Author Topic: Infected with zeroaccess rootkit!!! (Read 22009 times)

tsfc · « **on:** September 29, 2012, 12:05:41 PM »

I was infected with zeroaccess rootkit and attempted to remove it and it appears that it is gone however now my computer is running extremely slow while on the internet. Please HELP!!!

tsfc

Logs posted below:

# AdwCleaner v2.003 - Logfile created 09/29/2012 at 13:04:18
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Joshua - JOSHUA-PC
# Boot Mode : Normal
# Running from : C:\Users\Joshua\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\Users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\erpnoq27.default\searchplugins\Askcom.xml
Folder Found : C:\Program Files (x86)\Ask.com
Folder Found : C:\ProgramData\Ask
Folder Found : C:\Users\Joshua\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Joshua\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\erpnoq27.default\extensions\[email protected]
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKLM\Software\APN
Key Found : HKLM\Software\AskToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (en-US)

Profile name : default
File : C:\Users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\erpnoq27.default\prefs.js

Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("browser.search.defaultenginename", "Ask.com");
Found : user_pref("browser.search.order.1", "Ask.com");

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4411 octets] - [29/09/2012 13:04:18]

########## EOF - C:\AdwCleaner[R1].txt - [4471 octets] ##########

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.29.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Joshua :: JOSHUA-PC [administrator]

9/29/2012 12:37:01 PM
mbam-log-2012-09-29 (12-37-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203507
Time elapsed: 3 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Joshua at 12:43:29 on 2012-09-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2250 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\lxddcoms.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe
C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Windows\SysWOW64\REGEDIT.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page =
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120724204840.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [uTorrent] "C:\Users\Joshua\Pictures\uTorrent.exe" /MINIMIZED
uRun: [DelayShred] "c:\PROGRA~1\mcafee\mqs\ShrCL.EXE" /P5 /q "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\FXSAPI~1.TXT" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\ETILQS~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\Cookies" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5\index.dat" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Absolute Notifier] "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
mRun: [<NO NAME>]
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{131BAE52-B0DC-4D5B-AEDB-DC73B4963255} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{131BAE52-B0DC-4D5B-AEDB-DC73B4963255}\2375942554330323 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{131BAE52-B0DC-4D5B-AEDB-DC73B4963255}\2375942554339333 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{131BAE52-B0DC-4D5B-AEDB-DC73B4963255}\2375942554931373 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{131BAE52-B0DC-4D5B-AEDB-DC73B4963255}\84F6C6964616970294E6E60224561657D6F6E647 : DhcpNameServer = 4.2.2.2 4.2.2.3 8.8.8.8
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO-X64: Canon Easy-WebPrint EX BHO - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120724204840.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [Absolute Notifier] "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun-x64: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
mRun-x64: [(Default)]
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\erpnoq27.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - att.net
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Joshua\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AbsoluteNotifier;Absolute Notifier;C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2010-10-8 10408]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-1-14 89600]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-1-14 13336]
R2 lxdd_device;lxdd_device;C:\Windows\system32\lxddcoms.exe -service --> C:\Windows\system32\lxddcoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-9 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-9 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-9 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-9 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-1-14 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-1-14 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe [2011-1-14 162192]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-1-14 1692480]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-1-14 2320920]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\system32\DRIVERS\bcmvwl64.sys --> C:\Windows\system32\DRIVERS\bcmvwl64.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-22 136176]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\lxddserv.exe [2007-5-25 34224]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-22 136176]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-7 129976]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-9 249936]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-09-29 17:35:43   25928   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2012-09-29 17:35:43   --------   d-----w-   C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-29 17:15:13   --------   d-----w-   C:\Program Files\CCleaner
2012-09-29 11:18:18   --------   d-----w-   C:\ProgramData\SUPERSetup
2012-09-29 11:10:59   --------   d-sh--w-   C:\$RECYCLE.BIN
2012-09-29 08:54:01   --------   d-----w-   C:\Users\Joshua\AppData\Roaming\USTechSupport
2012-09-29 08:52:19   --------   d-----w-   C:\ProgramData\USTechSupport
2012-09-28 19:53:21   69000   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7DB98C2F-38F0-4604-8868-78303CEDC956}\offreg.dll
2012-09-28 19:35:45   9308616   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7DB98C2F-38F0-4604-8868-78303CEDC956}\mpengine.dll
2012-09-26 21:39:22   245760   ----a-w-   C:\Windows\System32\OxpsConverter.exe
2012-09-24 22:45:04   --------   d-----w-   C:\Users\Joshua\AppData\Roaming\Softland
2012-09-24 22:45:03   24968   ----a-w-   C:\Windows\System32\dopdfmn7.dll
2012-09-24 22:45:03   21384   ----a-w-   C:\Windows\System32\dopdfmi7.dll
2012-09-24 22:45:02   1700352   ----a-w-   C:\Windows\System32\GdiPlus.dll
2012-09-24 22:44:59   --------   d-----w-   C:\Program Files\Softland
2012-09-21 22:59:43   1638912   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2012-09-21 22:59:42   1638912   ----a-w-   C:\Windows\System32\mshtml.tlb
2012-09-17 01:10:06   --------   d-----w-   C:\Users\Joshua\AppData\Local\CutePDF Writer
2012-09-17 01:09:08   --------   d-----w-   C:\Program Files (x86)\GPLGS
2012-09-16 01:58:11   87152   ----a-w-   C:\Windows\System32\cpwmon64.dll
2012-09-16 01:58:09   --------   d-----w-   C:\Program Files (x86)\Acro Software
2012-09-16 01:57:35   --------   d-----w-   C:\Program Files (x86)\Ask.com
2012-09-16 01:43:35   --------   d-----w-   C:\Users\Joshua\AppData\Local\PrimoPDFContent
2012-09-16 00:39:37   --------   d-----w-   C:\Users\Joshua\AppData\Roaming\PrimoPDF
2012-09-16 00:37:13   95008   ----a-w-   C:\Windows\System32\Primomonnt.dll
2012-09-16 00:37:10   --------   d-----w-   C:\Program Files (x86)\Nitro PDF
2012-09-15 21:56:36   --------   d-----w-   C:\Users\Joshua\AppData\Local\Amazon
2012-09-15 21:56:15   101680   ----a-w-   C:\Windows\System32\stkMonitor.dll
2012-09-15 21:56:12   --------   d-----w-   C:\Program Files (x86)\Amazon
2012-09-14 23:29:07   --------   d--h--w-   C:\ProgramData\CanonIJSolutionMenuEX
2012-09-14 23:29:06   --------   d--h--w-   C:\ProgramData\CanonIJEPPEX2
2012-09-14 23:29:06   --------   d--h--w-   C:\ProgramData\CanonEPP
2012-09-14 23:28:53   --------   d--h--w-   C:\ProgramData\CanonIJMyPrinter
2012-09-14 23:25:16   --------   d-----w-   C:\ProgramData\Canon IJ Network Tool
2012-09-14 23:14:46   --------   d--h--w-   C:\ProgramData\CanonIJFAX
2012-09-14 23:14:29   --------   d--h--w-   C:\ProgramData\CanonIJEGV
2012-09-14 23:10:18   --------   d-----w-   C:\Program Files\Common Files\CANON
2012-09-14 23:09:59   --------   d-----w-   C:\ProgramData\CanonIJWSpt
2012-09-14 23:06:35   --------   d-----w-   C:\Program Files\Canon
2012-09-14 23:03:17   --------   d-----w-   C:\ProgramData\CanonIJPLM
2012-09-14 23:02:54   --------   d--h--w-   C:\ProgramData\CanonIJETV
2012-09-14 23:02:19   --------   d-----w-   C:\Program Files (x86)\Canon
2012-09-12 16:59:34   950128   ----a-w-   C:\Windows\System32\drivers\ndis.sys
2012-09-12 16:59:34   41472   ----a-w-   C:\Windows\System32\drivers\RNDISMP.sys
2012-09-12 16:59:33   574464   ----a-w-   C:\Windows\System32\d3d10level9.dll
2012-09-12 16:59:29   490496   ----a-w-   C:\Windows\SysWow64\d3d10level9.dll
2012-09-12 16:59:27   376688   ----a-w-   C:\Windows\System32\drivers\netio.sys
2012-09-12 16:59:27   288624   ----a-w-   C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-12 16:59:27   1913200   ----a-w-   C:\Windows\System32\drivers\tcpip.sys
.
==================== Find3M ====================
.
2012-08-24 18:05:06   1188864   ----a-w-   C:\Windows\System32\wininet.dll
2012-08-24 16:57:48   981504   ----a-w-   C:\Windows\SysWow64\wininet.dll
2012-07-24 00:37:36   0   ----a-w-   C:\Windows\SysWow64\sho8B2F.tmp
2012-07-18 18:15:06   3148800   ----a-w-   C:\Windows\System32\win32k.sys
2012-07-06 20:07:42   552960   ----a-w-   C:\Windows\System32\drivers\bthport.sys
2012-07-04 22:13:27   59392   ----a-w-   C:\Windows\System32\browcli.dll
2012-07-04 22:13:27   136704   ----a-w-   C:\Windows\System32\browser.dll
2012-07-04 21:14:34   41984   ----a-w-   C:\Windows\SysWow64\browcli.dll
.
============= FINISH: 12:44:03.70 ===============

SuperDave · « **Reply #1 on:** September 29, 2012, 12:13:28 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Remove the Adware:

Please close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with OK
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile in your reply.
You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

**************************************************************
I am required to give you this warning.

It appears your system is infected with a rootkit. A rootkit is a powerful piece of malware, that allows hackers full control over your computer for means of sending attacks over the Internet, or using your computer to generate revenue.

Malware experts have recommended that we make it clear that with the system under control of a hacker, your computer might become impossible to clean 100%.

Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. They can disable your antivirus and security tools to prevent detection and removal. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is sent back to the hacker. To learn more about these types of infections, you can refer to:

What danger is presented by rootkits?
Rootkits and how to combat them
r00tkit Analysis: What Is A Rootkit

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. Do NOT change passwords or do any transactions while using the infected computer because the attacker may get the new passwords and transaction information. (If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again.) Banking and credit card institutions should be notified to apprise them of your situation (possible security breach). To protect your information that may have been compromised, I recommend reading these references:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
What Should I Do If I've Become A Victim Of Identity Theft?
Identity Theft Victims Guide - What to do
It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot
be completely cleaned or repaired so you can never be sure that you have completely removed a rootkit. The malware may leave so many remnants behind that security tools cannot find them. Tools that claim to be able to remove rootkits cannot guarantee that all traces of it will be removed. Many experts in the security community believe that once infected with such a piece of malware, the best course of action would be a reformat and clean reinstall of the OS. This is something I don't like to recommend normally, but in most cases it is the best solution for your safety. Making this decision is based on what the computer is used for, and what information can be accessed from it. For more information, please read these references very carefully:
When should I re-format? How should I reinstall?
Help: I Got Hacked. Now What Do I Do?
Help: I Got Hacked. Now What Do I Do? Part II
Where to draw the line? When to recommend a format and reinstall?

Guides for format and reinstall:

how-to-reformat-and-reinstall-your-operating-system-the-easy-way

However, if you do not have the resources to reinstall your computer's OS and would like me to attempt to clean it, I will be happy to do so. But please consider carefully before deciding against a reformat.
If you do make that decision, I will do my best to help you clean the computer of any infections, but you must understand that once a machine has been taken over by this type of malware, I cannot guarantee that it will be 100% secure even after disinfection or that the removal will be successful.

Please let me know what you have decided to do in your next post. Should you have any questions, please feel free to ask.

tsfc · « **Reply #2 on:** September 29, 2012, 12:37:09 PM »

I would like to try everything before I have to do a re-format

hopefully you will be able to help me.

adw log posted below.

# AdwCleaner v2.003 - Logfile created 09/29/2012 at 13:36:31
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Joshua - JOSHUA-PC
# Boot Mode : Normal
# Running from : C:\Users\Joshua\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\erpnoq27.default\searchplugins\Askcom.xml
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Users\Joshua\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Joshua\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\erpnoq27.default\extensions\[email protected]
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v12.0 (en-US)

Profile name : default
File : C:\Users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\erpnoq27.default\prefs.js

Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4532 octets] - [29/09/2012 13:04:18]
AdwCleaner[S1].txt - [5172 octets] - [29/09/2012 13:36:31]

########## EOF - C:\AdwCleaner[S1].txt - [5232 octets] ##########

SuperDave · « **Reply #3 on:** September 29, 2012, 05:36:43 PM »

Download Farbar Recovery Scan Tool and save it to a flash drive.

Please make sure to download the 64-bit version.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[/list]

Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst64 and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to the disclaimer.
Place a check next to List Drivers MD5 as well as the default check marks that are already there
Press Scan button.
type exit and reboot the computer normally
FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.

tsfc · « **Reply #4 on:** September 29, 2012, 10:52:51 PM »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-09-2012 01
Ran by SYSTEM at 30-09-2012 01:49:16
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet002

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-06-18] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1890088 2010-03-17] (Synaptics Incorporated)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5712896 2010-02-02] (Dell Inc.)
HKLM\...\Run: [lxddmon.exe] "C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe" [291760 2007-06-11] ()
HKLM\...\Run: [lxddamon] "C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe" [20480 2007-04-30] ()
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2780776 2011-07-19] (CANON INC.)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-06-08] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1675160 2012-03-21] (McAfee, Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807680 2010-02-09] ()
HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [Absolute Notifier] "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe" [86184 2010-10-08] (Absolute Software)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-12-15] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon [1637496 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE [439440 2011-09-27] (CANON INC.)
HKLM-x32\...\Run: []

HKU\Joshua\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-02-22] (Google Inc.)
HKU\Joshua\...\Run: [uTorrent] "C:\Users\Joshua\Pictures\uTorrent.exe" /MINIMIZED [880528 2012-06-08] (BitTorrent, Inc.)
HKU\Joshua\...\Run: [DelayShred] "c:\PROGRA~1\mcafee\mqs\ShrCL.EXE" /P5 /q "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\FXSAPI~1.TXT" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\ETILQS~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\Cookies" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5\index.dat" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5" [129184 2012-03-22] ()
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-12] (Dell)
HKLM-x32\...\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [165184 2011-08-01] (Softthinks)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) ===================

2 AbsoluteNotifier; "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe" [10408 2010-10-08] (Microsoft)
2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2011-09-06] ()
2 lxdd_device; C:\Windows\system32\lxddcoms.exe -service [567216 2007-05-25] ( )
2 lxdd_device; C:\Windows\SysWow64\lxddcoms.exe -service [537520 2007-05-25] ( )
2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation)
2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
3 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [502064 2012-08-23] (McAfee, Inc.)
4 McOobeSv; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199272 2012-03-20] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [210584 2012-03-20] (McAfee, Inc.)
2 mfevtp; "C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe" [162192 2012-03-20] (McAfee, Inc.)
2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)

==================== Drivers (Whitelisted) =====================

3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [65264 2012-02-22] (McAfee, Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-07] (Malwarebytes Corporation)
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [160792 2012-02-22] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [229528 2012-02-22] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [487296 2012-02-22] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [647208 2012-02-22] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [289664 2012-02-22] (McAfee, Inc.)
3 catchme; \??\C:\ComboFix\catchme.sys

3 mfeavfk01;

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2012-09-30 00:34 - 2012-09-30 00:34 - 00000089 ____A C:\data
2012-09-30 00:32 - 2012-09-30 00:45 - 00000000 ____D C:\Program Files (x86)\DownloadManager
2012-09-29 13:38 - 2012-09-30 00:29 - 00000224 ____A C:\Windows\setupact.log
2012-09-29 13:38 - 2012-09-29 13:38 - 00000456 ____A C:\Windows\PFRO.log
2012-09-29 13:38 - 2012-09-29 13:38 - 00000000 ____A C:\Windows\setuperr.log
2012-09-29 13:36 - 2012-09-29 13:36 - 00005289 ____A C:\AdwCleaner[S1].txt
2012-09-29 13:04 - 2012-09-29 13:04 - 00004532 ____A C:\AdwCleaner[R1].txt
2012-09-29 12:54 - 2012-09-29 12:55 - 00003456 ____A C:\Users\Joshua\My Documents\cc_20120929_125451.reg
2012-09-29 12:54 - 2012-09-29 12:55 - 00003456 ____A C:\Users\Joshua\Documents\cc_20120929_125451.reg
2012-09-29 12:42 - 2012-09-29 12:43 - 00607260 ____R (Swearware) C:\Users\Joshua\Desktop\dds.scr
2012-09-29 12:35 - 2012-09-29 12:35 - 00001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-29 12:35 - 2012-09-29 12:35 - 00001071 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-29 12:35 - 2012-09-29 12:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-29 12:35 - 2012-09-07 17:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-29 12:33 - 2012-09-29 12:34 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\Joshua\Desktop\mbam-setup-1.65.0.1400.exe
2012-09-29 12:25 - 2012-09-29 12:25 - 00513501 ____A C:\Users\Joshua\Desktop\adwcleaner.exe
2012-09-29 12:15 - 2012-09-29 12:15 - 00000824 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-09-29 12:15 - 2012-09-29 12:15 - 00000824 ____A C:\Users\All Users\Desktop\CCleaner.lnk
2012-09-29 12:15 - 2012-09-29 12:15 - 00000000 ____D C:\Program Files\CCleaner
2012-09-29 12:13 - 2012-09-29 12:14 - 03941312 ____A (Piriform Ltd) C:\Users\Joshua\Desktop\ccsetup323.exe
2012-09-29 11:37 - 2012-09-29 11:37 - 00302592 ____A C:\Users\Joshua\Downloads\c7bkzkj7.exe
2012-09-29 10:33 - 2012-09-29 10:33 - 00000000 ____A C:\Users\Joshua\Desktop\zk2f8py0.reg
2012-09-29 10:29 - 2012-09-29 10:29 - 00302592 ____A C:\Users\Joshua\Desktop\zk2f8py0.exe
2012-09-29 06:18 - 2012-09-29 06:18 - 00000000 ____D C:\Users\All Users\SUPERSetup
2012-09-29 06:18 - 2012-09-29 06:18 - 00000000 ____D C:\Users\All Users\Application Data\SUPERSetup
2012-09-29 05:13 - 2012-09-29 05:13 - 00019277 ____A C:\ComboFix.txt
2012-09-29 05:12 - 2012-09-29 06:00 - 00000000 ____D C:\Windows\erdnt
2012-09-29 03:54 - 2012-09-29 04:11 - 00000000 ____D C:\Users\Joshua\Application Data\USTechSupport
2012-09-29 03:54 - 2012-09-29 04:11 - 00000000 ____D C:\Users\Joshua\AppData\Roaming\USTechSupport
2012-09-29 03:52 - 2012-09-29 04:15 - 00000000 ____D C:\Users\All Users\USTechSupport
2012-09-29 03:52 - 2012-09-29 04:15 - 00000000 ____D C:\Users\All Users\Application Data\USTechSupport
2012-09-29 03:52 - 2012-09-29 03:52 - 02163864 ____A (US Tech Support LLC) C:\Users\Joshua\Downloads\MaxMySpeed.exe
2012-09-26 16:39 - 2012-08-21 16:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-09-24 17:45 - 2012-09-24 17:45 - 00000000 ____D C:\Users\Joshua\Application Data\Softland
2012-09-24 17:45 - 2012-09-24 17:45 - 00000000 ____D C:\Users\Joshua\AppData\Roaming\Softland
2012-09-24 17:45 - 2012-05-17 08:45 - 00024968 ____A (Softland) C:\Windows\System32\dopdfmn7.dll
2012-09-24 17:45 - 2012-05-17 08:45 - 00021384 ____A (Softland) C:\Windows\System32\dopdfmi7.dll
2012-09-24 17:45 - 2010-11-25 12:17 - 00007549 ____A C:\Windows\System32\dopdf7.ctm
2012-09-24 17:45 - 2010-02-05 15:00 - 01700352 ____A (Microsoft Corporation) C:\Windows\System32\GdiPlus.dll
2012-09-24 17:44 - 2012-09-24 17:44 - 04238448 ____A (Softland ) C:\Users\Joshua\Downloads\dopdf-7.exe
2012-09-24 17:44 - 2012-09-24 17:44 - 00000000 ____D C:\Program Files\Softland
2012-09-23 11:40 - 2012-09-23 11:40 - 00057560 ____A C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2012-09-21 18:01 - 2012-08-24 13:05 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-09-21 18:01 - 2012-08-24 13:03 - 09056256 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-09-21 18:01 - 2012-08-24 13:03 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-09-21 18:01 - 2012-08-24 13:02 - 12295680 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-09-21 18:01 - 2012-08-24 11:57 - 06028800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-09-21 18:01 - 2012-08-24 11:57 - 01231872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-09-21 18:01 - 2012-08-24 11:57 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-09-21 18:01 - 2012-08-24 11:56 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-09-21 18:00 - 2012-08-24 13:05 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-09-21 18:00 - 2012-08-24 13:03 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-09-21 18:00 - 2012-08-24 13:03 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-09-21 18:00 - 2012-08-24 13:02 - 02453504 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-09-21 18:00 - 2012-08-24 13:02 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-09-21 18:00 - 2012-08-24 11:57 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-09-21 18:00 - 2012-08-24 11:57 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-09-21 18:00 - 2012-08-24 11:56 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-09-21 18:00 - 2012-08-24 11:56 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-09-21 17:59 - 2012-08-24 13:05 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-09-21 17:59 - 2012-08-24 11:57 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-09-21 17:59 - 2012-08-24 11:56 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-09-21 17:59 - 2012-08-24 10:59 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-09-21 17:59 - 2012-08-24 10:20 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-09-16 20:10 - 2012-09-24 17:42 - 00000000 ____D C:\Users\Joshua\Local Settings\CutePDF Writer
2012-09-16 20:10 - 2012-09-24 17:42 - 00000000 ____D C:\Users\Joshua\Local Settings\Application Data\CutePDF Writer
2012-09-16 20:10 - 2012-09-24 17:42 - 00000000 ____D C:\Users\Joshua\AppData\Local\CutePDF Writer
2012-09-16 20:09 - 2012-09-16 20:09 - 00000000 ____D C:\Program Files (x86)\GPLGS
2012-09-16 20:08 - 2012-09-16 20:08 - 05254656 ____A C:\Users\Joshua\Downloads\converter.exe
2012-09-15 20:58 - 2012-09-15 20:58 - 00000000 ____D C:\Program Files (x86)\Acro Software
2012-09-15 20:58 - 2012-07-31 11:31 - 00087152 ____A C:\Windows\System32\cpwmon64.dll
2012-09-15 20:55 - 2012-09-15 20:55 - 04633584 ____A (Acro Software Inc. ) C:\Users\Joshua\Downloads\CuteWriter.exe
2012-09-15 20:54 - 2012-09-15 20:54 - 00587640 ____A C:\Users\Joshua\Downloads\cbsidlm-tr1_6-CutePDF_Writer-10206470.exe
2012-09-15 20:43 - 2012-09-15 20:43 - 00000000 ____D C:\Users\Joshua\Local Settings\PrimoPDFContent
2012-09-15 20:43 - 2012-09-15 20:43 - 00000000 ____D C:\Users\Joshua\Local Settings\Application Data\PrimoPDFContent
2012-09-15 20:43 - 2012-09-15 20:43 - 00000000 ____D C:\Users\Joshua\AppData\Local\PrimoPDFContent
2012-09-15 19:42 - 2012-09-15 19:45 - 700989440 ___AT C:\Users\Joshua\My Documents\ModPhys.ps
2012-09-15 19:42 - 2012-09-15 19:45 - 700989440 ___AT C:\Users\Joshua\Documents\ModPhys.ps
2012-09-15 19:39 - 2012-09-15 21:04 - 00000000 ____D C:\Users\Joshua\Application Data\PrimoPDF
2012-09-15 19:39 - 2012-09-15 21:04 - 00000000 ____D C:\Users\Joshua\AppData\Roaming\PrimoPDF
2012-09-15 19:37 - 2012-09-16 21:04 - 00000000 ____D C:\Program Files (x86)\Nitro PDF
2012-09-15 19:37 - 2011-02-28 17:37 - 00095008 ____A C:\Windows\System32\Primomonnt.dll
2012-09-15 19:35 - 2012-09-16 19:44 - 07549704 ____A C:\Users\Joshua\Downloads\InternationalPrimoPDF.exe
2012-09-15 18:43 - 2012-09-15 18:43 - 00000000 ____A C:\Users\Joshua\My Documents\SolidPhys.txt
2012-09-15 18:43 - 2012-09-15 18:43 - 00000000 ____A C:\Users\Joshua\Documents\SolidPhys.txt
2012-09-15 16:56 - 2012-09-15 16:56 - 00101680 ____A (Amazon.com, Inc.) C:\Windows\System32\stkMonitor.dll
2012-09-15 16:56 - 2012-09-15 16:56 - 00000000 ____D C:\Users\Joshua\Local Settings\Application Data\Amazon
2012-09-15 16:56 - 2012-09-15 16:56 - 00000000 ____D C:\Users\Joshua\Local Settings\Amazon
2012-09-15 16:56 - 2012-09-15 16:56 - 00000000 ____D C:\Users\Joshua\AppData\Local\Amazon
2012-09-15 16:56 - 2012-09-15 16:56 - 00000000 ____D C:\Program Files (x86)\Amazon
2012-09-15 16:55 - 2012-09-15 16:55 - 05291440 ____A (Amazon.com, Inc.) C:\Users\Joshua\Downloads\SendToKindleForPC-installer.exe
2012-09-15 16:42 - 2012-09-24 18:15 - 00000000 ____D C:\Users\Joshua\Desktop\Fall 2012 Class PDF's
2012-09-14 18:29 - 2012-09-14 18:29 - 00000000 ___HD C:\Users\All Users\CanonIJSolutionMenuEX
2012-09-14 18:29 - 2012-09-14 18:29 - 00000000 ___HD C:\Users\All Users\CanonIJEPPEX2
2012-09-14 18:29 - 2012-09-14 18:29 - 00000000 ___HD C:\Users\All Users\CanonEPP
2012-09-14 18:29 - 2012-09-14 18:29 - 00000000 ___HD C:\Users\All Users\Application Data\CanonIJSolutionMenuEX
2012-09-14 18:29 - 2012-09-14 18:29 - 00000000 ___HD C:\Users\All Users\Application Data\CanonIJEPPEX2
2012-09-14 18:29 - 2012-09-14 18:29 - 00000000 ___HD C:\Users\All Users\Application Data\CanonEPP
2012-09-14 18:28 - 2012-09-14 18:28 - 00000000 ___HD C:\Users\All Users\CanonIJMyPrinter
2012-09-14 18:28 - 2012-09-14 18:28 - 00000000 ___HD C:\Users\All Users\Application Data\CanonIJMyPrinter
2012-09-14 18:28 - 2012-09-14 18:28 - 00000000 ____D C:\Users\Joshua\Application Data\Canon
2012-09-14 18:28 - 2012-09-14 18:28 - 00000000 ____D C:\Users\Joshua\AppData\Roaming\Canon
2012-09-14 18:25 - 2012-09-14 18:25 - 00000000 ____D C:\Users\All Users\Canon IJ Network Tool
2012-09-14 18:25 - 2012-09-14 18:25 - 00000000 ____D C:\Users\All Users\Application Data\Canon IJ Network Tool
2012-09-14 18:14 - 2012-09-14 18:14 - 00000000 ___HD C:\Users\All Users\CanonIJFAX
2012-09-14 18:14 - 2012-09-14 18:14 - 00000000 ___HD C:\Users\All Users\CanonIJEGV
2012-09-14 18:14 - 2012-09-14 18:14 - 00000000 ___HD C:\Users\All Users\Application Data\CanonIJFAX
2012-09-14 18:14 - 2012-09-14 18:14 - 00000000 ___HD C:\Users\All Users\Application Data\CanonIJEGV
2012-09-14 18:10 - 2012-09-14 18:10 - 00002037 ____A C:\Users\Public\Desktop\Canon Solution Menu EX.lnk
2012-09-14 18:10 - 2012-09-14 18:10 - 00002037 ____A C:\Users\All Users\Desktop\Canon Solution Menu EX.lnk
2012-09-14 18:10 - 2012-09-14 18:10 - 00000000 ____D C:\Program Files\Common Files\CANON
2012-09-14 18:09 - 2012-09-14 18:09 - 00000000 ____D C:\Users\All Users\CanonIJWSpt
2012-09-14 18:09 - 2012-09-14 18:09 - 00000000 ____D C:\Users\All Users\Application Data\CanonIJWSpt
2012-09-14 18:06 - 2012-09-14 18:06 - 00002316 ____A C:\Users\Public\Desktop\Canon MX430 series On-screen Manual.lnk
2012-09-14 18:06 - 2012-09-14 18:06 - 00002316 ____A C:\Users\All Users\Desktop\Canon MX430 series On-screen Manual.lnk
2012-09-14 18:06 - 2012-09-14 18:06 - 00000000 ____D C:\Program Files\Canon
2012-09-14 18:04 - 2012-09-14 18:04 - 00000000 ___HD C:\Windows\System32\CanonIJ Uninstaller Information
2012-09-14 18:04 - 2012-09-14 18:04 - 00000000 ___HD C:\Users\All Users\CanonBJ
2012-09-14 18:04 - 2012-09-14 18:04 - 00000000 ___HD C:\Users\All Users\Application Data\CanonBJ
2012-09-14 18:04 - 2012-09-14 18:04 - 00000000 ___HD C:\Program Files\CanonBJ
2012-09-14 18:04 - 2012-09-14 18:04 - 00000000 ____D C:\Windows\System32\STRING
2012-09-14 18:04 - 2011-11-03 05:00 - 00385024 ____A (CANON INC.) C:\Windows\System32\CNMLMB1.DLL
2012-09-14 18:04 - 2011-10-14 11:57 - 00300544 ____A (CANON INC.) C:\Windows\System32\CNC_B1C.dll
2012-09-14 18:04 - 2011-10-14 11:57 - 00102912 ____A (CANON INC.) C:\Windows\SysWOW64\CNC_B1U.dll
2012-09-14 18:04 - 2011-10-14 11:56 - 00109568 ____A (CANON INC.) C:\Windows\System32\CNC_B1I.dll
2012-09-14 18:04 - 2011-09-29 04:23 - 00256000 ____A (CANON INC.) C:\Windows\System32\CNMIUB1.DLL
2012-09-14 18:04 - 2011-09-22 08:59 - 00358912 ____A (CANON INC.) C:\Windows\System32\CNC_B1L.dll
2012-09-14 18:04 - 2011-09-22 08:57 - 00316416 ____A (CANON INC.) C:\Windows\SysWOW64\CNC_B1L.dll
2012-09-14 18:04 - 2011-09-21 05:00 - 00302592 ____A (CANON INC.) C:\Windows\System32\CNCALB1.DLL
2012-09-14 18:04 - 2011-08-16 03:30 - 00356864 ____A (CANON INC.) C:\Windows\System32\CNMN6PPM.DLL
2012-09-14 18:04 - 2011-08-16 03:30 - 00039424 ____A (CANON INC.) C:\Windows\System32\CNMN6UI.DLL
2012-09-14 18:04 - 2011-06-30 13:52 - 00065280 ____A C:\Windows\SysWOW64\CNC175BD.TBL
2012-09-14 18:04 - 2011-06-30 13:52 - 00065280 ____A C:\Windows\System32\CNC175BD.TBL
2012-09-14 18:04 - 2011-05-27 11:19 - 00097792 ____A (Canon Inc.) C:\Windows\System32\CNC_B1O.dll
2012-09-14 18:04 - 2008-08-25 18:02 - 00017920 ____A (CANON INC.) C:\Windows\System32\CNHMCA6.dll
2012-09-14 18:04 - 2008-08-25 18:02 - 00015872 ____A (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll
2012-09-14 18:03 - 2012-09-22 03:17 - 00000000 ____D C:\Users\All Users\CanonIJPLM
2012-09-14 18:03 - 2012-09-22 03:17 - 00000000 ____D C:\Users\All Users\Application Data\CanonIJPLM
2012-09-14 18:02 - 2012-09-14 18:28 - 00000000 ____D C:\Program Files (x86)\Canon
2012-09-14 18:02 - 2012-09-14 18:02 - 00000000 ___HD C:\Users\All Users\CanonIJETV
2012-09-14 18:02 - 2012-09-14 18:02 - 00000000 ___HD C:\Users\All Users\Application Data\CanonIJETV
2012-09-12 11:59 - 2012-08-22 13:12 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-09-12 11:59 - 2012-08-22 13:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-09-12 11:59 - 2012-08-22 13:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-09-12 11:59 - 2012-08-22 13:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-09-12 11:59 - 2012-08-02 12:58 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-09-12 11:59 - 2012-08-02 11:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-09-12 11:59 - 2012-07-04 15:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2012-09-10 22:46 - 2012-09-10 22:47 - 00007562 ____A C:\Users\Joshua\My Documents\cc_20120910_224651.reg
2012-09-10 22:46 - 2012-09-10 22:47 - 00007562 ____A C:\Users\Joshua\Documents\cc_20120910_224651.reg
2012-09-10 22:44 - 2012-09-10 22:44 - 00160710 ____A C:\Users\Joshua\My Documents\cc_20120910_224400.reg
2012-09-10 22:44 - 2012-09-10 22:44 - 00160710 ____A C:\Users\Joshua\Documents\cc_20120910_224400.reg
2012-09-10 22:39 - 2012-09-10 22:40 - 03927560 ____A (Piriform Ltd) C:\Users\Joshua\Downloads\ccsetup322.exe

==================== 3 Months Modified Files ==================

2012-09-30 00:47 - 2011-01-14 10:07 - 01861103 ____A C:\Windows\WindowsUpdate.log
2012-09-30 00:36 - 2009-07-13 23:45 - 00013872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-30 00:36 - 2009-07-13 23:45 - 00013872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-30 00:34 - 2012-09-30 00:34 - 00000089 ____A C:\data
2012-09-30 00:34 - 2009-07-14 00:13 - 00727334 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-30 00:29 - 2012-09-29 13:38 - 00000224 ____A C:\Windows\setupact.log
2012-09-30 00:29 - 2011-02-22 21:09 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-09-30 00:29 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-29 22:52 - 2011-02-22 21:09 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-29 13:38 - 2012-09-29 13:38 - 00000456 ____A C:\Windows\PFRO.log
2012-09-29 13:38 - 2012-09-29 13:38 - 00000000 ____A C:\Windows\setuperr.log
2012-09-29 13:36 - 2012-09-29 13:36 - 00005289 ____A C:\AdwCleaner[S1].txt
2012-09-29 13:04 - 2012-09-29 13:04 - 00004532 ____A C:\AdwCleaner[R1].txt
2012-09-29 12:55 - 2012-09-29 12:54 - 00003456 ____A C:\Users\Joshua\My Documents\cc_20120929_125451.reg
2012-09-29 12:55 - 2012-09-29 12:54 - 00003456 ____A C:\Users\Joshua\Documents\cc_20120929_125451.reg
2012-09-29 12:43 - 2012-09-29 12:42 - 00607260 ____R (Swearware) C:\Users\Joshua\Desktop\dds.scr
2012-09-29 12:35 - 2012-09-29 12:35 - 00001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-29 12:35 - 2012-09-29 12:35 - 00001071 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-29 12:34 - 2012-09-29 12:33 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\Joshua\Desktop\mbam-setup-1.65.0.1400.exe
2012-09-29 12:25 - 2012-09-29 12:25 - 00513501 ____A C:\Users\Joshua\Desktop\adwcleaner.exe
2012-09-29 12:15 - 2012-09-29 12:15 - 00000824 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-09-29 12:15 - 2012-09-29 12:15 - 00000824 ____A C:\Users\All Users\Desktop\CCleaner.lnk
2012-09-29 12:14 - 2012-09-29 12:13 - 03941312 ____A (Piriform Ltd) C:\Users\Joshua\Desktop\ccsetup323.exe
2012-09-29 11:37 - 2012-09-29 11:37 - 00302592 ____A C:\Users\Joshua\Downloads\c7bkzkj7.exe
2012-09-29 10:33 - 2012-09-29 10:33 - 00000000 ____A C:\Users\Joshua\Desktop\zk2f8py0.reg
2012-09-29 10:29 - 2012-09-29 10:29 - 00302592 ____A C:\Users\Joshua\Desktop\zk2f8py0.exe
2012-09-29 05:13 - 2012-09-29 05:13 - 00019277 ____A C:\ComboFix.txt
2012-09-29 05:12 - 2009-07-13 21:34 - 00000215 ____A C:\Windows\system.ini
2012-09-29 03:52 - 2012-09-29 03:52 - 02163864 ____A (US Tech Support LLC) C:\Users\Joshua\Downloads\MaxMySpeed.exe
2012-09-24 17:44 - 2012-09-24 17:44 - 04238448 ____A (Softland ) C:\Users\Joshua\Downloads\dopdf-7.exe
2012-09-23 11:40 - 2012-09-23 11:40 - 00057560 ____A C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2012-09-16 20:08 - 2012-09-16 20:08 - 05254656 ____A C:\Users\Joshua\Downloads\converter.exe
2012-09-16 19:44 - 2012-09-15 19:35 - 07549704 ____A C:\Users\Joshua\Downloads\InternationalPrimoPDF.exe
2012-09-15 20:55 - 2012-09-15 20:55 - 04633584 ____A (Acro Software Inc. ) C:\Users\Joshua\Downloads\CuteWriter.exe
2012-09-15 20:54 - 2012-09-15 20:54 - 00587640 ____A C:\Users\Joshua\Downloads\cbsidlm-tr1_6-CutePDF_Writer-10206470.exe
2012-09-15 19:45 - 2012-09-15 19:42 - 700989440 ___AT C:\Users\Joshua\My Documents\ModPhys.ps
2012-09-15 19:45 - 2012-09-15 19:42 - 700989440 ___AT C:\Users\Joshua\Documents\ModPhys.ps
2012-09-15 18:43 - 2012-09-15 18:43 - 00000000 ____A C:\Users\Joshua\My Documents\SolidPhys.txt
2012-09-15 18:43 - 2012-09-15 18:43 - 00000000 ____A C:\Users\Joshua\Documents\SolidPhys.txt
2012-09-15 16:56 - 2012-09-15 16:56 - 00101680 ____A (Amazon.com, Inc.) C:\Windows\System32\stkMonitor.dll
2012-09-15 16:55 - 2012-09-15 16:55 - 05291440 ____A (Amazon.com, Inc.) C:\Users\Joshua\Downloads\SendToKindleForPC-installer.exe
2012-09-14 18:10 - 2012-09-14 18:10 - 00002037 ____A C:\Users\Public\Desktop\Canon Solution Menu EX.lnk
2012-09-14 18:10 - 2012-09-14 18:10 - 00002037 ____A C:\Users\All Users\Desktop\Canon Solution Menu EX.lnk
2012-09-14 18:06 - 2012-09-14 18:06 - 00002316 ____A C:\Users\Public\Desktop\Canon MX430 series On-screen Manual.lnk
2012-09-14 18:06 - 2012-09-14 18:06 - 00002316 ____A C:\Users\All Users\Desktop\Canon MX430 series On-screen Manual.lnk
2012-09-13 03:01 - 2011-03-01 12:42 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-09-10 22:47 - 2012-09-10 22:46 - 00007562 ____A C:\Users\Joshua\My Documents\cc_20120910_224651.reg
2012-09-10 22:47 - 2012-09-10 22:46 - 00007562 ____A C:\Users\Joshua\Documents\cc_20120910_224651.reg
2012-09-10 22:44 - 2012-09-10 22:44 - 00160710 ____A C:\Users\Joshua\My Documents\cc_20120910_224400.reg
2012-09-10 22:44 - 2012-09-10 22:44 - 00160710 ____A C:\Users\Joshua\Documents\cc_20120910_224400.reg
2012-09-10 22:40 - 2012-09-10 22:39 - 03927560 ____A (Piriform Ltd) C:\Users\Joshua\Downloads\ccsetup322.exe
2012-09-07 17:04 - 2012-09-29 12:35 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-29 16:35 - 2012-08-29 16:35 - 00929280 ____A C:\Users\Joshua\Downloads\LarColAlg8_01_04.ppt
2012-08-24 13:05 - 2012-09-21 18:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 13:05 - 2012-09-21 18:00 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 13:05 - 2012-09-21 17:59 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 13:03 - 2012-09-21 18:01 - 09056256 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 13:03 - 2012-09-21 18:01 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 13:03 - 2012-09-21 18:00 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 13:03 - 2012-09-21 18:00 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 13:02 - 2012-09-21 18:01 - 12295680 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-24 13:02 - 2012-09-21 18:00 - 02453504 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 13:02 - 2012-09-21 18:00 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-24 11:57 - 2012-09-21 18:01 - 06028800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-24 11:57 - 2012-09-21 18:01 - 01231872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-24 11:57 - 2012-09-21 18:01 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-24 11:57 - 2012-09-21 18:00 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-24 11:57 - 2012-09-21 18:00 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-24 11:57 - 2012-09-21 17:59 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-24 11:56 - 2012-09-21 18:01 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-24 11:56 - 2012-09-21 18:00 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-24 11:56 - 2012-09-21 18:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-24 11:56 - 2012-09-21 17:59 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-24 10:59 - 2012-09-21 17:59 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 10:20 - 2012-09-21 17:59 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-22 13:12 - 2012-09-12 11:59 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-08-22 13:12 - 2012-09-12 11:59 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-08-22 13:12 - 2012-09-12 11:59 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-08-22 13:12 - 2012-09-12 11:59 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-08-21 16:01 - 2012-09-26 16:39 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-08-17 08:44 - 2009-07-13 23:45 - 00274320 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-02 12:58 - 2012-09-12 11:59 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-08-02 11:57 - 2012-09-12 11:59 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-07-31 11:31 - 2012-09-15 20:58 - 00087152 ____A C:\Windows\System32\cpwmon64.dll
2012-07-25 13:57 - 2012-07-25 13:56 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Joshua\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-25 10:29 - 2012-07-25 10:29 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Joshua\Downloads\tdsskiller.exe
2012-07-23 19:37 - 2012-07-23 19:37 - 00000000 ____A C:\Windows\SysWOW64\sho8B2F.tmp
2012-07-23 18:05 - 2012-07-23 18:03 - 16580936 ____A (McAfee, Inc.) C:\Users\Joshua\Downloads\6781xdat.exe.part
2012-07-23 18:04 - 2012-07-23 18:04 - 02199393 ____A (McAfee, Inc.) C:\Users\Joshua\Downloads\5400eng.exe
2012-07-18 13:15 - 2012-08-16 08:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-16 15:32 - 2012-07-16 15:32 - 00008187 ____A C:\Users\Joshua\My Documents\2012-2013 FADX.txt
2012-07-16 15:32 - 2012-07-16 15:32 - 00008187 ____A C:\Users\Joshua\Documents\2012-2013 FADX.txt
2012-07-06 15:07 - 2012-08-17 03:09 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2012-07-04 17:16 - 2012-08-16 08:18 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 17:13 - 2012-08-16 08:18 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 17:13 - 2012-08-16 08:18 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 16:16 - 2012-08-16 08:18 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 16:14 - 2012-08-16 08:18 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-07-04 15:26 - 2012-09-12 11:59 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-09-29 06:01:43

==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 3894.68 MB
Available physical RAM: 3249.96 MB
Total Pagefile: 3892.83 MB
Available Pagefile: 3241.49 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:370.24 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (Recovery) (Fixed) (Total:14.65 GB) (Free:7.47 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (JOKAZZ) (Removable) (Total:3.74 GB) (Free:2.27 GB) FAT32
5 Drive g: () (Removable) (Total:3.69 GB) (Free:0.02 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 3835 MB 0 B
Disk 2 Online 3781 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 100 MB 1024 KB
Partition 2 Primary 14 GB 101 MB
Partition 3 Primary 451 GB 14 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 DELLUTILITY FAT Partition 100 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D Recovery NTFS Partition 14 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 451 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3827 MB 19 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F JOKAZZ FAT32 Removable 3827 MB Healthy

=========================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3777 MB 4096 KB

==================================================================================

Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 3777 MB Healthy

=========================================================

Last Boot: 2012-09-26 18:45

==================== End Of Log =============================

SuperDave · « **Reply #5 on:** September 30, 2012, 11:16:39 AM »

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
**************************************************************
Download Combofix from any of the links below, and save it to your DESKTOP.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

Close any open windows and double click ComboFix.exe to run it.

You will see the following image:

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

tsfc · « **Reply #6 on:** September 30, 2012, 12:01:43 PM »

Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````[/u]
Malwarebytes Anti-Malware version 1.65.0.1400
Java(TM) 6 Update 35
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 12.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````[/u]
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````[/u]

ComboFix 12-09-30.01 - Joshua 09/30/2012 14:51:22.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2588 [GMT -5:00]
Running from: c:\users\Joshua\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-28 to 2012-09-30 )))))))))))))))))))))))))))))))
.
.
2012-09-30 19:59 . 2012-09-30 19:59   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-09-30 14:45 . 2012-09-30 14:45   477168   ----a-w-   c:\windows\SysWow64\npdeployJava1.dll
2012-09-30 06:48 . 2012-09-30 06:48   --------   d-----w-   C:\FRST
2012-09-30 05:32 . 2012-09-30 06:52   --------   d-----w-   c:\program files (x86)\DownloadManager
2012-09-29 17:35 . 2012-09-29 17:35   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-29 17:35 . 2012-09-07 22:04   25928   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-09-29 17:15 . 2012-09-29 17:15   --------   d-----w-   c:\program files\CCleaner
2012-09-29 11:18 . 2012-09-29 11:18   --------   d-----w-   c:\programdata\SUPERSetup
2012-09-29 08:54 . 2012-09-29 09:11   --------   d-----w-   c:\users\Joshua\AppData\Roaming\USTechSupport
2012-09-29 08:52 . 2012-09-29 09:15   --------   d-----w-   c:\programdata\USTechSupport
2012-09-28 19:35 . 2012-08-30 07:27   9308616   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{7DB98C2F-38F0-4604-8868-78303CEDC956}\mpengine.dll
2012-09-26 21:39 . 2012-08-21 21:01   245760   ----a-w-   c:\windows\system32\OxpsConverter.exe
2012-09-24 22:45 . 2012-09-24 22:45   --------   d-----w-   c:\users\Joshua\AppData\Roaming\Softland
2012-09-24 22:45 . 2012-05-17 13:45   24968   ----a-w-   c:\windows\system32\dopdfmn7.dll
2012-09-24 22:45 . 2012-05-17 13:45   21384   ----a-w-   c:\windows\system32\dopdfmi7.dll
2012-09-24 22:45 . 2010-02-05 20:00   1700352   ----a-w-   c:\windows\system32\GdiPlus.dll
2012-09-24 22:44 . 2012-09-24 22:44   --------   d-----w-   c:\program files\Softland
2012-09-21 23:01 . 2012-08-24 18:03   9056256   ----a-w-   c:\windows\system32\mshtml.dll
2012-09-21 23:01 . 2012-08-24 18:02   12295680   ----a-w-   c:\windows\system32\ieframe.dll
2012-09-21 23:01 . 2012-08-24 18:03   735744   ----a-w-   c:\windows\system32\msfeeds.dll
2012-09-21 23:01 . 2012-08-24 18:05   1494528   ----a-w-   c:\windows\system32\urlmon.dll
2012-09-21 22:59 . 2012-08-24 18:05   134144   ----a-w-   c:\windows\system32\url.dll
2012-09-21 22:59 . 2012-08-24 15:20   1638912   ----a-w-   c:\windows\SysWow64\mshtml.tlb
2012-09-21 22:59 . 2012-08-24 15:59   1638912   ----a-w-   c:\windows\system32\mshtml.tlb
2012-09-17 01:10 . 2012-09-24 22:42   --------   d-----w-   c:\users\Joshua\AppData\Local\CutePDF Writer
2012-09-17 01:09 . 2012-09-17 01:09   --------   d-----w-   c:\program files (x86)\GPLGS
2012-09-16 01:58 . 2012-07-31 16:31   87152   ----a-w-   c:\windows\system32\cpwmon64.dll
2012-09-16 01:58 . 2012-09-16 01:58   --------   d-----w-   c:\program files (x86)\Acro Software
2012-09-16 01:43 . 2012-09-16 01:43   --------   d-----w-   c:\users\Joshua\AppData\Local\PrimoPDFContent
2012-09-16 00:39 . 2012-09-16 02:04   --------   d-----w-   c:\users\Joshua\AppData\Roaming\PrimoPDF
2012-09-16 00:37 . 2011-02-28 22:37   95008   ----a-w-   c:\windows\system32\Primomonnt.dll
2012-09-16 00:37 . 2012-09-17 02:04   --------   d-----w-   c:\program files (x86)\Nitro PDF
2012-09-15 21:56 . 2012-09-15 21:56   --------   d-----w-   c:\users\Joshua\AppData\Local\Amazon
2012-09-15 21:56 . 2012-09-15 21:56   101680   ----a-w-   c:\windows\system32\stkMonitor.dll
2012-09-15 21:56 . 2012-09-15 21:56   --------   d-----w-   c:\program files (x86)\Amazon
2012-09-14 23:29 . 2012-09-14 23:29   --------   d--h--w-   c:\programdata\CanonIJSolutionMenuEX
2012-09-14 23:29 . 2012-09-14 23:29   --------   d--h--w-   c:\programdata\CanonIJEPPEX2
2012-09-14 23:29 . 2012-09-14 23:29   --------   d--h--w-   c:\programdata\CanonEPP
2012-09-14 23:28 . 2012-09-14 23:28   --------   d--h--w-   c:\programdata\CanonIJMyPrinter
2012-09-14 23:28 . 2012-09-14 23:28   --------   d-----w-   c:\users\Joshua\AppData\Roaming\Canon
2012-09-14 23:25 . 2012-09-14 23:25   --------   d-----w-   c:\programdata\Canon IJ Network Tool
2012-09-14 23:14 . 2012-09-14 23:14   --------   d--h--w-   c:\programdata\CanonIJFAX
2012-09-14 23:14 . 2012-09-14 23:14   --------   d--h--w-   c:\programdata\CanonIJEGV
2012-09-14 23:10 . 2012-09-14 23:10   --------   d-----w-   c:\program files\Common Files\CANON
2012-09-14 23:09 . 2012-09-14 23:09   --------   d-----w-   c:\programdata\CanonIJWSpt
2012-09-14 23:06 . 2012-09-14 23:06   --------   d-----w-   c:\program files\Canon
2012-09-14 23:03 . 2012-09-22 08:17   --------   d-----w-   c:\programdata\CanonIJPLM
2012-09-14 23:02 . 2012-09-14 23:02   --------   d--h--w-   c:\programdata\CanonIJETV
2012-09-14 23:02 . 2012-09-14 23:28   --------   d-----w-   c:\program files (x86)\Canon
2012-09-12 16:59 . 2012-08-22 18:12   950128   ----a-w-   c:\windows\system32\drivers\ndis.sys
2012-09-12 16:59 . 2012-07-04 20:26   41472   ----a-w-   c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 16:59 . 2012-08-02 17:58   574464   ----a-w-   c:\windows\system32\d3d10level9.dll
2012-09-12 16:59 . 2012-08-02 16:57   490496   ----a-w-   c:\windows\SysWow64\d3d10level9.dll
2012-09-12 16:59 . 2012-08-22 18:12   1913200   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2012-09-12 16:59 . 2012-08-22 18:12   376688   ----a-w-   c:\windows\system32\drivers\netio.sys
2012-09-12 16:59 . 2012-08-22 18:12   288624   ----a-w-   c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-30 14:45 . 2011-03-07 02:09   473072   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2012-09-13 08:01 . 2011-03-01 17:42   64462936   ----a-w-   c:\windows\system32\MRT.exe
2012-07-24 00:37 . 2012-07-24 00:37   0   ----a-w-   c:\windows\SysWow64\sho8B2F.tmp
2012-07-18 18:15 . 2012-08-16 13:15   3148800   ----a-w-   c:\windows\system32\win32k.sys
2012-07-06 20:07 . 2012-08-17 08:09   552960   ----a-w-   c:\windows\system32\drivers\bthport.sys
2012-07-04 22:16 . 2012-08-16 13:18   73216   ----a-w-   c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-16 13:18   59392   ----a-w-   c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-16 13:18   136704   ----a-w-   c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-16 13:18   41984   ----a-w-   c:\windows\SysWow64\browcli.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-02-23 39408]
"uTorrent"="c:\users\Joshua\Pictures\uTorrent.exe" [2012-06-09 880528]
"DelayShred"="c:\progra~1\mcafee\mqs\ShrCL.EXE" [2012-03-23 129184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Absolute Notifier"="c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe" [2010-10-08 86184]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-12-16 498160]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1637496]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-09-27 439440]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-12 559616]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-08-01 165184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ     kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-23 136176]
R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxddserv.exe [2007-05-25 34224]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-03-30 53800]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-30 35104]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-23 136176]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-07 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-17 325152]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-24 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AbsoluteNotifier;Absolute Notifier;c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2010-10-08 10408]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]
S2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe [2007-05-25 567216]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2012-03-20 162192]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [2010-02-03 20984]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-08-30 289280]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-17 232480]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-23 02:09]
.
2012-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-23 02:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-09-07 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-09-07 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-09-07 415256]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-18 487424]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-03 5712896]
"lxddmon.exe"="c:\program files (x86)\Lexmark 2500 Series\lxddmon.exe" [2007-06-12 291760]
"lxddamon"="c:\program files (x86)\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2780776]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\erpnoq27.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - att.net
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-19306437.sys
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3310118324-520105195-1961103251-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3310118324-520105195-1961103251-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-30 15:01:42
ComboFix-quarantined-files.txt 2012-09-30 20:01
ComboFix2.txt 2012-09-29 10:13
.
Pre-Run: 396,813,836,288 bytes free
Post-Run: 396,684,918,784 bytes free
.
- - End Of File - - 63C9E8662D372AD2AB44006831CF39DE

SuperDave · « **Reply #7 on:** October 01, 2012, 04:04:58 PM »

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
**********************************************************
Update your Adobe Reader. get.adobe.com/reader.

Be sure to uncheck the Free McAfee Security Scan so it isn't installed.
**************************************************************
Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

On completion of the scan click save log, save it to your desktop and post in your next reply

tsfc · « **Reply #8 on:** October 01, 2012, 08:05:25 PM »

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-01 21:08:16
-----------------------------
21:08:16.834 OS Version: Windows x64 6.1.7601 Service Pack 1
21:08:16.834 Number of processors: 4 586 0x2505
21:08:16.835 ComputerName: JOSHUA-PC UserName: Joshua
21:08:18.674 Initialize success
21:09:32.682 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:09:32.685 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
21:09:32.697 Disk 0 MBR read successfully
21:09:32.699 Disk 0 MBR scan
21:09:32.701 Disk 0 Windows 7 default MBR code
21:09:32.707 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048
21:09:32.724 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 206848
21:09:32.737 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461838 MB offset 30926848
21:09:32.762 Disk 0 scanning C:\Windows\system32\drivers
21:09:49.139 Service scanning
21:10:52.462 Modules scanning
21:10:52.476 Disk 0 trace - called modules:
21:10:52.495 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:10:52.502 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bbc060]
21:10:52.511 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004979050]
21:10:52.518 Scan finished successfully
21:11:28.805 Disk 0 MBR has been saved successfully to "C:\Users\Joshua\Desktop\MBR.dat"
21:11:28.997 The log file has been saved successfully to "C:\Users\Joshua\Desktop\aswMBR.txt"

SuperDave · « **Reply #9 on:** October 02, 2012, 01:19:40 PM »

Please download Rooter and Save it to your desktop.

Double click it to start the tool.Vista and Windows7 run as administrator.
Click Scan.
Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.

tsfc · « **Reply #10 on:** October 02, 2012, 09:28:02 PM »

I have tried to run the Rooter scan but it keeps telling me it has stopped working and the program closes. What to do next?

SuperDave · « **Reply #11 on:** October 03, 2012, 01:22:03 PM »

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

tsfc · « **Reply #12 on:** October 03, 2012, 08:52:34 PM »

C:\Documents and Settings\Joshua\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\56d3a47a-70b66261 a variant of Java/Exploit.CVE-2012-1723.R trojan deleted - quarantined

SuperDave · « **Reply #13 on:** October 04, 2012, 01:00:24 PM »

How's your computer running now? Any other issues?

tsfc · « **Reply #14 on:** October 05, 2012, 07:57:20 PM »

Its the exact same still slow no difference.

Computer Hope Forum

News:

Author Topic: Infected with zeroaccess rootkit!!! (Read 22009 times)

tsfc

Infected with zeroaccess rootkit!!!

SuperDave

Re: Infected with zeroaccess rootkit!!!

tsfc

Re: Infected with zeroaccess rootkit!!!

SuperDave

Re: Infected with zeroaccess rootkit!!!

tsfc

Re: Infected with zeroaccess rootkit!!!

SuperDave

Re: Infected with zeroaccess rootkit!!!

tsfc

Re: Infected with zeroaccess rootkit!!!

SuperDave

Re: Infected with zeroaccess rootkit!!!

tsfc

Re: Infected with zeroaccess rootkit!!!

SuperDave

Re: Infected with zeroaccess rootkit!!!

tsfc

Re: Infected with zeroaccess rootkit!!!

SuperDave

Re: Infected with zeroaccess rootkit!!!

tsfc

Re: Infected with zeroaccess rootkit!!!

SuperDave

Re: Infected with zeroaccess rootkit!!!

tsfc

Re: Infected with zeroaccess rootkit!!!