Jump to content

Assistance cleaning system


Recommended Posts

My system still seems to be experiencing problems, despite removal of the threat within MBAM.

Thanks for your help.

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7234

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

7/23/2011 1:24:24 AM

mbam-log-2011-07-23 (01-24-24).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|P:\|S:\|U:\|)

Objects scanned: 509583

Time elapsed: 4 hour(s), 33 minute(s), 28 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Value: ForceClassicControlPanel -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

.

DDS (Ver_2011-06-23.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

Run by kreuserj at 17:02:41 on 2011-07-24

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8126.6062 [GMT -4:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac8529709a50c498\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe

C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac8529709a50c498\AESTSr64.exe

C:\PROGRA~2\ESRI\License\arcgis9x\lmgrd.exe

C:\Windows\system32\conhost.exe

c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\PROGRA~2\ESRI\License\arcgis9x\lmgrd.exe

D:\Program Files (x86)\Dell\Reader 2.0\DVMExportService.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Sunbelt Software\SBEAgent\SBPIMSvc.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\PROGRA~2\ESRI\License\arcgis9x\ARCGIS.exe

C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe

c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe

C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Logitech\SetPoint\LBTWiz.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\System32\StikyNot.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Users\kreuserj\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Windows\SysWOW64\RunDll32.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

D:\Program Files (x86)\Dell\Reader 2.0\DellBtrEvent.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Sunbelt Software\SBEAgent\SBAMSvc.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\unsecapp.exe

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Sunbelt Software\SBEAgent\SBAMTray.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.msu.edu/

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [Google Update] "C:\Users\kreuserj\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"

mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun: [DellBtrEvent] D:\Program Files (x86)\Dell\Reader 2.0\DellBtrEvent.exe

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

mRun: [<NO NAME>]

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sBAMTray] "C:\Program Files (x86)\Sunbelt Software\SBEAgent\SBAMTray.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [backupNowEZtray] "C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe" -k

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLCO~1.LNK - C:\Program Files (x86)\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TDMNOT~1.LNK - C:\Program Files (x86)\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe

uPolicies-explorer: NoWelcomeScreen = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: MaxGPOScriptWait = 120 (0x78)

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{49C2D582-1CF0-437E-8E69-E60820A9BEB4} : DhcpNameServer = 35.8.98.43 35.8.2.41

TCP: Interfaces\{BD9D1559-6253-466A-83F3-DCAB031BC3AE} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{BD9D1559-6253-466A-83F3-DCAB031BC3AE}\36F6361636F6C616 : DhcpNameServer = 192.168.1.1 209.94.172.166 209.94.172.167

TCP: Interfaces\{BD9D1559-6253-466A-83F3-DCAB031BC3AE}\4427E2027527967686470275962756C65637370225D402133333 : DhcpNameServer = 10.0.1.1

TCP: Interfaces\{BD9D1559-6253-466A-83F3-DCAB031BC3AE}\4496E6370284F6D656 : DhcpNameServer = 68.115.71.53 68.113.206.10 66.189.0.100

TCP: Interfaces\{BD9D1559-6253-466A-83F3-DCAB031BC3AE}\56E6A6F697 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{BD9D1559-6253-466A-83F3-DCAB031BC3AE}\97168647A75656 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{BD9D1559-6253-466A-83F3-DCAB031BC3AE}\D43555E656470275962756C65637370223E203 : DhcpNameServer = 35.8.98.43 35.8.2.41

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

LSA: Authentication Packages = msv1_0 wvauth

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: SmartSelect - No File

TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"

mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun-x64: [DellBtrEvent] D:\Program Files (x86)\Dell\Reader 2.0\DellBtrEvent.exe

mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

mRun-x64: [(Default)]

mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sBAMTray] "C:\Program Files (x86)\Sunbelt Software\SBEAgent\SBAMTray.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [backupNowEZtray] "C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe" -k

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\kreuserj\AppData\Roaming\Mozilla\Firefox\Profiles\8fztze6h.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.type - 0

FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll

FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\NOS\bin\np_gp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\kreuserj\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: C:\Users\kreuserj\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\kreuserj\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R0 stdflt;Disk Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdfltn.sys --> C:\Windows\system32\DRIVERS\stdfltn.sys [?]

R1 DVMIO;DVMIO;D:\Program Files (x86)\Dell\Reader 2.0\dvmio_x64.sys [2009-7-21 17496]

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2010-5-13 98392]

R1 SbTis;SbTis;C:\Windows\system32\drivers\sbtis.sys --> C:\Windows\system32\drivers\sbtis.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac8529709a50c498\AESTSr64.exe [2010-5-13 89600]

R2 ArcGIS License Manager;ArcGIS License Manager;C:\PROGRA~2\ESRI\License\arcgis9x\lmgrd.exe [2010-6-2 1431440]

R2 buttonsvc64;Dell ControlPoint Button Service;C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2009-11-20 373024]

R2 Credential Vault Host Control Service;Credential Vault Host Control Service;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2009-12-17 1039776]

R2 Credential Vault Host Storage;Credential Vault Host Storage;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2009-12-17 31136]

R2 dcpsysmgrsvc;Dell ControlPoint System Manager;C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2009-12-10 515872]

R2 DvmMDES;DeviceVM Meta Data Export Service;D:\Program Files (x86)\Dell\Reader 2.0\DVMExportService.exe [2009-8-3 327680]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-5-13 13336]

R2 InstallFilterService;FF Install Filter Service;C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [2010-5-13 60928]

R2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe [2010-9-17 45312]

R2 risdpcie;risdpcie;C:\Windows\system32\DRIVERS\risdpe64.sys --> C:\Windows\system32\DRIVERS\risdpe64.sys [?]

R2 SBAMSvc;VIPRE Enterprise Agent;C:\Program Files (x86)\Sunbelt Software\SBEAgent\SBAMSvc.exe [2010-9-23 2763080]

R2 SBPIMSvc;SB Recovery Service;C:\Program Files (x86)\Sunbelt Software\SBEAgent\SBPIMSvc.exe [2010-9-23 181584]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-5-13 2314240]

R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]

R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]

R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]

R3 cvusbdrv;Dell ControlVault;C:\Windows\system32\Drivers\cvusbdrv.sys --> C:\Windows\system32\Drivers\cvusbdrv.sys [?]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]

R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-6-2 1153368]

S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

S3 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimspe64.sys --> C:\Windows\system32\DRIVERS\rimspe64.sys [?]

S3 rixdpcie;rixdpcie;C:\Windows\system32\DRIVERS\rixdpe64.sys --> C:\Windows\system32\DRIVERS\rixdpe64.sys [?]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2011-07-24 20:23:52 8578896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AFAFCF1F-F1F0-4184-9713-3DD8C4C05877}\mpengine.dll

2011-07-19 23:17:47 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll

2011-07-19 23:17:47 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll

2011-07-19 21:36:33 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll

2011-07-18 21:29:28 -------- d-----w- C:\ProgramData\NTIReg

2011-07-18 21:23:55 18432 ----a-w- C:\Windows\System32\drivers\NTIDrvr.sys

2011-07-18 21:23:54 16896 ----a-w- C:\Windows\System32\drivers\UBHelper.sys

2011-07-18 21:23:40 -------- d-----w- C:\Windows\SysWow64\drivers\nti\Xp_x86

2011-07-18 21:23:40 -------- d-----w- C:\Windows\SysWow64\drivers\nti\w2k_x86

2011-07-18 21:23:40 -------- d-----w- C:\Windows\SysWow64\drivers\nti\Vista_x86

2011-07-18 21:23:40 -------- d-----w- C:\Windows\SysWow64\drivers\nti\Vista_ia64

2011-07-18 21:23:40 -------- d-----w- C:\Windows\SysWow64\drivers\nti\Vista_amd64

2011-07-18 21:23:40 -------- d-----w- C:\Windows\SysWow64\drivers\nti\2003_x86

2011-07-18 21:23:40 -------- d-----w- C:\Windows\SysWow64\drivers\nti\2003_ia64

2011-07-18 21:23:40 -------- d-----w- C:\Windows\SysWow64\drivers\nti\2003_amd64

2011-07-18 21:23:31 -------- d-----w- C:\Windows\SysWow64\drivers\nti

2011-07-18 21:23:31 -------- d-----w- C:\Program Files (x86)\NewTech Infosystems

2011-07-18 17:19:21 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{922839D8-CD65-4852-99BD-26212DDD0AE8}\mpengine.dll

2011-07-18 17:10:48 8873296 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll

2011-07-13 15:08:38 -------- d-----w- C:\Users\kreuserj\AppData\Local\Google

2011-07-12 20:07:58 80384 ----a-w- C:\Windows\System32\drivers\BTHUSB.SYS

2011-07-02 20:57:25 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll

2011-07-02 20:57:25 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll

2011-07-02 20:57:25 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe

2011-07-02 20:57:25 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll

2011-07-02 20:57:24 64512 ----a-w- C:\Windows\SysWow64\devobj.dll

2011-07-02 20:57:10 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe

2011-07-02 20:57:10 2315776 ----a-w- C:\Windows\System32\tquery.dll

2011-07-02 20:57:10 2223616 ----a-w- C:\Windows\System32\mssrch.dll

2011-07-02 20:57:09 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe

2011-07-02 20:57:09 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll

2011-07-02 20:57:08 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe

2011-07-02 20:57:08 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll

2011-07-02 20:56:59 491520 ----a-w- C:\Windows\System32\mssph.dll

2011-07-02 20:56:59 337408 ----a-w- C:\Windows\SysWow64\mssph.dll

2011-07-02 20:56:59 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe

2011-07-02 20:56:58 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe

2011-07-02 20:56:58 778752 ----a-w- C:\Windows\System32\mssvp.dll

2011-07-02 20:56:58 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll

2011-07-02 20:56:58 288256 ----a-w- C:\Windows\System32\mssphtb.dll

2011-07-02 20:56:58 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe

2011-07-02 20:56:57 75264 ----a-w- C:\Windows\System32\msscntrs.dll

2011-07-02 20:56:57 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll

2011-07-02 20:56:57 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll

.

==================== Find3M ====================

.

2011-07-06 23:52:42 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-06 23:52:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-06-22 19:27:09 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys

2011-06-03 06:57:45 362496 ----a-w- C:\Windows\System32\wow64win.dll

2011-06-03 06:57:45 243200 ----a-w- C:\Windows\System32\wow64.dll

2011-06-03 06:57:45 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2011-06-03 06:57:44 214528 ----a-w- C:\Windows\System32\winsrv.dll

2011-06-03 06:57:38 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll

2011-06-03 06:53:33 338944 ----a-w- C:\Windows\System32\conhost.exe

2011-06-03 06:00:53 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2011-06-03 05:57:33 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2011-06-03 05:56:12 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2011-06-03 03:53:31 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2011-06-03 03:53:31 2048 ----a-w- C:\Windows\SysWow64\user.exe

2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-06-02 18:39:46 175616 ----a-w- C:\Windows\System32\msclmd.dll

2011-06-02 18:39:46 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2011-05-24 23:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe

2011-05-04 08:52:22 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-05-03 05:29:29 976896 ----a-w- C:\Windows\System32\inetcomm.dll

2011-05-03 04:30:02 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll

2011-04-29 03:06:10 467456 ----a-w- C:\Windows\System32\drivers\srv.sys

2011-04-29 03:05:49 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys

2011-04-29 03:05:37 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2011-04-28 03:55:08 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys

2011-04-27 02:40:40 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys

2011-04-27 02:39:40 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-04-27 02:39:37 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys

.

============= FINISH: 17:03:33.61 ===============

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.