Jump to content

Recommended Posts

.

DDS (Ver_11-03-05.01) - NTFS_AMD64

Run by COENLabtop at 23:49:47.67 on Mon 05/09/2011

Internet Explorer: 9.0.8112.16421

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3957.1695 [GMT -7:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG10\avgchsva.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Program Files (x86)\AVG\AVG10\avgfws.exe

C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe

c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files (x86)\AVG\AVG10\avgam.exe

C:\Program Files (x86)\AVG\AVG10\avgnsa.exe

C:\Program Files (x86)\AVG\AVG10\avgemca.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\rundll32.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Users\COENLabtop\AppData\Local\Google\Update\1.3.21.53\GoogleCrashHandler.exe

C:\Program Files (x86)\AVG\AVG10\avgtray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\PROGRA~2\AVG\AVG10\avgrsa.exe

C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\System32\msdtc.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Dell\DellDock\DellDock.exe

c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files (x86)\AVG\AVG10\avgtray.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\internet explorer\iexplore.exe

C:\Program Files (x86)\internet explorer\iexplore.exe

C:\Windows\SysWow64\Macromed\Flash\FlashUtil10e.exe

C:\Windows\system32\LogonUI.exe

C:\Program Files\mcafee.com\agent\mcagent.exe

C:\WINDOWS\System32\conhost.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Users\COENLabtop\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\COENLabtop\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\COENLabtop\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\COENLabtop\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\COENLabtop\AppData\Local\Google\Chrome\Application\chrome.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\svchost.exe -k defragsvc

C:\Windows\system32\rundll32.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\taskhost.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Users\COENLabtop\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\COENLabtop\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\COENLabtop\Downloads\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = g.msn.com/USCON/1

uDefault_Page_URL = g.msn.com/USCON/1

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110421182240.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

uRun: [Google Update] "C:\Users\COENLabtop\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [DellSupportCenter] "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRunOnce: [sTToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe

StartupFolder: C:\Users\COENLA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll

Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110421182240.dll

BHO-X64: scriptproxy - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

mRun-x64: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

mRun-x64: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe

mRunOnce-x64: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;C:\WINDOWS\System32\drivers\AVGIDSEH.sys [2011-2-22 26704]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\WINDOWS\System32\drivers\avgrkx64.sys [2011-1-19 37456]

R0 mfehidk;McAfee Inc. mfehidk;C:\WINDOWS\System32\drivers\mfehidk.sys [2010-1-5 529128]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\WINDOWS\System32\drivers\mfewfpk.sys [2010-1-5 283360]

R0 PxHlpa64;PxHlpa64;C:\WINDOWS\System32\drivers\PxHlpa64.sys [2010-6-29 55280]

R1 Avgfwfd;AVG network filter service;C:\WINDOWS\System32\drivers\avgfwd6a.sys [2010-7-12 57696]

R1 Avgldx64;AVG AVI Loader Driver;C:\WINDOWS\System32\drivers\avgldx64.sys [2011-1-7 304720]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\WINDOWS\System32\drivers\avgmfx64.sys [2011-3-1 41552]

R1 Avgtdia;AVG TDI Driver;C:\WINDOWS\System32\drivers\avgtdia.sys [2011-2-10 376400]

R1 mfenlfk;McAfee NDIS Light Filter;C:\WINDOWS\System32\drivers\mfenlfk.sys [2010-1-5 75032]

R1 vwififlt;Virtual WiFi Filter Driver;C:\WINDOWS\System32\drivers\vwififlt.sys [2009-7-13 59904]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-6-29 98208]

R2 AMD External Events Utility;AMD External Events Utility;C:\WINDOWS\System32\atiesrxx.exe [2010-6-29 202752]

R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG10\avgfws.exe [2011-2-8 2707512]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-2-15 7421280]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

R2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2011-4-21 355440]

R2 McNaiAnn;McAfee VirusScan Announcer;"C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2011-4-21 355440]

R2 McProxy;McAfee Proxy Service;"C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2011-4-21 355440]

R2 McShield;McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2010-6-29 200056]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2010-6-29 245352]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe [2010-6-29 149032]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-5-1 1153368]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-6-29 656624]

R2 TurboB;Turbo Boost UI Monitor driver;C:\WINDOWS\System32\drivers\TurboB.sys [2009-11-2 13784]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-6-29 2320920]

R3 amdkmdag;amdkmdag;C:\WINDOWS\System32\drivers\atipmdag.sys [2010-6-29 6233088]

R3 amdkmdap;amdkmdap;C:\WINDOWS\System32\drivers\atikmpag.sys [2010-6-29 161280]

R3 AVGIDSDriver;AVGIDSDriver;C:\WINDOWS\System32\drivers\AVGIDSDriver.sys [2011-3-30 118352]

R3 AVGIDSFilter;AVGIDSFilter;C:\WINDOWS\System32\drivers\AVGIDSFilter.sys [2011-2-10 29264]

R3 BcmVWL;Broadcom Virtual Wireless;C:\WINDOWS\System32\drivers\bcmvwl64.sys [2010-6-29 20984]

R3 cfwids;McAfee Inc. cfwids;C:\WINDOWS\System32\drivers\cfwids.sys [2010-1-5 62800]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\WINDOWS\System32\drivers\CtClsFlt.sys [2010-6-29 172704]

R3 HECIx64;Intel® Management Engine Interface;C:\WINDOWS\System32\drivers\HECIx64.sys [2010-6-29 56344]

R3 Impcd;Impcd;C:\WINDOWS\System32\drivers\Impcd.sys [2010-6-29 151936]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\WINDOWS\System32\drivers\L1C62x64.sys [2010-6-29 74280]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\WINDOWS\System32\drivers\mfeavfk.sys [2010-1-5 190136]

R3 mfefirek;McAfee Inc. mfefirek;C:\WINDOWS\System32\drivers\mfefirek.sys [2010-1-5 441328]

R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2010-11-17 25072]

S3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-18 169312]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-5-1 947528]

S3 btwl2cap;Bluetooth L2CAP Service;C:\WINDOWS\System32\drivers\btwl2cap.sys [2010-6-29 35104]

S3 mferkdet;McAfee Inc. mferkdet;C:\WINDOWS\System32\drivers\mferkdet.sys [2010-1-5 94864]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\WINDOWS\System32\drivers\RtsUStor.sys [2010-6-29 232992]

S3 TsUsbFlt;TsUsbFlt;C:\WINDOWS\System32\drivers\TsUsbFlt.sys [2011-5-1 59392]

S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\WINDOWS\System32\Wat\WatAdminSvc.exe [2011-4-26 1255736]

S4 McOobeSv;McAfee OOBE Service;"C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2011-4-21 355440]

.

=============== Created Last 30 ================

.

2011-05-10 03:13:05 8802128 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{A8F79939-6CA3-4E3A-927A-C9581F0C0828}\mpengine.dll

2011-05-10 03:13:02 270720 ------w- C:\Windows\System32\MpSigStub.exe

2011-05-04 14:57:22 -------- d-----w- C:\Users\COENLA~1\AppData\Local\Diagnostics

2011-05-03 14:36:08 -------- d-----w- C:\Users\COENLabtop\My Backup Files

2011-05-02 07:20:08 -------- d--h--w- C:\$AVG

2011-05-02 06:54:02 -------- d-----w- C:\Users\COENLA~1\AppData\Roaming\AVG10

2011-05-02 06:52:28 -------- d--h--w- C:\PROGRA~3\Common Files

2011-05-02 06:52:15 -------- d-----w- C:\PROGRA~3\AVG Security Toolbar

2011-05-02 06:51:55 -------- d-----w- C:\Windows\SysWow64\drivers\AVG

2011-05-02 06:50:30 -------- d-----w- C:\Windows\System32\drivers\AVG

2011-05-02 06:50:29 -------- d-----w- C:\PROGRA~3\AVG10

2011-05-02 06:49:00 -------- d-----w- C:\Program Files (x86)\AVG

2011-05-02 05:57:49 -------- d-----w- C:\Program Files\Dell Support Center

2011-05-02 05:30:28 -------- d-----w- C:\Users\COENLA~1\AppData\Roaming\PCDr

2011-05-02 03:26:24 -------- d-----w- C:\Users\COENLA~1\AppData\Local\Microsoft Games

2011-05-02 03:23:57 -------- d-----w- C:\Users\COENLA~1\AppData\Roaming\WildTangent

2011-05-02 03:06:27 -------- d-----w- C:\Users\COENLA~1\AppData\Roaming\Malwarebytes

2011-05-02 03:06:21 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-05-02 03:06:20 -------- d-----w- C:\PROGRA~3\Malwarebytes

2011-05-02 03:06:17 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-05-02 03:06:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-05-02 03:01:33 -------- d-----w- C:\PROGRA~3\MFAData

2011-05-02 02:44:09 -------- d-----w- C:\Windows\System32\SPReview

2011-05-02 02:43:45 -------- d-----w- C:\Windows\System32\EventProviders

2011-05-02 02:36:11 48976 ----a-w- C:\Windows\System32\netfxperf.dll

2011-05-02 02:36:11 1942856 ----a-w- C:\Windows\System32\dfshim.dll

2011-05-02 02:36:04 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll

2011-05-02 02:36:01 5563776 ----a-w- C:\Windows\System32\ntoskrnl.exe

2011-05-02 02:36:00 59392 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys

2011-05-02 02:36:00 12288 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll

2011-05-02 02:34:59 689152 ----a-w- C:\Windows\System32\FXSSVC.exe

2011-05-02 02:33:59 840192 ----a-w- C:\Windows\System32\blackbox.dll

2011-05-02 02:31:59 529408 ----a-w- C:\Windows\System32\wbemcomn.dll

2011-05-02 02:31:59 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll

2011-05-02 02:31:59 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll

2011-05-02 02:31:54 933376 ----a-w- C:\Windows\System32\SmiEngine.dll

2011-05-02 02:31:51 199168 ----a-w- C:\Windows\System32\PkgMgr.exe

2011-05-02 02:31:35 422912 ----a-w- C:\Windows\System32\drvstore.dll

2011-05-02 02:31:35 399872 ----a-w- C:\Windows\System32\dpx.dll

2011-05-02 01:45:13 -------- d-----w- C:\Users\COENLA~1\AppData\Local\Google

2011-05-02 01:45:01 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-05-02 01:41:28 -------- d-----w- C:\Users\COENLA~1\AppData\Local\Deployment

2011-05-02 01:41:28 -------- d-----w- C:\Users\COENLA~1\AppData\Local\Apps

2011-05-02 01:35:35 214016 ----a-w- C:\Windows\System32\winsrv.dll

2011-05-02 01:35:34 197120 ----a-w- C:\Windows\System32\d3d10_1.dll

2011-05-02 01:35:33 321024 ----a-w- C:\Windows\System32\d3d10_1core.dll

2011-05-02 01:35:33 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe

2011-05-02 01:35:33 31232 ----a-w- C:\Windows\System32\prevhost.exe

2011-05-02 01:35:33 219136 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll

2011-05-02 01:35:33 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll

2011-05-01 20:09:12 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2011-05-01 20:09:12 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy

2011-05-01 16:17:51 -------- d-----w- C:\Users\COENLabtop\Tracing

2011-04-26 10:28:05 -------- d-----w- C:\Windows\SysWow64\Wat

2011-04-26 10:28:05 -------- d-----w- C:\Windows\System32\Wat

2011-04-26 03:59:32 715776 ----a-w- C:\Windows\System32\kerberos.dll

2011-04-26 03:59:31 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll

2011-04-26 03:57:59 367616 ----a-w- C:\Windows\System32\atmfd.dll

2011-04-26 03:57:59 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll

2011-04-26 03:57:58 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll

2011-04-26 03:57:58 46080 ----a-w- C:\Windows\System32\atmlib.dll

2011-04-26 03:57:58 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2011-04-26 03:57:58 100864 ----a-w- C:\Windows\System32\fontsub.dll

2011-04-26 03:57:04 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe

2011-04-26 03:57:04 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe

2011-04-26 03:57:04 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll

2011-04-21 14:53:19 -------- dc----w- C:\Users\COENLA~1\AppData\Local\MigWiz

2011-04-21 14:51:55 -------- d-----w- C:\Users\COENLA~1\AppData\Roaming\Dell

2011-04-21 14:51:46 -------- d-----w- C:\Users\COENLA~1\AppData\Local\DataSafeOnline

2011-04-21 14:51:40 -------- d-----w- C:\Users\COENLA~1\AppData\Local\Stardock_Corporation

2011-04-21 14:51:31 -------- d-----w- C:\Users\COENLA~1\AppData\Local\SupportSoft

2011-04-21 14:51:31 -------- d-----w- C:\Users\COENLA~1\AppData\Local\ATI

2011-04-21 14:51:01 -------- d-sh--w- C:\$RECYCLE.BIN

2011-04-21 14:51:00 -------- d-----w- C:\Users\COENLA~1\AppData\Local\VirtualStore

2011-04-21 14:50:58 -------- d-----w- C:\Users\COENLA~1\AppData\Local\SoftThinks

2011-04-21 12:14:56 -------- d-----w- C:\Windows\SMINST

.

==================== Find3M ====================

.

2011-05-02 06:32:25 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2011-05-02 06:32:24 175616 ----a-w- C:\Windows\System32\msclmd.dll

2011-03-31 00:17:00 118352 ----a-w- C:\Windows\System32\drivers\AVGIDSDriver.sys

2011-03-12 12:08:49 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll

2011-03-12 11:23:45 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2011-03-11 06:41:37 189824 ----a-w- C:\Windows\System32\drivers\storport.sys

2011-03-11 06:41:34 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys

2011-03-11 06:41:34 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2011-03-11 06:41:34 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys

2011-03-11 06:41:26 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys

2011-03-11 06:41:12 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys

2011-03-11 06:41:12 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys

2011-03-11 06:34:51 1359872 ----a-w- C:\Windows\System32\mfc42u.dll

2011-03-11 06:34:50 1395712 ----a-w- C:\Windows\System32\mfc42.dll

2011-03-11 06:33:29 2565632 ----a-w- C:\Windows\System32\esent.dll

2011-03-11 06:30:28 96768 ----a-w- C:\Windows\System32\fsutil.exe

2011-03-11 05:33:59 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll

2011-03-11 05:33:59 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll

2011-03-11 05:33:09 1699328 ----a-w- C:\Windows\SysWow64\esent.dll

2011-03-11 05:31:07 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe

2011-03-08 06:29:32 976896 ----a-w- C:\Windows\System32\inetcomm.dll

2011-03-08 05:28:29 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll

2011-03-03 03:52:08 3135488 ----a-w- C:\Windows\System32\win32k.sys

2011-03-01 21:25:18 41552 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys

2011-02-25 06:19:30 2871808 ----a-w- C:\Windows\explorer.exe

2011-02-25 05:30:54 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe

2011-02-24 06:15:44 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2011-02-24 05:38:54 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2011-02-23 04:56:31 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys

2011-02-23 04:56:27 467456 ----a-w- C:\Windows\System32\drivers\srv.sys

2011-02-23 04:56:03 411648 ----a-w- C:\Windows\System32\drivers\srv2.sys

2011-02-23 04:55:47 167936 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2011-02-23 04:55:12 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-02-23 04:55:12 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys

2011-02-23 04:55:04 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys

2011-02-22 15:12:46 26704 ----a-w- C:\Windows\System32\drivers\AVGIDSEH.sys

2011-02-19 12:05:15 1139200 ----a-w- C:\Windows\System32\FntCache.dll

2011-02-19 12:04:37 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2011-02-19 12:04:17 902656 ----a-w- C:\Windows\System32\d2d1.dll

2011-02-19 06:30:51 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll

2011-02-19 06:30:50 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2011-02-12 11:34:16 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe

2011-02-10 14:53:58 376400 ----a-w- C:\Windows\System32\drivers\avgtdia.sys

2011-02-10 14:53:34 29264 ----a-w- C:\Windows\System32\drivers\AVGIDSFilter.sys

.

============= FINISH: 23:50:41.40 ===============

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6542

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

5/9/2011 9:38:27 PM

mbam-log-2011-05-09 (21-38-27).txt

Scan type: Quick scan

Objects scanned: 167036

Time elapsed: 2 minute(s), 6 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Attach.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

In the future, please post all logs directly into your reply instead of attaching them. With that said, please update MBAM, run a Quick Scan, and post its log.

With that said, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Thank you, here are the results of Malwarebytes quick scan and Combofix.

MBAM-log-2001-05-15 (14-27-43)

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6586

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

5/15/2011 2:27:43 PM

mbam-log-2011-05-15 (14-27-43).txt

Scan type: Quick scan

Objects scanned: 167577

Time elapsed: 3 minute(s), 7 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

ComboFix Log

ComboFix 11-05-15.03 - COENLabtop 05/15/2011 17:41:58.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3957.2791 [GMT -7:00]

Running from: c:\users\COENLabtop\Desktop\ComboFix.exe

AV: AVG Internet Security 2011 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: AVG Internet Security 2011 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Resident AV is active

.

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\PCDr\5744\Downloads\09c89f7c-3785-4562-bfa2-0294dad219cb.dll

c:\programdata\PCDr\5744\Downloads\211f2e06-18cf-4b15-8d16-613c14340779.dll

c:\programdata\PCDr\5744\Downloads\295a87df-c8df-47c1-8928-31d3bc55eae3.dll

c:\programdata\PCDr\5744\Downloads\7cfc7ddb-2ff0-41ad-a5d7-3e2c7c6da278.dll

c:\programdata\PCDr\5744\Downloads\9f7cb229-6226-4846-9375-1b73ad107c4e.dll

c:\programdata\PCDr\5744\Downloads\aad4193c-5f11-4479-83a6-e739206cb375.dll

c:\programdata\PCDr\5744\Downloads\ccb2bb33-3a38-4a93-93e7-871d4d9be0b6.dll

c:\programdata\PCDr\5744\Downloads\d57ca607-df9e-42be-b6e5-f975ebf2105b.dll

c:\programdata\PCDr\5744\Downloads\db49fe36-7c40-41f5-b9c1-5a7c3297c269.dll

c:\programdata\PCDr\5744\Downloads\e3d50fea-9128-4ef0-9ea5-b4d74186612f.dll

c:\programdata\PCDr\5744\Downloads\e87994e7-694e-4058-a64a-df23fd76e4df.dll

.

.

((((((((((((((((((((((((( Files Created from 2011-04-16 to 2011-05-16 )))))))))))))))))))))))))))))))

.

.

2011-05-16 00:45 . 2011-05-16 00:45 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-05-15 20:22 . 2011-04-18 16:15 8802128 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{979129C3-202E-4609-9A69-48FE94D3E19D}\mpengine.dll

2011-05-10 04:30 . 2011-05-10 04:30 -------- d-----w- c:\program files (x86)\Common Files\Java

2011-05-10 03:13 . 2011-02-03 01:11 270720 ------w- c:\windows\system32\MpSigStub.exe

2011-05-02 06:52 . 2011-05-02 06:52 -------- d--h--w- c:\programdata\Common Files

2011-05-02 06:52 . 2011-05-15 20:28 -------- d-----w- c:\programdata\AVG Security Toolbar

2011-05-02 06:51 . 2011-05-02 06:51 -------- d-----w- c:\windows\SysWow64\drivers\AVG

2011-05-02 06:50 . 2011-05-15 23:07 -------- d-----w- c:\windows\system32\drivers\AVG

2011-05-02 06:50 . 2011-05-16 00:03 -------- d-----w- c:\programdata\AVG10

2011-05-02 06:49 . 2011-05-02 06:49 -------- d-----w- c:\program files (x86)\AVG

2011-05-02 05:57 . 2011-05-02 05:58 -------- d-----w- c:\program files\Dell Support Center

2011-05-02 03:06 . 2010-12-21 01:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-05-02 03:06 . 2011-05-02 03:06 -------- d-----w- c:\programdata\Malwarebytes

2011-05-02 03:06 . 2011-05-03 02:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-05-02 03:06 . 2010-12-21 01:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-02 03:01 . 2011-05-16 00:12 -------- d-----w- c:\programdata\MFAData

2011-05-02 02:44 . 2011-05-02 02:44 -------- d-----w- c:\windows\system32\SPReview

2011-05-02 02:43 . 2011-05-02 02:43 -------- d-----w- c:\windows\system32\EventProviders

2011-05-02 02:36 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll

2011-05-02 02:36 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll

2011-05-02 02:36 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll

2011-05-02 02:36 . 2010-11-20 13:33 5563776 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-05-02 02:36 . 2010-11-20 13:27 12288 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll

2011-05-02 02:36 . 2010-11-20 11:07 59392 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys

2011-05-02 02:34 . 2010-11-20 13:27 1024512 ----a-w- c:\windows\system32\wmpmde.dll

2011-05-02 02:33 . 2010-11-20 13:27 594432 ----a-w- c:\windows\system32\wvc.dll

2011-05-02 02:31 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll

2011-05-02 02:31 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll

2011-05-02 02:31 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll

2011-05-02 02:31 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll

2011-05-02 02:31 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe

2011-05-02 02:31 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll

2011-05-02 02:31 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll

2011-05-02 01:45 . 2011-04-14 12:07 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-05-02 01:35 . 2010-12-17 11:42 214016 ----a-w- c:\windows\system32\winsrv.dll

2011-05-02 01:35 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll

2011-05-02 01:35 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe

2011-05-02 01:35 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe

2011-05-02 01:35 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll

2011-05-02 01:35 . 2010-11-20 13:26 321024 ----a-w- c:\windows\system32\d3d10_1core.dll

2011-05-02 01:35 . 2010-11-20 12:18 219136 ----a-w- c:\windows\SysWow64\d3d10_1core.dll

2011-05-01 20:09 . 2011-05-01 21:14 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-05-01 20:09 . 2011-05-01 20:40 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2011-04-30 17:15 . 2011-04-30 17:33 -------- d-----w- c:\programdata\Creative

2011-04-29 03:15 . 2011-04-29 03:15 -------- d-----w- c:\users\McKenzie

2011-04-26 10:28 . 2011-04-26 10:28 -------- d-----w- c:\windows\SysWow64\Wat

2011-04-26 10:28 . 2011-04-26 10:28 -------- d-----w- c:\windows\system32\Wat

2011-04-26 03:59 . 2010-12-17 11:40 715776 ----a-w- c:\windows\system32\kerberos.dll

2011-04-26 03:59 . 2010-12-17 07:07 542208 ----a-w- c:\windows\SysWow64\kerberos.dll

2011-04-26 03:57 . 2011-02-19 09:00 367616 ----a-w- c:\windows\system32\atmfd.dll

2011-04-26 03:57 . 2011-02-19 04:34 294912 ----a-w- c:\windows\SysWow64\atmfd.dll

2011-04-26 03:57 . 2011-02-19 12:03 46080 ----a-w- c:\windows\system32\atmlib.dll

2011-04-26 03:57 . 2011-02-19 06:30 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2011-04-26 03:57 . 2010-09-30 10:41 100864 ----a-w- c:\windows\system32\fontsub.dll

2011-04-26 03:57 . 2010-09-30 06:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll

2011-04-26 03:57 . 2011-03-03 06:24 183296 ----a-w- c:\windows\system32\dnsrslvr.dll

2011-04-26 03:57 . 2011-03-03 06:21 30208 ----a-w- c:\windows\system32\dnscacheugc.exe

2011-04-26 03:57 . 2011-03-03 05:36 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe

2011-04-21 14:50 . 2011-04-21 14:50 -------- d-----w- c:\users\Default\AppData\Local\SoftThinks

2011-04-21 14:46 . 2011-05-10 06:51 -------- d-----w- c:\users\COENLabtop

2011-04-21 12:14 . 2011-04-21 12:35 -------- d-----w- c:\windows\SMINST

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-02 06:32 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2011-05-02 06:32 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2011-04-15 04:28 . 2011-04-15 04:28 118864 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys

2011-04-05 07:59 . 2011-04-05 07:59 377936 ----a-w- c:\windows\system32\drivers\avgtdia.sys

2011-03-16 23:03 . 2011-03-16 23:03 37456 ----a-w- c:\windows\system32\drivers\avgrkx64.sys

2011-03-01 21:25 . 2011-03-01 21:25 41552 ----a-w- c:\windows\system32\drivers\avgmfx64.sys

2011-02-22 15:12 . 2011-02-22 15:12 26704 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-01-17 1484856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2009-12-02 165104]

.

c:\users\McKenzie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

.

c:\users\COENLabtop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" /runkey

.

R2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]

R2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG10\avgfws.exe [x]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [x]

R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [x]

R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-18 169312]

R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]

R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2010-11-18 25072]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2010-03-10 355440]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2010-03-10 355440]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-14 245352]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-10-14 149032]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-12-02 656624]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]

S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343146785-444727320-1981398563-1001Core.job

- c:\users\COENLabtop\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-02 01:45]

.

2011-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343146785-444727320-1981398563-1001UA.job

- c:\users\COENLabtop\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-02 01:45]

.

2011-05-02 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]

.

2011-05-15 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-03 10038304]

"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-01-05 3178064]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"DSUpdateLauncher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" [2009-11-24 18160]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = g.msn.com/USCON/1

mLocal Page = c:\windows\SysWOW64\blank.htm

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll

Toolbar-Locked - (no file)

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll

Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe

Wow6432Node-HKLM-Run-AVG_TRAY - c:\program files (x86)\AVG\AVG10\avgtray.exe

Notify-GoToAssist - (no file)

Toolbar-Locked - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]

"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-05-15 17:47:52

ComboFix-quarantined-files.txt 2011-05-16 00:47

.

Pre-Run: 441,517,518,848 bytes free

Post-Run: 441,074,036,736 bytes free

.

- - End Of File - - 1223549B71F817CFB98126CC9045BF15

ComboFix-quarantined-files.txt

2011-05-16 00:46:59 . 2011-05-16 00:46:59 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-SynTPEnh.reg.dat

2011-05-16 00:46:58 . 2011-05-16 00:46:58 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829}.reg.dat

2011-05-16 00:46:58 . 2011-05-16 00:46:58 92 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat

2011-05-16 00:46:51 . 2011-05-16 00:46:51 274 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Notify-GoToAssist.reg.dat

2011-05-16 00:46:44 . 2011-05-16 00:46:44 92 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKLM-Run-AVG_TRAY.reg.dat

2011-05-16 00:46:44 . 2011-05-16 00:46:44 92 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKLM-Run-DellSupportCenter.reg.dat

2011-05-16 00:46:43 . 2011-05-16 00:46:43 461 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829}.reg.dat

2011-05-16 00:46:43 . 2011-05-16 00:46:43 104 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-Locked.reg.dat

2011-05-16 00:46:42 . 2011-05-16 00:46:42 509 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C}.reg.dat

2011-05-16 00:44:29 . 2011-05-16 00:44:29 7,348 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

2011-05-16 00:39:52 . 2011-05-16 00:39:52 51 ----a-w- C:\Qoobox\Quarantine\catchme.log

2011-05-06 19:54:55 . 2011-05-06 19:54:56 26,192 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\5744\Downloads\09c89f7c-3785-4562-bfa2-0294dad219cb.dll.vir

2011-05-06 14:55:31 . 2011-05-06 14:55:31 26,704 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\5744\Downloads\211f2e06-18cf-4b15-8d16-613c14340779.dll.vir

2011-05-03 16:30:08 . 2011-05-03 16:30:08 26,704 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\5744\Downloads\9f7cb229-6226-4846-9375-1b73ad107c4e.dll.vir

2011-05-03 15:52:14 . 2011-05-03 15:52:14 25,680 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\5744\Downloads\e87994e7-694e-4058-a64a-df23fd76e4df.dll.vir

2011-05-03 15:45:36 . 2011-05-03 15:45:36 25,680 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\5744\Downloads\d57ca607-df9e-42be-b6e5-f975ebf2105b.dll.vir

2011-04-26 20:08:52 . 2011-04-26 20:08:52 47,696 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\5744\Downloads\295a87df-c8df-47c1-8928-31d3bc55eae3.dll.vir

2011-04-26 19:46:37 . 2011-04-26 19:46:37 26,192 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\5744\Downloads\aad4193c-5f11-4479-83a6-e739206cb375.dll.vir

2011-04-26 19:38:53 . 2011-04-26 19:38:53 26,192 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\5744\Downloads\ccb2bb33-3a38-4a93-93e7-871d4d9be0b6.dll.vir

2011-04-19 23:27:12 . 2011-04-19 23:27:12 26,192 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\5744\Downloads\e3d50fea-9128-4ef0-9ea5-b4d74186612f.dll.vir

2011-04-19 22:31:59 . 2011-04-19 22:31:59 25,680 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\5744\Downloads\7cfc7ddb-2ff0-41ad-a5d7-3e2c7c6da278.dll.vir

2011-04-19 22:21:37 . 2011-04-19 22:21:38 26,192 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\5744\Downloads\db49fe36-7c40-41f5-b9c1-5a7c3297c269.dll.vir

Link to post
Share on other sites

  • Staff

Hi,

I notice that you are using more than one antivirus program (AVG and McAfee). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

  • 2 weeks later...

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6427

# api_version=3.0.2

# EOSSerial=ea2b0c9dfa64a8458dec37a0206e3229

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-06-02 04:23:48

# local_time=2011-06-01 09:23:48 (-0800, Pacific Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=1024 16777215 100 0 0 0 0 0

# compatibility_mode=5121 16777214 16 10 0 19979148 0 0

# compatibility_mode=5893 16776573 100 94 1408830 58529602 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=137244

# found=1

# cleaned=1

# scan_time=2475

C:\Users\COENLabtop\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000107 JS/Kryptik.AI trojan (deleted - quarantined) 00000000000000000000000000000000 C

Results of screen317's Security Check version 0.99.12

Windows 7 (UAC is enabled)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

ESET Online Scanner v3

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 25

Adobe Flash Player

Adobe Reader 9.1.2

Out of date Adobe Reader installed!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbam.exe

``````````End of Log````````````

Issues that I am still having:

1. When in any web browser clicking on any weblink or typing direct website links into the web browser address either an additional tab is opened for a non-requested website or a new tab is opened for a non-requested website.

2. Assumptions:

A. This maybe some javascript program or javascript the has been modified in a program that redirects the websites

B. This is not specific to my computer but to the wifi and routers as our neighbor provides us our dsl and both he and my husbands computer have this virus (it is in our network) and we have all had it for about the same period of time

C. When accessing our network with the passkey safari will also be redirected on my iphone but it stops after closing the wifi

D. When sinking the iphone to the infected network/laptop the iphone will have the program installed in it and will also redirect the website without wifi access, turning on the debug console will show the js script that is trying to redirect to other websites as an error and will stop the redirect. By resetting the software to initial status, the installed infection software is removed and no further redirects/errors are detected in the iphone.

3. Additional details: This laptop was purchased last year in August, I have already wiped it clean back to factory install, the redirect virus attached itself shortly after getting on the wifi. I have run multiple virus programs to no avail in finding the problem or any virus, but alas it does find the new viruses that are being loaded when the browsers are redirected to those websites. I do not have access to the router that my access point router is connected to. I have ipconfig flushdns, etc. My neighbor has recently switch DSL providers to COMCAST.

4. One of the websites that originally is redirected to is mygeek

5. I have a netgear access point, and my I do now know what my neighbor has.

So far that is all the data I have one this issue. Thank you for your assistance.

Link to post
Share on other sites

  • Staff

Hi,

Looks like your router is infected.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

Adobe Flash Player

Adobe Reader 9.1.2

ESET Online Scanner v3

Restart your computer.

Get the latest version of Adobe Reader and Adobe Flash Player.

1. Very important: First disconnect your computers from the Internet.

2. Router Reset: Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into the small hole labeled Reset located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 30 seconds).

3. Reset the IP/DNS settings of your Internet connection on each computer connected:

  • Go to Start -> Control Panel -> Double click on Network Connections.
  • Right click on your default connection (usually Local Area Connection or Wireless Network Connection) and select Properties.
  • Select the General tab.
  • Double click on Internet Protocol (TCP/IP).
    • Under General tab:
      • Select "Obtain an IP address automatically".
      • Select "Obtain DNS server address automatically".

    [*]Click OK twice to save the settings.

    [*]Reboot if you had to change any setting.

4. Flush the DNS cache:

  • Click the Start logo in the bottom left corner of the screen
  • Click on Run
  • In the command window copy/paste the following:
    ipconfig /flushdns


  • Then hit enter.
  • Exit the command window.

5. Reconnect: Once you have followed all the above steps you can reconnect your computer to the internet.

-screen317

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.