Jump to content

Recommended Posts

Not sure what or how I got infected. Purchased full version of Malwarebytes. It found several infected files and removed them.

The real time protection keeps popping a window showing various outgoing IPs blocked.

I downloaded DDS, and tried to run it several times (with McAfee and Malwarebytes disabled and ethernet unplugged) but it wouldn't finish. So I downloaded and ran OTL; that scan worked.

Here is a DDS txt file that was created, even though the scan didn't complete:


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Wayne-Rhonda at 16:42:05 on 2011-10-10
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.12279.10050 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10x_ActiveX.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110926161953.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
uRun: [Corel Photo Downloader] "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
dRunOnce: [CTAutoUpdate] "C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe" /RunFromInstaller
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{F49114D8-41C8-4635-AAA3-DDA000FC615C} : DhcpNameServer = 75.75.75.75 75.75.76.76
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO-X64: RoboForm BHO - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110926161953.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [CTxfiHlp] CTXFIHLP.EXE
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE-X64: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-9-5 64952]
R2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-7-13 150920]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-15 13336]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-2 366664]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-9-15 199008]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-9-15 208272]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-9-28 2255464]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-9-15 1692480]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-8-3 379496]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\system32\drivers\ha20x22k.sys --> C:\Windows\system32\drivers\ha20x22k.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-9-26 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-9-26 79360]
S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2011-9-26 79360]
S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-9-15 224704]
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\Windows\system32\FA53.tmp --> C:\Windows\system32\FA53.tmp [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 netvsc;netvsc;C:\Windows\system32\DRIVERS\netvsc60.sys --> C:\Windows\system32\DRIVERS\netvsc60.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\system32\drivers\Synth3dVsc.sys --> C:\Windows\system32\drivers\Synth3dVsc.sys [?]
S3 SynthVid;SynthVid;C:\Windows\system32\DRIVERS\VMBusVideoM.sys --> C:\Windows\system32\DRIVERS\VMBusVideoM.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 ThreatFire;ThreatFire;C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe service --> C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe service [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-10-09 18:15:57 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{24F259D6-DD9F-41E6-974C-26BE46E746EE}
2011-10-09 18:15:48 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{A74FF26D-8035-4461-BCDF-17D0F31E5D12}
2011-10-09 18:15:29 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{034D76F2-0E09-41D9-B481-A8794C1B7861}
2011-10-09 17:55:54 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{86888F14-9455-46E1-A2FB-ABBE69670F0F}
2011-10-09 17:55:44 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{05B017AA-6B7F-4D6A-BB54-47C804DBE620}
2011-10-09 17:53:35 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{7980FCD3-F7AC-4E77-B996-9312C74CB92B}
2011-10-09 17:53:25 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{57DD774A-4273-465C-B398-A70297368803}
2011-10-09 17:52:21 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{6658FA9C-222F-4F19-A63E-FF4AD11821E2}
2011-10-09 17:52:11 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{8F40CBDE-1ED8-4166-B729-08430D2F9C1F}
2011-10-09 17:44:52 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\Windows Live
2011-10-09 17:44:37 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\{A0D45EBC-B685-4DEB-AD55-0DD11F777630}
2011-10-08 18:01:55 -------- d-----w- C:\Program Files (x86)\MSECache
2011-10-06 01:46:26 465264 ----a-w- C:\Program Files (x86)\Common Files\AppFramework.dll
2011-10-06 01:46:26 402800 ----a-w- C:\Program Files (x86)\Common Files\facebook.dll
2011-10-06 01:46:26 332144 ----a-w- C:\Program Files (x86)\Common Files\MediaOrganizer.dll
2011-10-06 01:46:26 33136 ----a-w- C:\Program Files (x86)\Common Files\FlickrProvider.dll
2011-10-06 01:46:26 130416 ----a-w- C:\Program Files (x86)\Common Files\PluginCommon.dll
2011-10-05 03:33:41 6144 ------w- C:\Windows\System32\FA53.tmp
2011-10-05 03:33:20 6144 ------w- C:\Windows\System32\A86C.tmp
2011-10-05 03:33:07 -------- d-----w- C:\Program Files (x86)\Sophos
2011-10-03 21:40:35 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll
2011-10-03 17:26:38 -------- d-----w- C:\Users\Wayne-Rhonda\My Backup Files
2011-10-03 16:25:14 -------- d-----w- C:\Program Files (x86)\Dell Touch Software Suite
2011-10-03 16:25:14 -------- d-----w- C:\FIND_EULA_PATH
2011-10-03 04:17:49 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Roaming\PCTools
2011-10-03 03:49:54 -------- d-----w- C:\ProgramData\PC Tools
2011-10-02 19:43:16 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\Adobe
2011-09-28 21:01:39 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2011-09-28 20:57:43 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2011-09-28 20:54:27 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\Microsoft Games
2011-09-28 16:19:39 -------- d-----w- C:\Users\Wayne-Rhonda\.rainlendar2
2011-09-28 16:19:26 -------- d-----w- C:\Program Files (x86)\Rainlendar2
2011-09-28 03:30:01 8 --sh--r- C:\ProgramData\AC859C82A4.sys
2011-09-28 03:30:01 8 --sh--r- C:\ProgramData\4CB328A682.sys
2011-09-28 03:30:01 8 --sh--r- C:\ProgramData\4C5B74840F.sys
2011-09-28 03:30:00 8 --sh--r- C:\ProgramData\DED7A8BC10.sys
2011-09-28 03:30:00 8 --sh--r- C:\ProgramData\07B2980D97.sys
2011-09-28 03:22:52 8 --sh--r- C:\ProgramData\F351B99706.sys
2011-09-28 03:22:52 8 --sh--r- C:\ProgramData\C019B48D0E.sys
2011-09-28 03:22:52 8 --sh--r- C:\ProgramData\313F27D68B.sys
2011-09-28 03:22:51 8456 --sha-w- C:\ProgramData\KGyGaAvL.sys
2011-09-27 21:35:29 -------- d-----w- C:\Program Files (x86)\Siber Systems
2011-09-27 21:06:17 -------- d-----w- C:\ProgramData\eSellerate
2011-09-27 21:05:56 -------- d-----w- C:\Program Files (x86)\SmartSound Software
2011-09-27 21:05:55 -------- d-----w- C:\ProgramData\SmartSound Software Inc
2011-09-27 21:05:38 -------- d--h--w- C:\Windows\msdownld.tmp
2011-09-27 21:05:38 -------- d-----w- C:\Windows\RegisteredPackages
2011-09-27 21:05:34 -------- d-----w- C:\ProgramData\InterVideo
2011-09-27 21:05:31 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\objectps.dll
2011-09-27 21:05:31 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\IScript.dll
2011-09-27 21:05:31 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\iuser.dll
2011-09-27 21:05:30 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ctor.dll
2011-09-27 21:05:30 212992 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ILog.dll
2011-09-27 21:03:11 -------- d-----w- C:\Program Files (x86)\Windows Media Components
2011-09-27 21:02:52 -------- d-----w- C:\Program Files (x86)\Common Files\Ulead Systems
2011-09-27 21:01:18 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\IKernel.exe
2011-09-27 20:57:57 143360 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-09-27 20:57:57 143360 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-09-27 20:57:57 143360 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-09-27 20:57:57 143360 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-09-27 20:57:57 143360 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-09-27 20:57:57 143360 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-09-27 20:57:57 143360 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-09-27 20:57:02 -------- d-----w- C:\ProgramData\Corel
2011-09-27 20:57:02 -------- d-----w- C:\Program Files (x86)\Common Files\Protexis
2011-09-27 20:55:36 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\Corel
2011-09-27 20:54:07 -------- d-----w- C:\Program Files (x86)\Corel
2011-09-27 20:54:07 -------- d-----w- C:\Program Files (x86)\Common Files\Corel
2011-09-27 20:39:59 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Roaming\Malwarebytes
2011-09-27 20:39:54 -------- d-----w- C:\ProgramData\Malwarebytes
2011-09-27 20:39:51 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-09-27 20:39:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-09-27 20:10:18 -------- d-----w- C:\Program Files\CCleaner
2011-09-27 17:00:22 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Roaming\PCDr
2011-09-27 17:00:02 -------- d-----w- C:\ProgramData\PCDr
2011-09-27 15:23:18 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2011-09-27 15:13:45 -------- d-----w- C:\Program Files (x86)\Common Files\AnswerWorks 5.0
2011-09-27 15:13:43 4199768 ----a-w- C:\Windows\SysWow64\cdintf400.dll
2011-09-27 15:13:21 -------- d-----w- C:\Program Files (x86)\Common Files\Intuit
2011-09-27 15:13:19 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Roaming\Intuit
2011-09-27 15:13:19 -------- d-----w- C:\Program Files (x86)\Quicken
2011-09-27 15:12:55 -------- d-----w- C:\ProgramData\Intuit
2011-09-27 01:37:28 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\Cyberlink
2011-09-27 01:03:12 -------- d-----w- C:\ProgramData\Creative Labs
2011-09-27 01:02:33 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-09-27 01:02:32 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-09-27 00:59:55 53248 ------w- C:\Windows\Ctregrun.exe
2011-09-27 00:59:16 61440 ------w- C:\Windows\SysWow64\CTChkAud.dll
2011-09-27 00:59:16 183296 ------w- C:\Windows\System32\CTOPT352.dll
2011-09-27 00:59:16 166912 ------w- C:\Windows\SysWow64\CTOPT352.dll
2011-09-27 00:59:15 49664 ------w- C:\Windows\System32\CTChkAud.dll
2011-09-27 00:59:15 42496 ------w- C:\Windows\System32\AddCat.exe
2011-09-27 00:55:06 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Roaming\Blio
2011-09-27 00:41:30 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Roaming\Roxio Log Files
2011-09-27 00:40:49 -------- d-----w- C:\Windows\System32\appmgmt
2011-09-27 00:34:31 -------- d-----w- C:\Program Files (x86)\Common Files\Creative Labs Shared
2011-09-27 00:24:29 -------- d-----w- C:\Windows\SysWow64\Wat
2011-09-27 00:24:29 -------- d-----w- C:\Windows\System32\Wat
2011-09-27 00:23:29 -------- d-----w- C:\Program Files (x86)\OpenAL
2011-09-27 00:19:36 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\Thunderbird
2011-09-26 23:08:06 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-09-26 23:07:51 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-09-26 23:07:51 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-09-26 22:29:07 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation
2011-09-26 20:25:31 -------- d-----w- C:\Netgear
2011-09-26 20:23:03 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Roaming\Macrovision
2011-09-26 19:19:32 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\Diagnostics
2011-09-26 19:15:09 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\Nero_AG
2011-09-26 18:45:16 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\Dell
2011-09-26 18:45:11 -------- d-sh--w- C:\System Recovery
2011-09-26 18:44:26 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Roaming\Fingertapps
2011-09-26 18:44:25 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Roaming\Dell
2011-09-26 18:44:13 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Roaming\Dell Touch Zone
2011-09-26 18:44:03 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Roaming\Intel Corporation
2011-09-26 18:43:26 -------- d-----r- C:\Users\Wayne-Rhonda\Virtual Machines
2011-09-26 18:43:06 -------- d-----w- C:\Users\Wayne-Rhonda\AppData\Local\VirtualStore
2011-09-15 23:11:17 113152 ----a-w- C:\Windows\System32\cttele64.dll
2011-09-15 23:11:17 106496 ------w- C:\Windows\SysWow64\cttele32.dll
2011-09-15 23:10:10 466520 ----a-w- C:\Windows\System32\wrap_oal.dll
2011-09-15 23:10:10 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2011-09-15 23:10:10 123480 ----a-w- C:\Windows\System32\OpenAL32.dll
2011-09-15 23:10:10 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2011-09-15 23:10:09 89088 ----a-w- C:\Windows\System32\CmdRtr64.DLL
2011-09-15 23:10:09 73728 ------w- C:\Windows\SysWow64\CmdRtr.DLL
2011-09-15 23:10:09 231424 ----a-w- C:\Windows\System32\APOMgr64.DLL
2011-09-15 23:10:09 178688 ------w- C:\Windows\SysWow64\APOMngr.DLL
2011-09-15 23:10:03 -------- d-----w- C:\Windows\SysWow64\data
2011-09-15 23:10:00 -------- d-----w- C:\Windows\System32\data
2011-09-15 23:09:31 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2011-09-15 23:09:28 -------- d-----w- C:\Program Files\NVIDIA Corporation
2011-09-15 23:01:18 -------- d-----w- C:\Program Files\ZinioReader4
2011-09-15 22:58:39 -------- d-----w- C:\Apps
2011-09-15 22:48:44 97792 ----a-w- C:\Windows\System32\RTNUninst64.dll
2011-09-15 22:48:44 67584 ----a-w- C:\Windows\System32\RtNicProp64.dll
2011-09-15 22:48:44 295424 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2011-09-15 22:48:31 1542656 ----a-w- C:\Windows\System32\drivers\athrx.sys
2011-09-15 22:48:25 176101 ----a-w- C:\Windows\SysWow64\UDATEL32.exe
2011-09-15 22:48:24 77824 ----a-w- C:\Windows\SysWow64\eaxac3.dll
2011-09-15 22:48:22 72704 ----a-w- C:\Windows\System32\CTMLFX64.dll
2011-09-15 22:48:22 627069 ------w- C:\Windows\SysWow64\APOIM64.exe
2011-09-15 22:48:22 177991 ----a-w- C:\Windows\SysWow64\UDATEL64.exe
2011-09-15 22:44:09 -------- d-----w- C:\Windows\System32\oem
2011-09-15 22:44:07 -------- d-----w- C:\Drivers
2011-09-15 21:52:20 -------- d-----w- C:\Program Files\dell stage
2011-09-15 21:49:59 -------- d-----w- C:\ProgramData\Nero
2011-09-15 21:47:47 1974616 ------w- C:\Windows\SysWow64\D3DCompiler_42.dll
2011-09-15 21:47:32 1892184 ------w- C:\Windows\SysWow64\D3DX9_42.dll
2011-09-15 21:47:18 4379984 ------w- C:\Windows\SysWow64\D3DX9_40.dll
2011-09-15 21:44:44 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2011-09-15 21:44:42 158832 ----a-w- C:\Windows\System32\mfevtps.exe
2011-09-15 21:44:37 -------- d-----w- C:\Program Files\Common Files\mcafee
2011-09-15 21:44:37 -------- d-----w- C:\Program Files (x86)\mcafee.com
2011-09-15 21:44:36 -------- d-----w- C:\Program Files\mcafee.com
2011-09-15 21:44:36 -------- d-----w- C:\Program Files\mcafee
2011-09-15 21:44:36 -------- d-----w- C:\Program Files (x86)\McAfee
2011-09-15 21:44:36 -------- d-----w- C:\Program Files (x86)\Common Files\mcafee
2011-09-15 21:43:10 55856 ------w- C:\Windows\System32\drivers\PxHlpa64.sys
2011-09-15 21:43:10 10224 ------w- C:\Windows\System32\drivers\cdralw2k.sys
2011-09-15 21:43:10 10224 ------w- C:\Windows\System32\drivers\cdr4_xp.sys
2011-09-15 21:42:16 -------- d-----w- C:\Program Files (x86)\Roxio
2011-09-15 21:40:03 -------- d-----w- C:\Program Files (x86)\Microsoft
2011-09-15 21:39:42 -------- d-----w- C:\Program Files\Dell Support Center
2011-09-15 21:38:34 -------- d-----w- C:\Program Files (x86)\PlayReady
2011-09-15 21:37:45 -------- d-----w- C:\Windows\en
2011-09-15 21:37:24 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-09-15 21:36:52 -------- d-----w- C:\Windows\PCHEALTH
2011-09-15 21:36:22 69464 ------w- C:\Windows\SysWow64\XAPOFX1_3.dll
2011-09-15 21:36:22 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2011-09-15 21:36:22 515416 ------w- C:\Windows\SysWow64\XAudio2_5.dll
2011-09-15 21:36:22 453456 ------w- C:\Windows\SysWow64\d3dx10_42.dll
2011-09-15 21:33:50 841280 ----a-w- C:\Windows\System32\PhotoStageScrSaver.scr
2011-09-15 21:33:21 -------- d-----w- C:\Program Files (x86)\Dell Digital Delivery
2011-09-15 21:33:02 -------- d-----w- C:\Program Files (x86)\Dell Stage
2011-09-15 21:32:23 -------- d-----w- C:\Program Files (x86)\Dell
2011-09-15 21:32:06 -------- d-----w- C:\ProgramData\install_clap
2011-09-15 21:29:57 -------- d-----w- C:\Temp
2011-09-15 21:29:32 151656 ----a-w- C:\Windows\System32\drivers\WimFltr.sys
2011-09-15 21:29:16 -------- d-----w- C:\Program Files (x86)\Dell DataSafe Local Backup
2011-09-15 21:27:44 -------- d-----w- C:\Program Files (x86)\Citrix
2011-09-15 21:24:57 540696 ----a-w- C:\Windows\System32\drivers\iaStor.sys
2011-09-15 21:24:57 -------- d-----w- C:\Intel
2011-09-15 21:24:50 521448 ----a-w- C:\Windows\System32\deployJava1.dll
2011-09-15 21:24:24 472808 ------w- C:\Windows\SysWow64\deployJava1.dll
2011-09-15 21:23:42 -------- d-----w- C:\Program Files\Windows XP Mode
2011-09-15 21:19:16 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-15 21:19:12 -------- d-----w- C:\Program Files\Dell Inc
2011-09-15 21:17:37 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-09-15 21:17:37 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-09-15 21:15:26 7062 ----a-w- C:\Windows\SysWow64\audiopid.vxd
2011-09-15 21:15:04 -------- d--h--w- C:\Program Files (x86)\Creative Installation Information
2011-09-15 21:15:04 -------- d-----w- C:\Program Files (x86)\Common Files\Creative
2011-09-15 21:14:41 -------- d-----w- C:\Program Files\Creative
2011-09-15 21:14:38 -------- d-----w- C:\Program Files (x86)\Creative
2011-09-15 21:14:24 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-09-15 21:14:23 729088 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-09-15 21:14:23 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2011-09-15 21:14:23 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2011-09-15 21:14:23 311428 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2011-09-15 21:14:23 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-09-15 21:14:23 192512 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-09-15 21:14:23 188548 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
.
==================== Find3M ====================
.
2011-09-27 01:40:13 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2011-09-27 01:40:12 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2011-09-27 01:40:12 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2011-09-15 22:46:06 86528 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2011-08-15 17:00:06 75672 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2011-08-15 17:00:06 65128 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2011-08-15 17:00:06 642824 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2011-08-15 17:00:06 481504 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2011-08-15 17:00:06 283744 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2011-08-15 17:00:06 228752 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2011-08-15 17:00:06 158584 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2011-08-15 17:00:06 100904 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2011-08-03 10:31:54 311912 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 16:42:39.03 ===============

Link to post
Share on other sites

Not sure what or how I got infected. Purchased full version of Malwarebytes. It found several infected files and removed them.

The real time protection keeps popping a window showing various outgoing IPs blocked.

I downloaded DDS, and tried to run it several times (with McAfee and Malwarebytes disabled and ethernet unplugged) but it wouldn't finish. So I downloaded and ran OTL; that scan worked.

Here is the real time protection log:


22:06:11 Dave Spackman MESSAGE IP Protection stopped
22:24:56 (null) MESSAGE Protection started successfully
22:25:24 (null) MESSAGE IP Protection started successfully
22:27:18 Dave Spackman IP-BLOCK 83.133.124.196 (Type: outgoing)
22:27:21 Dave Spackman IP-BLOCK 83.133.124.196 (Type: outgoing)
22:27:27 Dave Spackman IP-BLOCK 83.133.124.196 (Type: outgoing)
22:27:28 Dave Spackman MESSAGE IP Protection stopped
22:27:32 Dave Spackman MESSAGE Database updated successfully
22:27:33 Dave Spackman MESSAGE IP Protection started successfully
22:27:39 Dave Spackman IP-BLOCK 83.133.119.155 (Type: outgoing)
22:27:42 Dave Spackman IP-BLOCK 83.133.119.155 (Type: outgoing)
22:34:37 Dave Spackman IP-BLOCK 146.185.250.137 (Type: outgoing)
22:34:40 Dave Spackman IP-BLOCK 146.185.250.137 (Type: outgoing)
22:34:46 Dave Spackman IP-BLOCK 146.185.250.137 (Type: outgoing)
22:34:58 Dave Spackman IP-BLOCK 146.185.250.138 (Type: outgoing)
22:35:01 Dave Spackman IP-BLOCK 146.185.250.138 (Type: outgoing)
22:35:07 Dave Spackman IP-BLOCK 146.185.250.138 (Type: outgoing)
22:35:19 Dave Spackman IP-BLOCK 146.185.250.139 (Type: outgoing)
22:35:22 Dave Spackman IP-BLOCK 146.185.250.139 (Type: outgoing)
22:35:28 Dave Spackman IP-BLOCK 146.185.250.139 (Type: outgoing)
22:35:37 Dave Spackman IP-BLOCK 146.185.250.137 (Type: outgoing)
22:35:40 Dave Spackman IP-BLOCK 146.185.250.137 (Type: outgoing)
22:35:46 Dave Spackman IP-BLOCK 146.185.250.137 (Type: outgoing)
22:35:58 Dave Spackman IP-BLOCK 146.185.250.138 (Type: outgoing)
22:36:01 Dave Spackman IP-BLOCK 146.185.250.138 (Type: outgoing)
22:36:07 Dave Spackman IP-BLOCK 146.185.250.138 (Type: outgoing)
22:36:19 Dave Spackman IP-BLOCK 63.223.106.17 (Type: outgoing)
22:36:22 Dave Spackman IP-BLOCK 63.223.106.17 (Type: outgoing)
22:36:28 Dave Spackman IP-BLOCK 63.223.106.17 (Type: outgoing)
22:36:37 Dave Spackman IP-BLOCK 146.185.250.137 (Type: outgoing)
22:36:40 Dave Spackman IP-BLOCK 146.185.250.137 (Type: outgoing)
22:36:46 Dave Spackman IP-BLOCK 146.185.250.137 (Type: outgoing)
22:36:58 Dave Spackman IP-BLOCK 146.185.250.137 (Type: outgoing)
22:37:01 Dave Spackman IP-BLOCK 146.185.250.137 (Type: outgoing)
22:37:07 Dave Spackman IP-BLOCK 146.185.250.137 (Type: outgoing)
22:37:19 Dave Spackman IP-BLOCK 146.185.250.138 (Type: outgoing)
22:37:22 Dave Spackman IP-BLOCK 146.185.250.138 (Type: outgoing)
22:37:28 Dave Spackman IP-BLOCK 146.185.250.138 (Type: outgoing)
22:37:40 Dave Spackman IP-BLOCK 146.185.250.139 (Type: outgoing)
22:37:43 Dave Spackman IP-BLOCK 146.185.250.139 (Type: outgoing)
22:37:49 Dave Spackman IP-BLOCK 146.185.250.139 (Type: outgoing)
22:37:58 Dave Spackman IP-BLOCK 141.136.16.102 (Type: outgoing)
22:38:01 Dave Spackman IP-BLOCK 141.136.16.102 (Type: outgoing)
22:38:07 Dave Spackman IP-BLOCK 141.136.16.102 (Type: outgoing)
22:38:19 Dave Spackman IP-BLOCK 141.136.16.108 (Type: outgoing)
22:38:22 Dave Spackman IP-BLOCK 141.136.16.108 (Type: outgoing)
22:38:28 Dave Spackman IP-BLOCK 141.136.16.108 (Type: outgoing)
22:38:40 Dave Spackman IP-BLOCK 146.185.250.137 (Type: outgoing)
22:38:43 Dave Spackman IP-BLOCK 146.185.250.137 (Type: outgoing)
22:38:49 Dave Spackman IP-BLOCK 146.185.250.137 (Type: outgoing)
22:38:58 Dave Spackman IP-BLOCK 63.223.106.17 (Type: outgoing)
22:39:01 Dave Spackman IP-BLOCK 63.223.106.17 (Type: outgoing)
22:39:07 Dave Spackman IP-BLOCK 63.223.106.17 (Type: outgoing)
22:54:40 Dave Spackman IP-BLOCK 146.185.250.137 (Type: outgoing)
22:54:43 Dave Spackman IP-BLOCK 146.185.250.137 (Type: outgoing)
22:54:49 Dave Spackman IP-BLOCK 146.185.250.137 (Type: outgoing)
22:55:01 Dave Spackman IP-BLOCK 146.185.250.138 (Type: outgoing)
22:55:04 Dave Spackman IP-BLOCK 146.185.250.138 (Type: outgoing)
22:55:10 Dave Spackman IP-BLOCK 146.185.250.138 (Type: outgoing)
22:55:22 Dave Spackman IP-BLOCK 146.185.250.139 (Type: outgoing)
22:55:25 Dave Spackman IP-BLOCK 146.185.250.139 (Type: outgoing)
22:55:31 Dave Spackman IP-BLOCK 146.185.250.139 (Type: outgoing)
22:55:40 Dave Spackman IP-BLOCK 146.185.250.137 (Type: outgoing)
22:55:43 Dave Spackman IP-BLOCK 146.185.250.137 (Type: outgoing)
22:55:46 Dave Spackman MESSAGE IP Protection stopped

Here is the Hijeckthis log:
[code]
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:03:20 PM, on 11/23/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Wireless-G Internet Home Monitoring Camera\Monitor.exe
C:\Program Files\Wireless-G Internet Home Monitoring Camera\Recorder.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\System32\ping.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080616
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Monitor.exe] C:\Program Files\Wireless-G Internet Home Monitoring Camera\Monitor.exe
O4 - HKLM\..\Run: [Recorder.exe] C:\Program Files\Wireless-G Internet Home Monitoring Camera\Recorder.exe
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\mcsniepl.dll
O18 - Filter hijack: text/html - {5476e176-a873-4741-980b-07cc56a33ed7} - C:\WINDOWS\msvcirt32.dll
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 6221 bytes

DDS.txt

Extras.Txt

OTL.Txt

Link to post
Share on other sites

Sorry about the multiple posts and attaching some of the logs...I tried doing it as one post and it wouldn't work.

Here is the HijackThis log:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:03:20 PM, on 11/23/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Wireless-G Internet Home Monitoring Camera\Monitor.exe
C:\Program Files\Wireless-G Internet Home Monitoring Camera\Recorder.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\System32\ping.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080616
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Monitor.exe] C:\Program Files\Wireless-G Internet Home Monitoring Camera\Monitor.exe
O4 - HKLM\..\Run: [Recorder.exe] C:\Program Files\Wireless-G Internet Home Monitoring Camera\Recorder.exe
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\mcsniepl.dll
O18 - Filter hijack: text/html - {5476e176-a873-4741-980b-07cc56a33ed7} - C:\WINDOWS\msvcirt32.dll
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 6221 bytes

Can you help me stop the outgoing IPs and figure out what is infected?

Thanks!!!

Happy Thanksgiving!

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Don't use code tags please.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

  • 2 weeks later...
  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.