclecorp.com\global-hrms

Trusted Zone: oraclecorp.com\global-service

Trusted Zone: oraclevpn.com\myaccess

DPF: {00191E4B-49C2-48E2-A548-8F702D75622A} - hxxps://strtc.oracle.com/imtapp/res/jar/cnsload.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://oraclemeetings.webex.com/client/WBXclient-T27L10NSP25-10481/training/ieatgpc1.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{9F277400-DDF6-45DC-8E0E-97D2EA593464} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{9F277400-DDF6-45DC-8E0E-97D2EA593464}\2456C6C614538323 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{9F277400-DDF6-45DC-8E0E-97D2EA593464}\74053575966696 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{9F277400-DDF6-45DC-8E0E-97D2EA593464}\74350575966496 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{9F277400-DDF6-45DC-8E0E-97D2EA593464}\F467562746279667560527F6241363 : DhcpNameServer = 192.168.0.1

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

AppInit_DLLs:

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

BHO-X64: IEHlprObjClass: {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\Kensington\MouseWorks\IE_KMW.DLL

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

mRun-x64: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot

mRun-x64: [shStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

mRun-x64: [McAfee Host Intrusion Prevention Tray] "C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe"

mRun-x64: [safeBootTrayManager] "C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe"

mRun-x64: [safeBootTokenWatcher] "C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe"

mRun-x64: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [kmw_run.exe] kmw_run.exe

mRun-x64: [MSWheel]

IE-X64: {c95fe080-8f5d-11d2-a20b-00aa003c157a}

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

AppInit_DLLs-X64:

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\gpitts\AppData\Roaming\Mozilla\Firefox\Profiles\cgm06i81.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com//406

FF - prefs.js: browser.search.selectedEngine - Web Search

FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&appid=150&systemid=406&sr=0&q=

FF - prefs.js: network.proxy.type - 2

FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\components\McFFPlg.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Real\RealPlayer Enterprise\Netscape6\nppl3260.dll

FF - plugin: C:\Program Files (x86)\Real\RealPlayer Enterprise\Netscape6\nprjplug.dll

FF - plugin: C:\Program Files (x86)\Real\RealPlayer Enterprise\Netscape6\nprpjplug.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: McAfee SiteAdvisor Enterprise: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise

.

============= SERVICES / DRIVERS ===============

.

R0 MfeEERM;MfeEERM;C:\Windows\System32\drivers\MfeEERM.sys [2010-12-17 226504]

R0 mfehidk;McAfee Inc. mfehidk;C:\windows\system32\drivers\mfehidk.sys --> C:\windows\system32\drivers\mfehidk.sys [?]

R3 Acceler;Accelerometer Service;C:\windows\system32\DRIVERS\Accelern.sys --> C:\windows\system32\DRIVERS\Accelern.sys [?]

R3 BTWAMPFL;BTWAMPFL;C:\windows\system32\DRIVERS\btwampfl.sys --> C:\windows\system32\DRIVERS\btwampfl.sys [?]

R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?]

R3 cvusbdrv;Dell ControlVault;C:\windows\system32\Drivers\cvusbdrv.sys --> C:\windows\system32\Drivers\cvusbdrv.sys [?]

R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\windows\system32\DRIVERS\e1c62x64.sys --> C:\windows\system32\DRIVERS\e1c62x64.sys [?]

R3 FirehkMP;FirehkMP;C:\windows\system32\DRIVERS\firehk.sys --> C:\windows\system32\DRIVERS\firehk.sys [?]

R3 HIPK;McAfee Inc. HIPK;C:\windows\system32\drivers\HIPK.sys --> C:\windows\system32\drivers\HIPK.sys [?]

R3 HIPPSK;McAfee Inc. HIPPSK;C:\windows\system32\drivers\HIPPSK.sys --> C:\windows\system32\drivers\HIPPSK.sys [?]

R3 HIPQK;McAfee Inc. HIPQK;C:\windows\system32\drivers\HIPQK.sys --> C:\windows\system32\drivers\HIPQK.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\system32\drivers\mfeavfk.sys --> C:\windows\system32\drivers\mfeavfk.sys [?]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\windows\system32\Drivers\ssadadb.sys --> C:\windows\system32\Drivers\ssadadb.sys [?]

S3 dmvsc;dmvsc;C:\windows\system32\drivers\dmvsc.sys --> C:\windows\system32\drivers\dmvsc.sys [?]

S3 Firehk;McAfee NDIS Intermediate Filter;C:\windows\system32\DRIVERS\firehk.sys --> C:\windows\system32\DRIVERS\firehk.sys [?]

S3 ivusb;Initio Driver for USB Default Controller;C:\windows\system32\DRIVERS\ivusb.sys --> C:\windows\system32\DRIVERS\ivusb.sys [?]

S3 L6PODHD5;Service - Line 6 POD HD500;C:\windows\system32\Drivers\L6PODHD564.sys --> C:\windows\system32\Drivers\L6PODHD564.sys [?]

S3 mferkdet;McAfee Inc. mferkdet;C:\windows\system32\drivers\mferkdet.sys --> C:\windows\system32\drivers\mferkdet.sys [?]

.

=============== Created Last 30 ================

.

2011-11-23 15:09:19 14909 ----a-w- C:\ProgramData\tmp7DB7.tmp

2011-11-23 15:03:01 14909 ----a-w- C:\ProgramData\tmp908C.tmp

2011-11-23 15:00:56 14909 ----a-w- C:\ProgramData\tmpA998.tmp

2011-11-23 01:22:54 -------- d-----w- C:\Users\gpitts\AppData\Roaming\Malwarebytes

2011-11-23 01:22:48 -------- d-----w- C:\ProgramData\Malwarebytes

2011-11-23 01:22:43 25416 ----a-w- C:\windows\System32\drivers\mbam.sys

2011-11-23 01:22:42 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-11-16 13:31:30 40328 ----a-w- C:\windows\SysWow64\HIPIS0e011b5.dll

2011-11-16 13:31:29 47080 ----a-w- C:\windows\System32\HIPIS0e011b5.dll

2011-11-13 14:43:16 15360 ----a-w- C:\windows\System32\drivers\pneteth.sys

2011-11-13 14:43:14 -------- d-----w- C:\Program Files (x86)\PdaNet for Android

2011-11-13 05:10:13 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll

2011-11-13 05:10:12 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll

2011-11-13 05:10:11 1923952 ----a-w- C:\windows\System32\drivers\tcpip.sys

2011-11-13 05:08:44 3144704 ----a-w- C:\windows\System32\win32k.sys

2011-11-02 16:33:29 -------- d-----w- C:\Program Files\Microsoft IntelliType Pro

2011-11-02 16:32:32 92032 ----a-w- C:\windows\SysWow64\drivers\kmw_sys.sys

2011-11-02 16:32:32 5760 ----a-w- C:\windows\SysWow64\drivers\kmw_kbd.sys

2011-11-02 16:32:32 4992 ----a-w- C:\windows\SysWow64\drivers\kmw_lib.sys

2011-11-02 16:32:32 10496 ----a-w- C:\windows\SysWow64\drivers\kmw_usb.sys

2011-11-02 16:32:31 188416 ----a-w- C:\windows\SysWow64\kmw_show.exe

2011-11-02 16:32:31 122880 ----a-w- C:\windows\SysWow64\kmw_dll.dll

2011-11-02 16:32:31 118784 ----a-w- C:\windows\SysWow64\kmw_run.exe

2011-11-02 16:32:18 -------- d-----w- C:\Program Files (x86)\Kensington

2011-11-02 16:31:48 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll

2011-11-02 16:31:47 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll

2011-11-02 16:31:47 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll

2011-11-02 16:31:47 192512 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll

2011-11-02 16:31:46 729088 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll

2011-11-02 16:31:46 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe

2011-11-02 16:31:42 188548 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll

2011-11-02 16:31:38 311428 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll

2011-11-02 15:39:13 -------- d-----w- C:\Program Files (x86)\Lame For Audacity

2011-11-01 13:58:50 -------- d-----w- C:\Program Files (x86)\viewsonic

2011-11-01 13:56:53 225280 ------w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll

2011-11-01 13:56:52 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll

2011-11-01 13:56:52 32768 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll

2011-11-01 13:56:52 176128 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll

2011-11-01 13:56:51 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe

2011-10-31 16:26:51 -------- d-----w- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)

2011-10-29 18:17:34 2048 ----a-w- C:\windows\SysWow64\tzres.dll

2011-10-29 18:17:34 2048 ----a-w- C:\windows\System32\tzres.dll

2011-10-27 23:08:24 24013 ----a-w- C:\ProgramData\tmpEED1.tmp

2011-10-24 18:29:02 94208 ----a-w- C:\windows\SysWow64\QuickTimeVR.qtx

2011-10-24 18:29:02 69632 ----a-w- C:\windows\SysWow64\QuickTime.qts

2011-10-24 18:23:26 -------- d-----w- C:\Users\gpitts\AppData\Local\Google

2011-10-24 18:22:37 -------- d-----w- C:\Users\gpitts\AppData\Local\Deployment

2011-10-24 18:22:37 -------- d-----w- C:\Users\gpitts\AppData\Local\Apps

.

==================== Find3M ====================

.

2011-11-07 22:02:08 140864 ----a-w- C:\windows\SysWow64\KevlarSigs.dll

2011-10-16 12:37:43 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-14 01:52:18 50512 ----a-w- C:\ProgramData\tmp7CB9.tmp

2011-10-01 03:25:37 1638912 ----a-w- C:\windows\System32\mshtml.tlb

2011-10-01 02:42:56 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb

2011-09-25 14:35:28 159838 ----a-w- C:\windows\SysWow64\DirShowEXMyVC.dll

2011-09-08 16:27:28 39464 ----a-w- C:\windows\System32\drivers\btwl2cap.sys

2011-09-08 16:27:28 348712 ----a-w- C:\windows\System32\drivers\btwampfl.sys

2011-09-08 16:27:28 22056 ----a-w- C:\windows\System32\btwcoins.dll

2011-09-08 16:27:28 21416 ----a-w- C:\windows\System32\drivers\btwrchid.sys

2011-09-08 16:27:28 138280 ----a-w- C:\windows\System32\drivers\btwavdt.sys

2011-09-08 16:27:28 106536 ----a-w- C:\windows\System32\drivers\btwaudio.sys

2011-08-31 03:05:32 96104 ----a-w- C:\windows\System32\dns-sd.exe

2011-08-31 03:05:32 85864 ----a-w- C:\windows\System32\dnssd.dll

2011-08-31 03:05:32 61288 ----a-w- C:\windows\System32\jdns_sd.dll

2011-08-31 03:05:32 212840 ----a-w- C:\windows\System32\dnssdX.dll

2011-08-31 03:05:04 83816 ----a-w- C:\windows\SysWow64\dns-sd.exe

2011-08-31 03:05:04 73064 ----a-w- C:\windows\SysWow64\dnssd.dll

2011-08-31 03:05:04 50536 ----a-w- C:\windows\SysWow64\jdns_sd.dll

2011-08-31 03:05:04 178536 ----a-w- C:\windows\SysWow64\dnssdX.dll

2011-08-27 05:37:49 861696 ----a-w- C:\windows\System32\oleaut32.dll

2011-08-27 05:37:48 331776 ----a-w- C:\windows\System32\oleacc.dll

2011-08-27 04:26:27 571904 ----a-w- C:\windows\SysWow64\oleaut32.dll

2011-08-27 04:26:27 233472 ----a-w- C:\windows\SysWow64\oleacc.dll

.

============= FINISH: 10:34:24.15 ===============

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please do the following:

  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

Link to post
Share on other sites

I ran mbam-clean, reinstalled and updated mbam, made all of the changes to McAffee.

When I run quick scan or full scan it runs fine (sometimes for a long time), then it just shuts down. I look up and the program isn't even open any more.

No logs are being created by the scans. There is one log called "protection-log-2011-11-27.txt" that contains:

10:17:12 gpitts MESSAGE Protection started successfully

10:17:17 gpitts MESSAGE IP Protection started successfully

12:31:58 gpitts IP-BLOCK 89.28.31.246 (Type: incoming, Port: 40407, Process: svchost.exe)

15:00:45 gpitts IP-BLOCK 194.165.0.3 (Type: incoming, Port: 40407, Process: svchost.exe)

Any idea why the program can't complete it's scan?

Link to post
Share on other sites

Thanks again for your assistance! The combofix log is:

ComboFix 11-12-05.01 - gpitts 12/05/2011 9:42.1.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8073.6213 [GMT -5:00]

Running from: c:\users\gpitts\Desktop\ComboFix.exe

AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Host Intrusion Prevention Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\drivers\application

c:\drivers\application\R291837\production\Windows7-x64\accelern.cat

c:\drivers\application\R291837\production\Windows7-x64\accelern.inf

c:\drivers\application\R291837\production\Windows7-x64\accelern.sys

c:\drivers\application\R291837\production\Windows7-x64\accelernco01.dll

c:\drivers\application\R291837\production\Windows7-x64\stdcfltn.cab

c:\programdata\tmp7CB9.tmp

c:\programdata\tmp7DB7.tmp

c:\programdata\tmp908C.tmp

c:\programdata\tmpA998.tmp

c:\programdata\tmpEED1.tmp

.

.

((((((((((((((((((((((((( Files Created from 2011-11-05 to 2011-12-05 )))))))))))))))))))))))))))))))

.

.

2011-12-05 14:53 . 2011-12-05 14:53 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-12-05 14:26 . 2011-12-05 14:26 -------- d-----w- C:\Quarantine

2011-12-05 14:12 . 2011-12-05 14:12 -------- d-----w- c:\program files\iPod

2011-12-05 14:12 . 2011-12-05 14:13 -------- d-----w- c:\program files\iTunes

2011-12-05 14:12 . 2011-12-05 14:13 -------- d-----w- c:\program files (x86)\iTunes

2011-11-27 15:16 . 2011-11-27 15:16 -------- d-----w- c:\users\gpitts\AppData\Roaming\Malwarebytes

2011-11-27 15:16 . 2011-11-27 15:16 -------- d-----w- c:\programdata\Malwarebytes

2011-11-27 15:16 . 2011-08-31 22:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-27 15:16 . 2011-11-27 15:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-11-13 14:43 . 2011-07-19 16:35 15360 ----a-w- c:\windows\system32\drivers\pneteth.sys

2011-11-13 14:43 . 2011-11-13 14:43 -------- d-----w- c:\program files (x86)\PdaNet for Android

2011-11-13 05:10 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll

2011-11-13 05:10 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll

2011-11-13 05:10 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-11-13 05:08 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-07 22:02 . 2011-04-15 09:45 140864 ----a-w- c:\windows\SysWow64\KevlarSigs.dll

2011-10-24 18:29 . 2011-10-24 18:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2011-10-24 18:29 . 2011-10-24 18:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

2011-10-16 12:37 . 2011-09-16 14:08 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-01 03:25 . 2011-10-16 13:14 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-10-01 02:42 . 2011-10-16 13:14 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

2011-09-25 14:35 . 2011-09-25 14:35 159838 ----a-w- c:\windows\SysWow64\DirShowEXMyVC.dll

2011-09-08 16:27 . 2011-09-08 16:28 39464 ----a-w- c:\windows\system32\drivers\btwl2cap.sys

2011-09-08 16:27 . 2011-09-08 16:28 22056 ----a-w- c:\windows\system32\btwcoins.dll

2011-09-08 16:27 . 2011-09-08 16:28 21416 ----a-w- c:\windows\system32\drivers\btwrchid.sys

2011-09-08 16:27 . 2011-09-08 16:28 138280 ----a-w- c:\windows\system32\drivers\btwavdt.sys

2011-09-08 16:27 . 2011-09-08 16:28 106536 ----a-w- c:\windows\system32\drivers\btwaudio.sys

2011-09-08 16:27 . 2011-09-08 16:28 348712 ----a-w- c:\windows\system32\drivers\btwampfl.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\gpitts\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\gpitts\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\gpitts\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-10-22 641400]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2011-04-15 180224]

"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-10-22 124224]

"McAfee Host Intrusion Prevention Tray"="c:\program files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe" [2010-06-15 979104]

"SafeBootTrayManager"="c:\program files (x86)\SafeBoot Tray Manager\SbTrayManager.exe" [2009-08-19 69632]

"SafeBootTokenWatcher"="c:\program files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe" [2010-10-12 172092]

"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2011-05-19 161088]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"kmw_run.exe"="kmw_run.exe" [2005-09-01 118784]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"ClickToCallConfig"="c:\programdata\Oracle\BaseImage\config\realplayerent_config.exe" [2011-01-24 192066]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-10-15 1133856]

Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2011-1-20 1552240]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

startControlconfig.lnk - c:\programdata\Oracle\Baseimage\utils\startControlConfig.hta [2011-4-19 1371]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"HideFastUserSwitching"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 MyDesktopWindows;MyDesktopService;c:\programdata\Oracle\MyDesktop\MyDesktopService.exe [2011-10-28 1038848]

R2 QOSMyDesktop;QOS MyDesktop;c:\programdata\Oracle\MyDesktop\MyDesktopQOS.exe [2009-10-13 470016]

R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]

R3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\system32\DRIVERS\firehk.sys [x]

R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]

R3 L6PODHD5;Service - Line 6 POD HD500;c:\windows\system32\Drivers\L6PODHD564.sys [x]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 MfeEERM;MfeEERM; [x]

S0 SafeBoot;SafeBoot; [x]

S0 SBAlg;SBAlg; [x]

S0 SBAlg00;SBAlg00; [x]

S0 SBAlg01;SBAlg01; [x]

S0 SBAlg11;SBAlg11; [x]

S0 SBAlg12;SBAlg12; [x]

S0 SbCe;SbCe; [x]

S0 SbFsLock;SbFsLock; [x]

S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]

S1 RsvLock;RsvLock; [x]

S1 SbFlop;SbFlop; [x]

S1 SbRegFlt;SbRegFlt; [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-01-28 89600]

S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2011-01-20 517488]

S2 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe [2010-06-15 1498224]

S2 hips;McAfee HIPSCore Service;c:\program files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe [2010-01-26 39840]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

S2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2010-03-25 226624]

S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [2010-10-22 20792]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]

S2 SafeBootClientManager;SafeBoot Client Manager;c:\program files (x86)\McAfee\Endpoint Encryption for PC\SbClientManager.exe [2010-10-12 380988]

S2 SbCeCoreService;McAfee Endpoint Encryption Core Service;c:\program files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeCoreService.exe [2010-12-17 203080]

S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-06-10 641464]

S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]

S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [x]

S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]

S3 FirehkMP;FirehkMP;c:\windows\system32\DRIVERS\firehk.sys [x]

S3 HIPK;McAfee Inc. HIPK;c:\windows\system32\drivers\HIPK.sys [x]

S3 HIPPSK;McAfee Inc. HIPPSK;c:\windows\system32\drivers\HIPPSK.sys [x]

S3 HIPQK;McAfee Inc. HIPQK;c:\windows\system32\drivers\HIPQK.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]

S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys [x]

S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [x]

S3 SbCeCd;SbCeCd; [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-247605775-3237907158-2430251106-1000Core.job

- c:\users\gpitts\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-24 18:23]

.

2011-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-247605775-3237907158-2430251106-1000UA.job

- c:\users\gpitts\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-24 18:23]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\CeDesktopIntegration]

@="{3CEC3E6D-ECF2-4B49-8A41-3B16DF8B9C3F}"

[HKEY_CLASSES_ROOT\CLSID\{3CEC3E6D-ECF2-4B49-8A41-3B16DF8B9C3F}]

2010-12-17 16:53 1000672 ----a-w- c:\program files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeDesktopIntegration.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\gpitts\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\gpitts\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\gpitts\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\gpitts\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-28 167960]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-28 391704]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-28 418328]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-01-28 592240]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-28 525312]

"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]

"SbCeCore"="c:\program files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeCore.exe" [2010-12-17 388936]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.oracle.com;*.oracleads.com;*.us.oracle.com;*.uk.oracle.com;*.ca.oracle.com;*.oraclecorp.com;*.oracleportal.com;*.local;<local>

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}

Trusted Zone: oracle.com\login

Trusted Zone: oraclecorp.com\global-ebusiness

Trusted Zone: oraclecorp.com\global-erp

Trusted Zone: oraclecorp.com\global-hrms

Trusted Zone: oraclecorp.com\global-service

Trusted Zone: oraclevpn.com\myaccess

Trusted Zone: oracle.com\login

Trusted Zone: oraclecorp.com\global-ebusiness

Trusted Zone: oraclecorp.com\global-erp

Trusted Zone: oraclecorp.com\global-hrms

Trusted Zone: oraclecorp.com\global-service

Trusted Zone: oraclevpn.com\myaccess

TCP: DhcpNameServer = 192.168.1.1

DPF: {00191E4B-49C2-48E2-A548-8F702D75622A} - hxxps://strtc.oracle.com/imtapp/res/jar/cnsload.cab

DPF: {D847E32E-BEE3-4B37-A1E2-D5AF9099A8AC} - hxxps://global-crm.oraclecorp.com/callcenter_enu/20436/applets/SiebelAx_HI_Client.cab

FF - ProfilePath - c:\users\gpitts\AppData\Roaming\Mozilla\Firefox\Profiles\cgm06i81.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com//406

FF - prefs.js: browser.search.selectedEngine - Web Search

FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&appid=150&systemid=406&sr=0&q=

FF - prefs.js: network.proxy.type - 2

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: McAfee SiteAdvisor Enterprise: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files (x86)\McAfee\SiteAdvisor Enterprise

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-10 - (no file)

Wow6432Node-HKLM-Run-MSWheel - (no file)

Toolbar-Locked - (no file)

Toolbar-10 - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-12-05 10:04:23

ComboFix-quarantined-files.txt 2011-12-05 15:04

.

Pre-Run: 103,452,921,856 bytes free

Post-Run: 103,793,356,800 bytes free

.

- - End Of File - - 15D4B9EF1232D4F123FB5BA6F4CD3D3A

The new DDS Log is:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24

Run by gpitts at 10:14:45 on 2011-12-05

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8073.5636 [GMT -5:00]

.

AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Host Intrusion Prevention Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\windows\system32\svchost.exe -k LocalService

C:\Windows\system32\WUDFHost.exe

C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbClientManager.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\IDT\WDM\AESTSr64.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe

C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe

C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe

C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe

C:\Windows\system32\mfevtps.exe

C:\windows\system32\DRIVERS\o2flash.exe

C:\Program Files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeCoreService.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe

C:\Program Files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeProxy32.exe

C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe

C:\windows\system32\conhost.exe

C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe

C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe

C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe

C:\Program Files (x86)\Oracle\Oracle Open Office 3\program\soffice.exe

C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe

C:\Windows\SysWOW64\kmw_run.exe

C:\Program Files (x86)\Oracle\Oracle Open Office 3\program\soffice.bin

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\windows\system32\SearchIndexer.exe

C:\windows\system32\svchost.exe -k bthsvcs

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\windows\system32\igfxext.exe

C:\windows\system32\igfxsrvc.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Program Files\Dell\Dell System Manager\PanelHelper32.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\ShStat.exe

C:\windows\system32\notepad.exe

C:\windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe

C:\Program Files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeCore.exe

C:\Program Files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeProxy32.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\DllHost.exe

C:\windows\system32\DllHost.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

C:\windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.oracle.com;*.oracleads.com;*.us.oracle.com;*.uk.oracle.com;*.ca.oracle.com;*.oraclecorp.com;*.oracleportal.com;*.local;<local>

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

BHO: IEHlprObjClass: {ce7c3cf0-4b15-11d1-abed-709549c10000} - C:\Program Files (x86)\Kensington\MouseWorks\IE_KMW.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED

mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot

mRun: [shStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

mRun: [McAfee Host Intrusion Prevention Tray] "C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe"

mRun: [safeBootTrayManager] "C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe"

mRun: [safeBootTokenWatcher] "C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe"

mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [kmw_run.exe] kmw_run.exe

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

dRunOnce: [ClickToCallConfig] C:\ProgramData\Oracle\BaseImage\config\realplayerent_config.exe /SS=YES

StartupFolder: C:\Users\gpitts\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\gpitts\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\gpitts\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ORACLE~1.LNK - C:\Program Files (x86)\Oracle\Oracle Open Office 3\program\quickstart.exe

StartupFolder: C:\Users\gpitts\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PDANET~1.LNK - C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLSY~1.LNK - C:\Program Files (x86)\Dell\Dell System Manager\DCPSysMgr.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: HideFastUserSwitching = 1 (0x1)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a}

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

Trusted Zone: oracle.com\login

Trusted Zone: oraclecorp.com\global-ebusiness

Trusted Zone: oraclecorp.com\global-erp

Trusted Zone: oraclecorp.com\global-hrms

Trusted Zone: oraclecorp.com\global-service

Trusted Zone: oraclevpn.com\myaccess

Trusted Zone: oracle.com\login

Trusted Zone: oraclecorp.com\global-ebusiness

Trusted Zone: oraclecorp.com\global-erp

Trusted Zone: oraclecorp.com\global-hrms

Trusted Zone: oraclecorp.com\global-service

Trusted Zone: oraclevpn.com\myaccess

DPF: {00191E4B-49C2-48E2-A548-8F702D75622A} - hxxps://strtc.oracle.com/imtapp/res/jar/cnsload.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {D847E32E-BEE3-4B37-A1E2-D5AF9099A8AC} - hxxps://global-crm.oraclecorp.com/callcenter_enu/20436/applets/SiebelAx_HI_Client.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://oraclemeetings.webex.com/client/WBXclient-T27L10NSP25-10481/training/ieatgpc1.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{9F277400-DDF6-45DC-8E0E-97D2EA593464} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{9F277400-DDF6-45DC-8E0E-97D2EA593464}\2456C6C614538323 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{9F277400-DDF6-45DC-8E0E-97D2EA593464}\4554740284F4553554 : DhcpNameServer = 192.168.10.1

TCP: Interfaces\{9F277400-DDF6-45DC-8E0E-97D2EA593464}\74053575966696 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{9F277400-DDF6-45DC-8E0E-97D2EA593464}\74350575966496 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{9F277400-DDF6-45DC-8E0E-97D2EA593464}\F467562746279667560527F6241363 : DhcpNameServer = 192.168.0.1

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

BHO-X64: IEHlprObjClass: {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\Kensington\MouseWorks\IE_KMW.DLL

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

mRun-x64: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot

mRun-x64: [shStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

mRun-x64: [McAfee Host Intrusion Prevention Tray] "C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe"

mRun-x64: [safeBootTrayManager] "C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe"

mRun-x64: [safeBootTokenWatcher] "C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe"

mRun-x64: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [kmw_run.exe] kmw_run.exe

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

IE-X64: {c95fe080-8f5d-11d2-a20b-00aa003c157a}

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\gpitts\AppData\Roaming\Mozilla\Firefox\Profiles\cgm06i81.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com//406

FF - prefs.js: browser.search.selectedEngine - Web Search

FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&appid=150&systemid=406&sr=0&q=

FF - prefs.js: network.proxy.type - 2

FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\components\McFFPlg.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: McAfee SiteAdvisor Enterprise: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise

.

============= SERVICES / DRIVERS ===============

.

R0 MfeEERM;MfeEERM;C:\Windows\System32\drivers\MfeEERM.sys [2010-12-17 226504]

R0 mfehidk;McAfee Inc. mfehidk;C:\windows\system32\drivers\mfehidk.sys --> C:\windows\system32\drivers\mfehidk.sys [?]

R0 SBAlg;SBAlg;C:\Windows\System32\drivers\SbAlg.sys [2008-8-13 60128]

R0 SBAlg00;SBAlg00;C:\Windows\System32\drivers\SbAlg00.sys [2009-6-4 18176]

R0 SBAlg01;SBAlg01;C:\Windows\System32\drivers\SbAlg01.sys [2009-6-4 18176]

R0 SBAlg11;SBAlg11;C:\Windows\System32\drivers\SbAlg11.sys [2009-6-4 36096]

R0 SBAlg12;SBAlg12;C:\Windows\System32\drivers\SbAlg12.sys [2009-6-4 60160]

R0 SbCe;SbCe;C:\Windows\System32\drivers\SbCe.sys [2010-12-17 698312]

R0 SbFsLock;SbFsLock;C:\Windows\System32\drivers\SbFsLock.sys [2010-10-12 15688]

R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\windows\system32\DRIVERS\stdcfltn.sys --> C:\windows\system32\DRIVERS\stdcfltn.sys [?]

R1 RsvLock;RsvLock;C:\Windows\System32\drivers\RsvLock.sys [2010-10-12 58184]

R1 SbFlop;SbFlop;C:\Windows\System32\drivers\SbFlop.sys [2010-10-12 23368]

R1 SbRegFlt;SbRegFlt;C:\Windows\System32\drivers\SbRegFlt.sys [2010-10-12 15688]

R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-9-8 89600]

R2 dcpsysmgrsvc;Dell System Manager Service;C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2011-1-20 517488]

R2 enterceptAgent;McAfee Host Intrusion Prevention Service;C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe [2010-6-15 1498224]

R2 hips;McAfee HIPSCore Service;C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe [2011-4-15 39840]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-27 366152]

R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2010-3-25 226624]

R2 McAfeeEngineService;McAfee Engine Service;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [2010-10-22 20792]

R2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2011-5-19 120128]

R2 McShield;McAfee McShield;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe [2010-10-22 181480]

R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [2010-10-22 66880]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\system32\mfevtps.exe --> C:\Windows\system32\mfevtps.exe [?]

R2 SafeBootClientManager;SafeBoot Client Manager;C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbClientManager.exe [2010-10-12 380988]

R2 SbCeCoreService;McAfee Endpoint Encryption Core Service;C:\Program Files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeCoreService.exe [2010-12-17 203080]

R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-6-10 641464]

R3 Acceler;Accelerometer Service;C:\windows\system32\DRIVERS\Accelern.sys --> C:\windows\system32\DRIVERS\Accelern.sys [?]

R3 BTWAMPFL;BTWAMPFL;C:\windows\system32\DRIVERS\btwampfl.sys --> C:\windows\system32\DRIVERS\btwampfl.sys [?]

R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?]

R3 cvusbdrv;Dell ControlVault;C:\windows\system32\Drivers\cvusbdrv.sys --> C:\windows\system32\Drivers\cvusbdrv.sys [?]

R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\windows\system32\DRIVERS\e1c62x64.sys --> C:\windows\system32\DRIVERS\e1c62x64.sys [?]

R3 FirehkMP;FirehkMP;C:\windows\system32\DRIVERS\firehk.sys --> C:\windows\system32\DRIVERS\firehk.sys [?]

R3 HIPK;McAfee Inc. HIPK;C:\windows\system32\drivers\HIPK.sys --> C:\windows\system32\drivers\HIPK.sys [?]

R3 HIPPSK;McAfee Inc. HIPPSK;C:\windows\system32\drivers\HIPPSK.sys --> C:\windows\system32\drivers\HIPPSK.sys [?]

R3 HIPQK;McAfee Inc. HIPQK;C:\windows\system32\drivers\HIPQK.sys --> C:\windows\system32\drivers\HIPQK.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\system32\drivers\mfeavfk.sys --> C:\windows\system32\drivers\mfeavfk.sys [?]

R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS\NETwNs64.sys [?]

R3 O2SDJRDR;O2SDJRDR;C:\windows\system32\DRIVERS\o2sdjw7x64.sys --> C:\windows\system32\DRIVERS\o2sdjw7x64.sys [?]

R3 pneteth;PdaNet Broadband;C:\windows\system32\DRIVERS\pneteth.sys --> C:\windows\system32\DRIVERS\pneteth.sys [?]

R3 SbCeCd;SbCeCd;C:\Windows\System32\drivers\SbCeCd.sys [2010-12-17 132808]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 MyDesktopWindows;MyDesktopService;C:\ProgramData\Oracle\MyDesktop\MyDesktopService.exe [2011-10-28 1038848]

S2 QOSMyDesktop;QOS MyDesktop;C:\ProgramData\Oracle\MyDesktop\MyDesktopQOS.exe [2009-10-13 470016]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\windows\system32\Drivers\ssadadb.sys --> C:\windows\system32\Drivers\ssadadb.sys [?]

S3 dmvsc;dmvsc;C:\windows\system32\drivers\dmvsc.sys --> C:\windows\system32\drivers\dmvsc.sys [?]

S3 Firehk;McAfee NDIS Intermediate Filter;C:\windows\system32\DRIVERS\firehk.sys --> C:\windows\system32\DRIVERS\firehk.sys [?]

S3 ivusb;Initio Driver for USB Default Controller;C:\windows\system32\DRIVERS\ivusb.sys --> C:\windows\system32\DRIVERS\ivusb.sys [?]

S3 L6PODHD5;Service - Line 6 POD HD500;C:\windows\system32\Drivers\L6PODHD564.sys --> C:\windows\system32\Drivers\L6PODHD564.sys [?]

S3 mferkdet;McAfee Inc. mferkdet;C:\windows\system32\drivers\mferkdet.sys --> C:\windows\system32\drivers\mferkdet.sys [?]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\windows\system32\DRIVERS\ssadbus.sys --> C:\windows\system32\DRIVERS\ssadbus.sys [?]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\windows\system32\DRIVERS\ssadmdfl.sys --> C:\windows\system32\DRIVERS\ssadmdfl.sys [?]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\windows\system32\DRIVERS\ssadmdm.sys --> C:\windows\system32\DRIVERS\ssadmdm.sys [?]

S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2011-12-05 14:35:21 98816 ----a-w- C:\windows\sed.exe

2011-12-05 14:35:21 518144 ----a-w- C:\windows\SWREG.exe

2011-12-05 14:35:21 256000 ----a-w- C:\windows\PEV.exe

2011-12-05 14:35:21 208896 ----a-w- C:\windows\MBR.exe

2011-12-05 14:30:13 47080 ----a-w- C:\windows\System32\HIPIS0e011b5.dll

2011-12-05 14:30:13 40328 ----a-w- C:\windows\SysWow64\HIPIS0e011b5.dll

2011-12-05 14:26:42 -------- d-----w- C:\Quarantine

2011-12-05 14:12:21 -------- d-----w- C:\Program Files\iPod

2011-12-05 14:12:20 -------- d-----w- C:\Program Files\iTunes

2011-12-05 14:12:20 -------- d-----w- C:\Program Files (x86)\iTunes

2011-11-27 15:16:44 -------- d-----w- C:\Users\gpitts\AppData\Roaming\Malwarebytes

2011-11-27 15:16:36 -------- d-----w- C:\ProgramData\Malwarebytes

2011-11-27 15:16:30 25416 ----a-w- C:\windows\System32\drivers\mbam.sys

2011-11-27 15:16:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-11-13 14:43:16 15360 ----a-w- C:\windows\System32\drivers\pneteth.sys

2011-11-13 14:43:14 -------- d-----w- C:\Program Files (x86)\PdaNet for Android

2011-11-13 05:10:13 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll

2011-11-13 05:10:12 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll

2011-11-13 05:10:11 1923952 ----a-w- C:\windows\System32\drivers\tcpip.sys

2011-11-13 05:08:44 3144704 ----a-w- C:\windows\System32\win32k.sys

.

==================== Find3M ====================

.

2011-11-07 22:02:08 140864 ----a-w- C:\windows\SysWow64\KevlarSigs.dll

2011-10-24 18:29:02 94208 ----a-w- C:\windows\SysWow64\QuickTimeVR.qtx

2011-10-24 18:29:02 69632 ----a-w- C:\windows\SysWow64\QuickTime.qts

2011-10-16 12:37:43 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-01 03:25:37 1638912 ----a-w- C:\windows\System32\mshtml.tlb

2011-10-01 02:42:56 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb

2011-09-25 14:35:28 159838 ----a-w- C:\windows\SysWow64\DirShowEXMyVC.dll

2011-09-08 16:27:28 39464 ----a-w- C:\windows\System32\drivers\btwl2cap.sys

2011-09-08 16:27:28 348712 ----a-w- C:\windows\System32\drivers\btwampfl.sys

2011-09-08 16:27:28 22056 ----a-w- C:\windows\System32\btwcoins.dll

2011-09-08 16:27:28 21416 ----a-w- C:\windows\System32\drivers\btwrchid.sys

2011-09-08 16:27:28 138280 ----a-w- C:\windows\System32\drivers\btwavdt.sys

2011-09-08 16:27:28 106536 ----a-w- C:\windows\System32\drivers\btwaudio.sys

.

============= FINISH: 10:15:45.64 ===============

I've attached the new attach,txt in a zipped file.

Awaiting further instructions.

Cheers,

Greg

Attach.zip

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Link to post
Share on other sites

Here is the content of log.txt:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

Here is the tex file from the 1 file ESET found and quarantined:

C:\Users\gpitts\Documents\Pitts\AE\Legal\Upcoming Shows\cnet_MyVideoConverter_Setup244_zip.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined

Here is the contents of the Security Scan "Checkup.Txt":

Results of screen317's Security Check version 0.99.28

Windows 7 x64 (UAC is enabled)

Internet Explorer 8 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

ESET Online Scanner v3

McAfee VirusScan Enterprise

McAfee AntiSpyware Enterprise Module

McAfee Endpoint Encryption for Files and Folders

McAfee Endpoint Encryption for PC

McAfee Agent

McAfee Host Intrusion Prevention

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 24

Java version out of date!

Adobe Reader X (10.1.1)

Mozilla Firefox ((3.6.10)) Firefox out of Date!

Mozilla Thunderbird (3.1.7) Thunderbird out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

McAfee VirusScan Enterprise x64 engineserver.exe

McAfee VirusScan Enterprise vstskmgr.exe

McAfee VirusScan Enterprise x64 mcshield.exe

McAfee VirusScan Enterprise x64 mfeann.exe

``````````End of Log````````````

Malwarebytes still shuts itself down during a quick scan with no report or log after about 150,000 objects scanned and 1 minute 39 seconds of running (I stared at it this time to see what happened, if anything. Nothing happened, it just disappeared.) I believe I've shut down all AV software and firewalls so the scan doesn't get interfered with.

Thanks,

Greg

Link to post
Share on other sites

  • Staff

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

Reboot.

Run TFC by OldTimer to clear temporary files:

  • Please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

Run TFC by OldTimer to clear temporary files:

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program(s) (if present):

ESET Online Scanner v3

Java™ 6 Update 24

Restart your computer.

Get the latest version of Java.

Update Firefox and Thunderbird; ensure that you are using version 8.0 for both.

Please do the following:

  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

See if the scan completes now. Does it stop on a particular file?

Link to post
Share on other sites

Hi Chris,

Thanks for the lates instructions. Followed them all, then ran Quick Scan again.

It scanned through the following folders for about 2 minutes:

Windows\system32\

Windows\SYSWOW64

Windows\Fonts

Windows\Microsoft.net\framework

It jumped back and forth between System32 and the others, then at about 2 minutes it displayed this message instead of the folder/file being scanned:

"Scanning additional items on your computer"

At this point, it started to run super fast as the numbers of objects went from 40,000 to 160,00 objects scanned in a few seconds (while not showing any file or folder names, just the same message), then shut down

I disabled all my Mcaffee Virus Scan and Access Scan protection while I ran the MWB scan.

I reran MWB Quick Scan a few more times, and it always goes to the "Scanning additional items on your computer" message, races to 160,000 or 170,000 objects scanned very quickly and shuts down. After the first time, it always happens at 35 to 40 seconds into the scan.

It was always occuring while scanning in the

Windows\Microsoft.net\framework\v4.0.30319

folder. I told it to ignore the Microsoft.net folder entirely, and then it hung up on some other folder, again about 38 seconds into the scan, and always the same message and behavior.

It creates no logs other than a protection log that says:

10:25:30 gpitts MESSAGE Protection started successfully

10:25:34 gpitts MESSAGE IP Protection started successfully

10:26:14 gpitts MESSAGE IP Protection stopped

Thanks,

Greg

Link to post
Share on other sites

First, thank you again for taking the time to help with our problem.

Updates:

1. I clicked the link you provided and ger the following result:

An Error Occurred

Sorry, an error occurred. If you are unsure on how to use a feature, or don't know why you got this error message, try looking through the help files for more information.

[#10343] We could not determine which topic you were attempting to view.

This link doesn't work.

2. I searched the forum for "BETA" and found this post:

http://forums.malwarebytes.org/index.php?showtopic=102515

Which states:

Greetings Malwarebytes Anti-Malware users,

We are please to announce the availability of Malwarebytes Anti-Malware 1.60 beta program to the general public in this forum. After running the latest MBAM 1.60 beta, please contribute any feedback pertaining to this beta program here.

Thanks for participating in our beta program!

-- The Malwarebytes Team

But has no link to the actual beta download! It is also a locked post, so I could not respond or post a question.

3. I searched the download sites and google and could not find a link to download the actual BETA 1.60 version.

4. Finally, I went to the Forum Main Listing and started reading through the latest posts, found one with the download link, downloaded it, installed it, and ran a quick scan.

After restarting my laptop the scan ran for about 1 minute, then totally froze on

Desktop/MyVideoConverter

While frozen I a could not open a web browser, though I could open the start menu to click on IE. I waited a minute or so and it suddenly unfroze, after which the MWB window jumped from one minute to over two minutes and the system unfroze (and opened 5 ot 6 IE windows, of course.)

I closed all of the web browser windows and waited. The scan made it much further (to about 5 minutes) then (as before) went to "Searching additional items" while rapidly jumping into hundreds of thousands of scanned objects, then the window just disappeared.

Subsequent scans ran for the usual 90 to 100 seconds and did the same thing, shutting the scan down usually while scanning this folder:

Windows\Microsoft.net\framework\v4.0.30319

As I said before, I really appreciate your continued assistance with this matter. I'd appreciate some dialogue as to the nature of this problem and your prior experiences with this type of behavior. As yet I have not received any information as to what sort of problem we're dealing with here.

I understand and appreciate that I have not paid anyone anything at this point. I'd happily buy the software and permanently install it on all of my family's systems if it actually worked on my PC.

I'm sure it does wonderful things, but I'd really like to understand why it will not complete a scan or at least create a report or message indicating what is causing it to fail. Does this mean I have some super virus that is so sophisticated it causes the actual scan to shut down and erases all knowledge of how or why this is occuring? Or is this simply a glitch that occurs with some systems that have certain AV or other type programs that cause this? Should I be supremely worried or is this just a minor glitch that will ventually be fixed?

My system is working just fine other than the MWB scan not working. Still, I'm paranoid now, because maybe this infection is so insidious that it lies dormant and allows the system to run perfectly until it has what it needs to suit its nefarious purposes.

I know this is an inexact science against a constantly moving target, and again I truly appreciate that you are volunteers doing a service to help poor souls like me with our problem PCs. But can you please take a moment and address the larger questions I've asked?

Thanks,

Greg

Link to post
Share on other sites

  • Staff

Hi,

Unfortunate this is a grab bag sort of issue. We've seen a few different causes which contribute to it, so it takes a bit of time to pin down.

We just released our newest version. Before we try other avenues of troubleshooting, please try this to clean the old version out and install the new version.

Please do the following:

  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

Link to post
Share on other sites

I was afraid that would be the answer. Well I guess we keep plugging.

Ran MBAM-Clean, downloaded and installed the new version. Same issue occured. First time it runs for a couple of minutes, then suddenly it shows:

"Scanning additional items on your computer"

Then it runs super fast as the numbers of objects go from 40,000 to 160,00 objects scanned in a few seconds (while not showing any file or folder names, just the same message), then shuts down.

FYI, I was trying to load HP Printer/Scanner software today and it also shut down about halfway through.

Is it possible that whatever malware I have is shutting down any program if it starts looking in the wrong place or attempting to change system files?

I've run scans with Spybot, Superantispyware and Mcafee with no shutdown issues whatsoever. Spybot found some cookies, SuperAS found a few hundred cookies and 7 system registry threats. I know it's not the MBAM tool (I keep trying with MBAM, because everything I've read says your tool is the best-if I can just get my system straight so it will run.) It may mean nothing, but here are the 7 registry threats it fixed:

Adware.URLBlaze

(x86) HKCR\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000}

(x86) HKCR\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000}\InprocServer32

(x86) HKCR\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000}\InprocServer32#ThreadingModel

(x86) HKCR\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000}\Programmable

(x86) HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE7C3CF0-4B15-11D1-ABED-709549C10000}

(x86) HKCR\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000}

(x86) HKU\S-1-5-21-247605775-3237907158-2430251106-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE7C3CF0-4B15-11D1-ABED-709549C10000}

I've tried turing off every AV process before the scan and nothing changes the result.

Thoughts?

Greg

Link to post
Share on other sites

Update! Almost Made it through a scan!

As you can tell from my previous post, I am getting desperate to resolve this before O end up trashing my hard drive and starting over.

I downloaded CCleaner to assist with wiping the hard drive, then saw that it had some registry cleaning tools. I ran a scan which turned up a bunch of registry errors, bad files, etc. After cleaning all of them I reran MBAM. It made it over 7 minutes and had even identified one infected object, and I thought I was home free.

However, it went into the same Windows\Microsoft.net folder at about 7 minutes 30 seconds into the scan, then went to the same routine, raced up in numbers of objects then shut utself down.

Thw worst part is that even though it identified and infected object, it still doesn't show anything in the log or in quarantined area.

If I pause the scan after an objet has been identified can it be fixed before resuming the scan?

Is there any way to find out what file(s) were identified during the scan without letting it complete itself?

Obviously we need to get the system to the point that it will allow MBAM to do its job, but I'd like to get the infected itens resolved asap.

What do you think?

Greg

Link to post
Share on other sites

  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.