Jump to content

SoulAmiss

Honorary Members
  • Posts

    25
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Looks like it worked. Malewarebytes isn't finding anything. Adobe Acrobat X Pro - English, Français, Deutsch Adobe AIR Adobe Creative Suite 6 Master Collection Adobe Download Assistant Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Help Manager Adobe Media Player Adobe Reader 9.5.2 Adobe Shockwave Player 11.5 Adobe Widget Browser Adobe® Content Viewer Akamai NetSession Interface Akamai NetSession Interface Service Amazon MP3 Downloader 1.0.17 Apple Application Support Apple Software Update Banctec Service Agreement bl Complete Care Consumer Service Agreement ConvertHelper 2.2 D3DX10 Dell DataSafe Local Backup Dell DataSafe Local Backup - Support Software Dell Getting Started Guide DirectXInstallService EA Download Manager EA Download Manager UI EMC 10 Content Facebook Plug-In GoToAssist 8.0.0.514 HiJackThis HMA! Pro VPN 2.6.9 IrfanView (remove only) Java Auto Updater Java 6 Update 30 Junk Mail filter update Lexmark 640 Series Malwarebytes Anti-Malware version 1.65.1.1000 McAfee SecurityCenter Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft_VC80_CRT_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFCLOC_x86 Mozilla Firefox 16.0.2 (x86 en-US) Mozilla Maintenance Service MSN Toolbar MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NavNet NirSoft Mail PassView NVIDIA PhysX PatchBeam PDF Settings CS6 ph Photocensoredet PowerArchiver 2011 QuickTime Realtek High Definition Audio Driver Roxio Activation Module Roxio BackOnTrack Roxio Central Audio Roxio Central Copy Roxio Central Core Roxio Central Data Roxio Central Tools Roxio Easy CD and DVD Burning Roxio Express Labeler 3 Roxio Update Manager Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Sonic CinePlayer Decoder Pack SoulSeek 157 NS 13e Spelling Dictionaries Support For Adobe Reader 9 STK03N The Sims™ 2 Double Deluxe Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 VLC media player 1.0.2 Vuze Winamp Winamp Detector Plug-in Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Player Firefox Plugin WordPerfect Office 2002 Yahoo! Detect
  2. ComboFix 12-12-02.01 - I'm Lee 12/02/2012 19:08:18.3.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.4786 [GMT -6:00] Running from: c:\users\I'm Lee\Desktop\ComboFix.exe Command switches used :: c:\users\I'm Lee\Desktop\CFScript.txt AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Resident AV is active . . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\svchost.exe . . ((((((((((((((((((((((((( Files Created from 2012-11-03 to 2012-12-03 ))))))))))))))))))))))))))))))) . . 2012-12-03 01:17 . 2012-12-03 01:17 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-12-03 01:17 . 2012-12-03 01:17 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-02 14:33 . 2012-12-02 14:34 856731 ----a-w- c:\users\I'm Lee\AppData\Roaming\Microsoft\Windows\Network Shortcuts\SecurityCheck.exe 2012-12-01 20:12 . 2012-12-01 20:12 388096 ----a-r- c:\users\I'm Lee\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-12-01 20:12 . 2012-12-01 20:12 -------- d-----w- c:\program files (x86)\Trend Micro 2012-12-01 20:10 . 2012-12-01 20:10 1402880 ----a-w- c:\users\I'm Lee\AppData\Roaming\Microsoft\Windows\Network Shortcuts\HiJackThis.msi 2012-11-29 20:09 . 2012-12-01 22:01 -------- d-----w- c:\users\I'm Lee\AppData\Roaming\Sogo 2012-11-29 20:08 . 2012-11-29 20:08 -------- d-----w- c:\windows\Sun 2012-11-15 20:17 . 2012-11-15 20:17 -------- d-----w- c:\users\I'm Lee\AppData\Local\Google 2012-11-15 18:27 . 2008-07-20 21:46 -------- d-----w- c:\program files\FlashOffliner v1.0 2012-11-15 18:25 . 2012-11-15 18:47 -------- d-----w- c:\program files (x86)\FlashOffliner 2012-11-15 17:17 . 2012-11-15 17:17 -------- d-----w- c:\users\I'm Lee\AppData\Roaming\FlashGet 2012-11-15 17:08 . 2012-11-15 19:44 -------- d-----w- c:\program files (x86)\FlashGet 2012-11-15 09:07 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2012-11-15 09:07 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-15 09:07 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-15 09:07 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-15 09:00 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-15 09:00 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-15 09:00 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-15 09:00 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-15 09:00 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-15 09:00 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-15 09:00 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-04 13:42 . 2012-11-04 13:42 -------- d-----w- c:\users\I'm Lee\AppData\Roaming\PDAppFlex . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-15 18:58 . 2012-06-17 13:52 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-11-15 18:58 . 2012-06-17 13:52 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-11-15 09:01 . 2010-01-24 15:36 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-10-16 08:38 . 2012-11-28 02:08 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-28 02:08 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-28 02:08 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-09-30 00:54 . 2012-06-17 14:10 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-14 19:19 . 2012-10-10 04:33 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-10 04:33 2048 ----a-w- c:\windows\SysWow64\tzres.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184] "ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136] "Akamai NetSession Interface"="c:\users\I'm Lee\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-06-25 1073352] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776] . c:\users\I'm Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ P2 Card Manager.lnk - c:\program files\Panasonic P2\Drivers\App\P2TaskTray.exe [2007-3-8 14336] STK03N PNP Monitor.lnk - c:\windows\STK03N\STK03NM.exe [2011-9-9 163840] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x] R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\DRIVERS\ubsbm.sys [2010-02-26 24064] R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\DRIVERS\ubumapi.sys [2010-02-26 92160] R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-06-22 106112] R3 p2usb;Panasonic P2 Series USB Device;c:\windows\system32\DRIVERS\p2usb.sys [2011-05-23 30208] R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\DRIVERS\ubohci.sys [2010-02-26 132608] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-24 1255736] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-04-16 14464] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-06-22 335784] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-06-22 218320] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-06-22 177144] S2 p2csvc;p2csvc;c:\windows\system32\p2csvc.exe [2008-07-25 67072] S2 p2csvc32;p2csvc32;c:\windows\SysWOW64\p2csvc32.exe [2008-07-25 61440] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-09-17 656624] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-06-22 69672] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-06-22 513456] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-05 216064] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 57049194 *NewlyCreated* - 65807257 *Deregistered* - 57049194 *Deregistered* - 65807257 *Deregistered* - aswMBR *Deregistered* - mfeavfk01 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder . 2012-12-03 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-17 18:58] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-23 7833120] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html TCP: DhcpNameServer = 97.64.168.12 97.64.183.165 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll FF - ProfilePath - c:\users\I'm Lee\AppData\Roaming\Mozilla\Firefox\Profiles\vv00rrof.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.photobucket.com . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) SafeBoot-65807257.sys . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90, 43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{27B4851A-3207-45A2-B947-BE8AFE6163AB}"=hex:51,66,7a,6c,4c,1d,38,12,74,86,a7, 23,35,7c,cc,00,c6,51,fd,ca,fb,3f,27,bf "{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac, 6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f, aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84, f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:00,21,c9,f8,c8,ce,cd,01 . [HKEY_USERS\S-1-5-21-565956605-2893480571-1785055309-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-565956605-2893480571-1785055309-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2607047~31bf3856ad364e35~amd64~~6.1.1.1] @DACL=(02 0000) "ApplicabilityState"=dword:00000000 "CurrentState"=dword:00000000 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2618444~31bf3856ad364e35~amd64~~9.4.1.0] @DACL=(02 0000) "ApplicabilityState"=dword:00000070 "CurrentState"=dword:00000000 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2618451~31bf3856ad364e35~amd64~~6.1.1.0] @DACL=(02 0000) "ApplicabilityState"=dword:00000070 "CurrentState"=dword:00000000 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2619339~31bf3856ad364e35~amd64~~6.1.1.0] @DACL=(02 0000) "ApplicabilityState"=dword:00000070 "CurrentState"=dword:00000000 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2620712~31bf3856ad364e35~amd64~~6.1.1.0] @DACL=(02 0000) "ApplicabilityState"=dword:00000070 "CurrentState"=dword:00000000 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2621146~31bf3856ad364e35~amd64~~6.1.1.0] @DACL=(02 0000) "ApplicabilityState"=dword:00000000 "CurrentState"=dword:00000000 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2633952~31bf3856ad364e35~amd64~~6.1.1.0] @DACL=(02 0000) "ApplicabilityState"=dword:00000070 "CurrentState"=dword:00000000 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2639417~31bf3856ad364e35~amd64~~6.1.1.3] @DACL=(02 0000) "ApplicabilityState"=dword:00000070 "CurrentState"=dword:00000000 . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*] "value"="?\0a\01\0a\15\1b8N" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-12-02 19:19:08 ComboFix-quarantined-files.txt 2012-12-03 01:19 ComboFix2.txt 2012-12-02 20:51 ComboFix3.txt 2012-07-01 22:47 . Pre-Run: 247,560,876,032 bytes free Post-Run: 247,516,356,608 bytes free . - - End Of File - - 226D9236A1CD70D5FBC05DB5229918CE
  3. ok. Just took forever. aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software Run date: 2012-12-02 15:50:49 ----------------------------- 15:50:49.395 OS Version: Windows x64 6.1.7601 Service Pack 1 15:50:49.395 Number of processors: 8 586 0x1A05 15:50:49.395 ComputerName: SASSAFRASQUATCH UserName: I'm Lee 15:50:56.415 Initialize success 15:52:09.904 AVAST engine defs: 12120101 16:08:35.711 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2 16:08:35.711 Disk 0 Vendor: SAMSUNG_ 1AA0 Size: 610480MB BusType: 3 16:08:35.727 Disk 0 MBR read successfully 16:08:35.727 Disk 0 MBR scan 16:08:35.727 Disk 0 Windows VISTA default MBR code 16:08:35.743 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63 16:08:35.743 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 9342 MB offset 81920 16:08:35.774 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 601097 MB offset 19214336 16:08:35.789 Disk 0 scanning C:\Windows\system32\drivers 16:08:45.961 Service scanning 16:09:05.586 Modules scanning 16:09:05.586 Disk 0 trace - called modules: 16:09:05.617 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 16:09:06.116 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007ea7060] 16:09:06.116 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa8007b4d050] 16:09:07.551 AVAST engine scan C:\Windows 16:09:10.609 AVAST engine scan C:\Windows\system32 16:12:21.506 AVAST engine scan C:\Windows\system32\drivers 16:12:33.503 AVAST engine scan C:\Users\I'm Lee 17:18:25.273 AVAST engine scan C:\ProgramData 18:41:33.251 Scan finished successfully 18:54:03.020 Disk 0 MBR has been saved successfully to "C:\Users\I'm Lee\Desktop\MBR.dat" 18:54:03.020 The log file has been saved successfully to "C:\Users\I'm Lee\Desktop\aswMBR.txt"
  4. How do I know when this aswMBR is done running? It's said "scanning: C:\ProgramData\Dell\DellDock\uninstaller.exe" for over an hour now.
  5. 15:47:48.0961 3936 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 15:47:49.0476 3936 ============================================================ 15:47:49.0476 3936 Current date / time: 2012/12/02 15:47:49.0476 15:47:49.0476 3936 SystemInfo: 15:47:49.0476 3936 15:47:49.0476 3936 OS Version: 6.1.7601 ServicePack: 1.0 15:47:49.0476 3936 Product type: Workstation 15:47:49.0476 3936 ComputerName: SASSAFRASQUATCH 15:47:49.0476 3936 UserName: I'm Lee 15:47:49.0476 3936 Windows directory: C:\Windows 15:47:49.0476 3936 System windows directory: C:\Windows 15:47:49.0476 3936 Running under WOW64 15:47:49.0476 3936 Processor architecture: Intel x64 15:47:49.0476 3936 Number of processors: 8 15:47:49.0476 3936 Page size: 0x1000 15:47:49.0476 3936 Boot type: Normal boot 15:47:49.0476 3936 ============================================================ 15:47:50.0927 3936 BG loaded 15:47:52.0425 3936 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 15:47:52.0445 3936 ============================================================ 15:47:52.0445 3936 \Device\Harddisk0\DR0: 15:47:52.0445 3936 MBR partitions: 15:47:52.0445 3936 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x123F000 15:47:52.0445 3936 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1253000, BlocksNum 0x49604800 15:47:52.0445 3936 ============================================================ 15:47:52.0585 3936 C: <-> \Device\Harddisk0\DR0\Partition2 15:47:52.0585 3936 ============================================================ 15:47:52.0585 3936 Initialize success 15:47:52.0585 3936 ============================================================ 15:48:13.0908 2684 Deinitialize success
  6. ComboFix 12-12-02.01 - I'm Lee 12/02/2012 14:30:36.2.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.6463 [GMT -6:00] Running from: c:\users\I'm Lee\Downloads\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Microsoft\Windows\DRM\144F.tmp c:\programdata\Microsoft\Windows\DRM\146F.tmp c:\users\I'm Lee\AppData\Roaming\Doogi c:\users\I'm Lee\AppData\Roaming\Doogi\ingi.ahy c:\users\I'm Lee\AppData\Roaming\PhotoBucketeer.exe c:\users\I'm Lee\AppData\Roaming\Ytpaq c:\users\I'm Lee\AppData\Roaming\Ytpaq\abfiy.exe c:\windows\svchost.exe . . ((((((((((((((((((((((((( Files Created from 2012-11-02 to 2012-12-02 ))))))))))))))))))))))))))))))) . . 2012-12-02 20:42 . 2012-12-02 20:42 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-12-02 20:42 . 2012-12-02 20:42 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-02 14:33 . 2012-12-02 14:34 856731 ----a-w- c:\users\I'm Lee\AppData\Roaming\Microsoft\Windows\Network Shortcuts\SecurityCheck.exe 2012-12-01 20:12 . 2012-12-01 20:12 388096 ----a-r- c:\users\I'm Lee\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-12-01 20:12 . 2012-12-01 20:12 -------- d-----w- c:\program files (x86)\Trend Micro 2012-12-01 20:10 . 2012-12-01 20:10 1402880 ----a-w- c:\users\I'm Lee\AppData\Roaming\Microsoft\Windows\Network Shortcuts\HiJackThis.msi 2012-11-29 20:09 . 2012-12-01 22:01 -------- d-----w- c:\users\I'm Lee\AppData\Roaming\Sogo 2012-11-29 20:08 . 2012-11-29 20:08 -------- d-----w- c:\windows\Sun 2012-11-15 20:17 . 2012-11-15 20:17 -------- d-----w- c:\users\I'm Lee\AppData\Local\Google 2012-11-15 18:27 . 2008-07-20 21:46 -------- d-----w- c:\program files\FlashOffliner v1.0 2012-11-15 18:25 . 2012-11-15 18:47 -------- d-----w- c:\program files (x86)\FlashOffliner 2012-11-15 17:17 . 2012-11-15 17:17 -------- d-----w- c:\users\I'm Lee\AppData\Roaming\FlashGet 2012-11-15 17:08 . 2012-11-15 19:44 -------- d-----w- c:\program files (x86)\FlashGet 2012-11-15 09:07 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2012-11-15 09:07 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-15 09:07 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-15 09:07 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-15 09:00 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-15 09:00 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-15 09:00 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-15 09:00 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-15 09:00 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-15 09:00 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-15 09:00 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-04 13:42 . 2012-11-04 13:42 -------- d-----w- c:\users\I'm Lee\AppData\Roaming\PDAppFlex . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-15 18:58 . 2012-06-17 13:52 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-11-15 18:58 . 2012-06-17 13:52 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-11-15 09:01 . 2010-01-24 15:36 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-10-16 08:38 . 2012-11-28 02:08 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-28 02:08 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-28 02:08 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-09-30 00:54 . 2012-06-17 14:10 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-14 19:19 . 2012-10-10 04:33 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-10 04:33 2048 ----a-w- c:\windows\SysWow64\tzres.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184] "ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136] "Akamai NetSession Interface"="c:\users\I'm Lee\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-06-25 1073352] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776] . c:\users\I'm Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ P2 Card Manager.lnk - c:\program files\Panasonic P2\Drivers\App\P2TaskTray.exe [2007-3-8 14336] STK03N PNP Monitor.lnk - c:\windows\STK03N\STK03NM.exe [2011-9-9 163840] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x] R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\DRIVERS\ubsbm.sys [2010-02-26 24064] R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\DRIVERS\ubumapi.sys [2010-02-26 92160] R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-06-22 106112] R3 p2usb;Panasonic P2 Series USB Device;c:\windows\system32\DRIVERS\p2usb.sys [2011-05-23 30208] R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\DRIVERS\ubohci.sys [2010-02-26 132608] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-24 1255736] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-04-16 14464] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-06-22 335784] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-06-22 218320] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-06-22 177144] S2 p2csvc;p2csvc;c:\windows\system32\p2csvc.exe [2008-07-25 67072] S2 p2csvc32;p2csvc32;c:\windows\SysWOW64\p2csvc32.exe [2008-07-25 61440] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-09-17 656624] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-06-22 69672] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-06-22 513456] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-05 216064] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040] . . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder . 2012-12-02 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-17 18:58] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-23 7833120] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html TCP: DhcpNameServer = 97.64.168.12 97.64.183.165 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll FF - ProfilePath - c:\users\I'm Lee\AppData\Roaming\Mozilla\Firefox\Profiles\vv00rrof.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.photobucket.com . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-AdobeBridge - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90, 43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{27B4851A-3207-45A2-B947-BE8AFE6163AB}"=hex:51,66,7a,6c,4c,1d,38,12,74,86,a7, 23,35,7c,cc,00,c6,51,fd,ca,fb,3f,27,bf "{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac, 6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f, aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84, f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:00,21,c9,f8,c8,ce,cd,01 . [HKEY_USERS\S-1-5-21-565956605-2893480571-1785055309-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-565956605-2893480571-1785055309-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2607047~31bf3856ad364e35~amd64~~6.1.1.1] @DACL=(02 0000) "ApplicabilityState"=dword:00000000 "CurrentState"=dword:00000000 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2618444~31bf3856ad364e35~amd64~~9.4.1.0] @DACL=(02 0000) "ApplicabilityState"=dword:00000070 "CurrentState"=dword:00000000 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2618451~31bf3856ad364e35~amd64~~6.1.1.0] @DACL=(02 0000) "ApplicabilityState"=dword:00000070 "CurrentState"=dword:00000000 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2619339~31bf3856ad364e35~amd64~~6.1.1.0] @DACL=(02 0000) "ApplicabilityState"=dword:00000070 "CurrentState"=dword:00000000 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2620712~31bf3856ad364e35~amd64~~6.1.1.0] @DACL=(02 0000) "ApplicabilityState"=dword:00000070 "CurrentState"=dword:00000000 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2621146~31bf3856ad364e35~amd64~~6.1.1.0] @DACL=(02 0000) "ApplicabilityState"=dword:00000000 "CurrentState"=dword:00000000 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2633952~31bf3856ad364e35~amd64~~6.1.1.0] @DACL=(02 0000) "ApplicabilityState"=dword:00000070 "CurrentState"=dword:00000000 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2639417~31bf3856ad364e35~amd64~~6.1.1.3] @DACL=(02 0000) "ApplicabilityState"=dword:00000070 "CurrentState"=dword:00000000 . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*] "value"="?\0a\01\0a\15\1b8N" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\\.\globalroot\systemroot\svchost.exe . ************************************************************************** . Completion time: 2012-12-02 14:51:43 - machine was rebooted ComboFix-quarantined-files.txt 2012-12-02 20:51 ComboFix2.txt 2012-07-01 22:47 . Pre-Run: 185,807,908,864 bytes free Post-Run: 248,776,511,488 bytes free . - - End Of File - - C029463410CB5E88A5F83917635954B5 Do not know if computer is any better yet.
  7. RogueKiller V8.3.1 [Dec 2 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : I'm Lee [Admin rights] Mode : Remove -- Date : 12/02/2012 08:53:20 ¤¤¤ Bad processes : 1 ¤¤¤ [sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 4 ¤¤¤ [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> REPLACED (0) [HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> REPLACED (0) [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG HD642JJ +++++ --- User --- [MBR] bc17261b85527aa1356e67a794d2bfcb [bSP] 03e305809de40ceaf54bfec6cdaeba67 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 9342 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 19214336 | Size: 601097 Mo User != LL1 ... KO! --- LL1 --- [MBR] 292c49fbc0afcd788ede36921fb88b9a [bSP] 03e305809de40ceaf54bfec6cdaeba67 : Windows Vista MBR Code Partition table: 1 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 9342 Mo 3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 19214336 | Size: 601097 Mo User != LL2 ... KO! --- LL2 --- [MBR] 292c49fbc0afcd788ede36921fb88b9a [bSP] 03e305809de40ceaf54bfec6cdaeba67 : Windows Vista MBR Code Partition table: 1 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 9342 Mo 3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 19214336 | Size: 601097 Mo Finished : << RKreport[2]_D_12022012_02d0853.txt >> RKreport[1]_S_12022012_02d0853.txt ; RKreport[2]_D_12022012_02d0853.txt
  8. # AdwCleaner v2.010 - Logfile created 12/02/2012 at 08:45:17 # Updated 29/11/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : I'm Lee - SASSAFRASQUATCH # Boot Mode : Normal # Running from : C:\Users\I'm Lee\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v16.0.2 (en-US) Profile name : default File : C:\Users\I'm Lee\AppData\Roaming\Mozilla\Firefox\Profiles\vv00rrof.default\prefs.js [OK] File is clean. ************************* AdwCleaner[R1].txt - [1998 octets] - [01/12/2012 17:41:11] AdwCleaner[R2].txt - [2058 octets] - [01/12/2012 17:41:53] AdwCleaner[R3].txt - [995 octets] - [01/12/2012 18:57:17] AdwCleaner[R4].txt - [1134 octets] - [02/12/2012 08:43:44] AdwCleaner[R5].txt - [1194 octets] - [02/12/2012 08:44:48] AdwCleaner[s1].txt - [2096 octets] - [01/12/2012 17:42:26] AdwCleaner[s2].txt - [1054 octets] - [01/12/2012 18:57:36] AdwCleaner[s3].txt - [1126 octets] - [02/12/2012 08:45:17] ########## EOF - C:\AdwCleaner[s3].txt - [1186 octets] ##########
  9. Here is the security check: Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! McAfee Anti-Virus and Anti-Spyware WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.1.1000 Java 6 Update 30 Java version out of Date! Adobe Flash Player 11.5.502.110 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox 16.0.2 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log``````````````````````
  10. So, this started with mcafee popping up and telling me that my fireall and real-time scanning has been turned off. It won't stay on. When I tried to log on to my amazon account, I got this message tellni me I needed to insert my credit card info and social security info and whatnot so that Amazon could could verify me as a customer. I entered lots of fake stuff logged off and changed my password on another computer. I ran malware bytes and it found 2 infections. I told it to fix em' and restart the computer. It restarted, I ran it again and they're still there. I tried to do a quick scan in safe mode but the scan never completes. My computer's screen goes dark like it's hibernating or screen saving and doesn't come back from the darkness. I tried to come to this forum but it kept redirecting me to google every time. I've run malwarebytes and a couple other programs a few times now. The phishing scam seems gone and I can access this forum now. However, my firewall and real-time scanning keeps turning off and the two infections are found every time I run malwarebytes. I ran hijack this and have attached the log file. What now? hijackthis.log
  11. Deleted the drives but Windows never tried to refind them when I rebooted. Everything behaved as normal, as if I had no dvd drives.
  12. When I go to device manager they both have this neat little yellow sign with an exclamation on them. I have the option to disable them, making it appear my PC thinks they're enabled. I have disabled, re-enabled, updated driver, and removed and scanned for new hardware all to no avail. I did system restore after updating Itunes and it brought them back. Itunes no longer recognized my library anymore since it was made by a newer version of Itunes then, so I redownloaded Itunes and then relost my drives. Then I gave up.
  13. It's not finding anything and I still don't have dvd-roms. Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.07.09.14 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 I'm Lee :: SASSAFRASQUATCH [administrator] Protection: Enabled 7/9/2012 9:13:06 PM mbam-log-2012-07-09 (21-13-06).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 919939 Time elapsed: 3 hour(s), 59 minute(s), 54 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  14. Sorry. Been busy. Still don't have dvd-roms. aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-07-06 11:41:08 ----------------------------- 11:41:08.683 OS Version: Windows x64 6.1.7601 Service Pack 1 11:41:08.684 Number of processors: 8 586 0x1A05 11:41:08.685 ComputerName: SASSAFRASQUATCH UserName: I'm Lee 11:41:10.094 Initialize success 11:45:53.240 AVAST engine defs: 12070600 11:48:32.730 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2 11:48:32.733 Disk 0 Vendor: SAMSUNG_ 1AA0 Size: 610480MB BusType: 3 11:48:32.735 Disk 1 \Device\Harddisk1\DR1 -> \Device\Sbp2\WD&My Book&0&0090a9d7_b813944d_Instance00 11:48:32.737 Disk 1 Vendor: WD______ 1025 Size: 476940MB BusType: 4 11:48:32.752 Disk 0 MBR read successfully 11:48:32.755 Disk 0 MBR scan 11:48:32.759 Disk 0 Windows VISTA default MBR code 11:48:32.761 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63 11:48:32.770 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 9342 MB offset 81920 11:48:32.789 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 601097 MB offset 19214336 11:48:32.814 Disk 0 scanning C:\Windows\system32\drivers 11:48:44.342 Service scanning 11:49:02.469 Modules scanning 11:49:02.808 Disk 0 trace - called modules: 11:49:02.831 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 11:49:02.837 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007ea3060] 11:49:02.841 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa8007b61050] 11:49:04.192 AVAST engine scan C:\Windows 11:49:09.898 AVAST engine scan C:\Windows\system32 11:52:15.517 AVAST engine scan C:\Windows\system32\drivers 11:52:26.217 AVAST engine scan C:\Users\I'm Lee 11:58:58.585 Disk 0 MBR has been saved successfully to "C:\Users\I'm Lee\Desktop\MBR.dat" 11:58:58.595 The log file has been saved successfully to "C:\Users\I'm Lee\Desktop\aswMBR.txt"
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.