PDA

View Full Version : FakeAlert!grb and smart_hdd



iggalileo
2012-04-01, 10:17
I believe my windows7 system might be affected by FakeAlert!grb and smart_hdd.

I had to boot into safe mode to do anything.

I've backed up the registry with erunt.

Thanks!

Here's what's requested:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64 MINIMAL
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by jbigane at 1:51:11 on 2012-04-01
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.7920.7070 [GMT -5:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Host Intrusion Prevention Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.oracle.com
uDefault_Page_URL = hxxp://my.oracle.com
uInternet Settings,ProxyOverride = *.oracle.com;*.oracleads.com;*.us.oracle.com;*.uk.oracle.com;*.ca.oracle.com;*.oraclecorp.com;*.oracleportal.com;*.local;<local>
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
mWinlogon: Userinit=userinit.exe
BHO: Virtual Account Numbers Helper: {17424104-1444-4810-85d7-b4da413c5a9a} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: OToolbarHelper Class: {7aed0dc9-374e-440d-b966-be292971225b} - C:\Program Files (x86)\UCS\Virtual Account Numbers\CitiUCSHelper.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
BHO: 1Password: {cb1a24da-7416-4921-a0cf-5aa1160aae2a} - C:\PROGRA~2\1PASSW~1\AGILE1~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
TB: Virtual Account Numbers: {a1bdf46b-9de6-4090-8791-84f26e00934c} - C:\Program Files (x86)\UCS\Virtual Account Numbers\CitiUCSToolbar.dll
TB: Virtual Account Numbers: {7a21a046-b886-4a62-9d69-ef2059b0a27b} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANToolbar.dll
uRun: [PSwitch] C:\Program Files (x86)\Proxy Switcher Lite\ProxySwitcher.exe
uRun: [Google Update] "C:\Users\jbigane\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Push Client] C:\Users\jbigane\AppData\Local\ATT Connect\Participant\pull.exe
uRun: [CmTray] "C:\Program Files (x86)\Content Manager\launchCM.exe"
uRun: [rmIhrYfwFjUdy.exe] C:\ProgramData\rmIhrYfwFjUdy.exe
mRun: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfee Host Intrusion Prevention Tray] "C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe"
mRun: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [TOSDCR] %ProgramFiles%\TOSHIBA\PasswordUtility\TOSDCR.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [UCS Virtual Account Numbers] C:\PROGRA~2\UCS\VIRTUA~1\CitiUCS.exe /lang=en_RG /dontopenmycards
mRun: [Boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
mRun: [SafeBootTrayManager] "C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe"
mRun: [SafeBootTokenWatcher] "C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe"
mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Agile1pAgent] C:\Program Files (x86)\1Password\Agile1pAgent.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Citi Virtual Account Numbers] C:\PROGRA~2\VIRTUA~1\CitiVAN.exe /lang=en_RG /dontopenmycards
StartupFolder: C:\Users\jbigane\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\jbigane\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\jbigane\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\jbigane\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\Users\jbigane\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 1 (0x1)
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - C:\windows\system32\GPhotos.scr/200
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a}
IE: {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - {5D7B119E-062F-476B-A5E7-797FAF554BA2} - C:\PROGRA~2\1PASSW~1\AGILE1~1.DLL
LSP: %SystemRoot%\system32\vsocklib.dll
Trusted Zone: oracle.com\conference
Trusted Zone: oracle.com\login
Trusted Zone: oracle.com\stbeehive
Trusted Zone: oraclecorp.com\global-ebusiness
Trusted Zone: oraclecorp.com\global-erp
Trusted Zone: oraclecorp.com\global-hrms
Trusted Zone: oraclecorp.com\global-service
Trusted Zone: oraclevpn.com\myaccess
Trusted Zone: oracle.com\login
Trusted Zone: oraclecorp.com\global-ebusiness
Trusted Zone: oraclecorp.com\global-erp
Trusted Zone: oraclecorp.com\global-hrms
Trusted Zone: oraclecorp.com\global-service
Trusted Zone: oraclevpn.com\myaccess
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://ouweb.webex.com/client/T27LB/webex/ieatgpc1.cab
TCP: DhcpNameServer = 68.94.156.1 68.94.157.1 192.168.1.1
TCP: Interfaces\{CE8767FE-6158-4D69-A089-23ECC8AAD5ED} : DhcpNameServer = 68.94.156.1 68.94.157.1 192.168.1.1
TCP: Interfaces\{CE8767FE-6158-4D69-A089-23ECC8AAD5ED}\2656C6B696E6E2634616 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{CE8767FE-6158-4D69-A089-23ECC8AAD5ED}\65562796A7F6E602D494649443531303C4022343131402355636572756 : DhcpNameServer = 192.168.10.1
TCP: Interfaces\{CE8767FE-6158-4D69-A089-23ECC8AAD5ED}\9427F6E6D616E6 : DhcpNameServer = 192.168.1.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
LSA: Notification Packages = sbnp scecli
BHO-X64: Virtual Account Numbers Helper: {17424104-1444-4810-85D7-B4DA413C5A9A} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANHelper.dll
BHO-X64: Virtual Account Numbers Helper - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: OToolbarHelper Class: {7AED0DC9-374E-440D-B966-BE292971225B} - C:\Program Files (x86)\UCS\Virtual Account Numbers\CitiUCSHelper.dll
BHO-X64: Citi UCS Helper - No File
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
BHO-X64: 1Password: {CB1A24DA-7416-4921-A0CF-5AA1160AAE2A} - C:\PROGRA~2\1PASSW~1\AGILE1~1.DLL
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
TB-X64: Virtual Account Numbers: {A1BDF46B-9DE6-4090-8791-84F26E00934C} - C:\Program Files (x86)\UCS\Virtual Account Numbers\CitiUCSToolbar.dll
TB-X64: Virtual Account Numbers: {7A21A046-B886-4A62-9D69-EF2059B0A27B} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANToolbar.dll
mRun-x64: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun-x64: [McAfee Host Intrusion Prevention Tray] "C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe"
mRun-x64: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun-x64: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun-x64: [TOSDCR] %ProgramFiles%\TOSHIBA\PasswordUtility\TOSDCR.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [UCS Virtual Account Numbers] C:\PROGRA~2\UCS\VIRTUA~1\CitiUCS.exe /lang=en_RG /dontopenmycards
mRun-x64: [Boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
mRun-x64: [SafeBootTrayManager] "C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe"
mRun-x64: [SafeBootTokenWatcher] "C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe"
mRun-x64: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Agile1pAgent] C:\Program Files (x86)\1Password\Agile1pAgent.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Citi Virtual Account Numbers] C:\PROGRA~2\VIRTUA~1\CitiVAN.exe /lang=en_RG /dontopenmycards
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE-X64: {c95fe080-8f5d-11d2-a20b-00aa003c157a}
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\jbigane\AppData\Roaming\Mozilla\Firefox\Profiles\tm9qundr.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.oracle.com/site/nasc
FF - prefs.js: network.proxy.type - 2
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Users\jbigane\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\jbigane\AppData\Roaming\Mozilla\Firefox\Profiles\tm9qundr.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}\plugins\npSlingPlayer.dll
FF - plugin: C:\Users\jbigane\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SafeBoot;SafeBoot;C:\Windows\System32\drivers\SafeBoot.sys [2011-7-28 62792]
R0 SBAlg;SBAlg;C:\Windows\System32\drivers\SbAlg.sys [2011-10-10 60128]
R0 SBAlg00;SBAlg00;C:\Windows\System32\drivers\SbAlg00.sys [2009-6-4 18176]
R0 SBAlg01;SBAlg01;C:\Windows\System32\drivers\SbAlg01.sys [2009-6-4 18176]
R0 SBAlg11;SBAlg11;C:\Windows\System32\drivers\SbAlg11.sys [2009-6-4 36096]
R0 SBAlg12;SBAlg12;C:\Windows\System32\drivers\SbAlg12.sys [2009-6-4 60160]
R0 SbFsLock;SbFsLock;C:\Windows\System32\drivers\SbFsLock.sys [2011-7-28 15688]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]
R2 McAfeeEngineService;McAfee Engine Service;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [2010-8-25 20792]
R2 rimspci;rimspci;C:\windows\system32\DRIVERS\rimspe64.sys --> C:\windows\system32\DRIVERS\rimspe64.sys [?]
R2 risdpcie;risdpcie;C:\windows\system32\DRIVERS\risdpe64.sys --> C:\windows\system32\DRIVERS\risdpe64.sys [?]
R2 rixdpcie;rixdpcie;C:\windows\system32\DRIVERS\rixdpe64.sys --> C:\windows\system32\DRIVERS\rixdpe64.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 IFXTPM;IFXTPM;C:\windows\system32\DRIVERS\IFXTPM.SYS --> C:\windows\system32\DRIVERS\IFXTPM.SYS [?]
S0 MfeEERM;MfeEERM;C:\Windows\System32\drivers\MfeEERM.sys [2010-12-17 226504]
S0 mfehidk;McAfee Inc. mfehidk;C:\windows\system32\drivers\mfehidk.sys --> C:\windows\system32\drivers\mfehidk.sys [?]
S0 SbCe;SbCe;C:\Windows\System32\drivers\SbCe.sys [2010-12-17 698312]
S1 RsvLock;RsvLock;C:\Windows\System32\drivers\RsvLock.sys [2011-7-28 58184]
S1 SbFlop;SbFlop;C:\Windows\System32\drivers\SbFlop.sys [2011-7-28 23368]
S1 SbRegFlt;SbRegFlt;C:\Windows\System32\drivers\SbRegFlt.sys [2011-7-28 15688]
S1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
S2 Agile1Password;1Password;C:\Program Files (x86)\1Password\Agile1pService.exe [2011-10-16 768776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 enterceptAgent;McAfee Host Intrusion Prevention Service;C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe [2010-2-16 1498224]
S2 hips;McAfee HIPSCore Service;C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe [2010-7-2 39840]
S2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2010-3-25 226624]
S2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2011-5-19 120128]
S2 McShield;McAfee McShield;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe [2010-8-25 181480]
S2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [2010-8-25 66880]
S2 mfevtp;McAfee Validation Trust Protection Service;C:\windows\system32\mfevtps.exe --> C:\windows\system32\mfevtps.exe [?]
S2 MyDesktopWindows;MyDesktopService;C:\ProgramData\Oracle\MyDesktop\MyDesktopService.exe [2011-10-28 1038848]
S2 NWHelper;Novatel Wireless Device Helper ;C:\Program Files (x86)\Novatel Wireless\MiFi4510\Drivers\NWHelper.exe [2010-6-3 270336]
S2 QOSMyDesktop;QOS MyDesktop;C:\ProgramData\Oracle\MyDesktop\MyDesktopQOS.exe [2009-10-13 470016]
S2 SafeBootClientManager;SafeBoot Client Manager;C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbClientManager.exe [2011-7-28 385084]
S2 SbCeCoreService;McAfee Endpoint Encryption Core Service;C:\Program Files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeCoreService.exe [2010-12-17 203080]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-2-25 252928]
S2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-29 846448]
S2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-9-22 645048]
S2 VZWConfigService;VZWConfigService;C:\Program Files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe [2011-2-11 169472]
S3 ATSwpWDF;AuthenTec TruePrint USB Driver;C:\windows\system32\Drivers\ATSwpWDF.sys --> C:\windows\system32\Drivers\ATSwpWDF.sys [?]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;C:\windows\system32\DRIVERS\e1k62x64.sys --> C:\windows\system32\DRIVERS\e1k62x64.sys [?]
S3 Firehk;McAfee NDIS Intermediate Filter;C:\windows\system32\DRIVERS\firehk.sys --> C:\windows\system32\DRIVERS\firehk.sys [?]
S3 FirehkMP;FirehkMP;C:\windows\system32\DRIVERS\firehk.sys --> C:\windows\system32\DRIVERS\firehk.sys [?]
S3 HIPK;McAfee Inc. HIPK;C:\windows\system32\drivers\HIPK.sys --> C:\windows\system32\drivers\HIPK.sys [?]
S3 HIPPSK;McAfee Inc. HIPPSK;C:\windows\system32\drivers\HIPPSK.sys --> C:\windows\system32\drivers\HIPPSK.sys [?]
S3 HIPQK;McAfee Inc. HIPQK;C:\windows\system32\drivers\HIPQK.sys --> C:\windows\system32\drivers\HIPQK.sys [?]
S3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\system32\drivers\mfeavfk.sys --> C:\windows\system32\drivers\mfeavfk.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\windows\system32\drivers\mferkdet.sys --> C:\windows\system32\drivers\mferkdet.sys [?]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETw5s64.sys --> C:\windows\system32\DRIVERS\NETw5s64.sys [?]
S3 NWRmNet_022;Novatel Wireless MiFi 4510 RmNet Network Adapter;C:\windows\system32\DRIVERS\NWRmNet_022.sys --> C:\windows\system32\DRIVERS\NWRmNet_022.sys [?]
S3 NWUSBModem_022;Novatel Wireless Verizon MiFi LTE USB Modem Driver;C:\windows\system32\DRIVERS\nwusbmdm_022.sys --> C:\windows\system32\DRIVERS\nwusbmdm_022.sys [?]
S3 NWUSBPort_022;Novatel Wireless Verizon MiFi LTE USB Status Port Driver;C:\windows\system32\DRIVERS\nwusbser_022.sys --> C:\windows\system32\DRIVERS\nwusbser_022.sys [?]
S3 NWUSBPort2_022;Novatel Wireless Verizon MiFi LTE USB Status2 Port Driver;C:\windows\system32\DRIVERS\nwusbser2_022.sys --> C:\windows\system32\DRIVERS\nwusbser2_022.sys [?]
S3 SbCeCd;SbCeCd;C:\Windows\System32\drivers\SbCeCd.sys [2010-12-17 132808]
S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-11-5 137560]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
SUnknown dsload;dsload; [x]
.
=============== Created Last 30 ================
.
2012-04-01 06:22:09 46568 ----a-w- C:\windows\System32\HIPIS0e011b3.dll
2012-04-01 06:22:09 40328 ----a-w- C:\windows\SysWow64\HIPIS0e011b3.dll
2012-04-01 06:04:41 220160 ----a-w- C:\ProgramData\31SbGBuO75ehxE.exe
2012-04-01 05:53:22 299008 ----a-w- C:\ProgramData\rmIhrYfwFjUdy.exe
2012-03-31 23:42:36 -------- d-----w- C:\Program Files (x86)\Virtual Account Numbers
2012-03-21 06:32:59 -------- d-----w- C:\Users\jbigane\AppData\Local\Novatel Wireless
2012-03-21 06:30:03 -------- d-----w- C:\Program Files (x86)\Novatel Wireless
2012-03-21 06:28:21 -------- d-----w- C:\MiFi4510L
2012-03-16 13:57:07 3145728 ----a-w- C:\windows\System32\win32k.sys
2012-03-16 13:56:53 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
2012-03-16 13:56:53 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-03-16 13:56:52 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-03-16 13:56:51 1544192 ----a-w- C:\windows\System32\DWrite.dll
2012-03-16 13:56:51 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
2012-03-16 13:56:28 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
2012-03-16 13:56:28 1031680 ----a-w- C:\windows\System32\rdpcore.dll
2012-03-16 13:56:27 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
2012-03-16 13:56:27 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-03-13 16:33:45 -------- d-----w- C:\Program Files (x86)\MSECache
2012-03-11 04:04:19 -------- d-----w- C:\Program Files (x86)\Cisco
2012-03-10 18:01:43 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2012-03-10 18:01:43 2048 ----a-w- C:\windows\System32\tzres.dll
2012-03-02 19:09:29 -------- d-----w- C:\Program Files (x86)\Content Manager
.
==================== Find3M ====================
.
2012-03-08 04:49:06 143008 ----a-w- C:\windows\SysWow64\KevlarSigs.dll
2012-02-22 21:52:34 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-18 22:11:56 63088 ----a-w- C:\windows\System32\drivers\vmx86.sys
2012-01-18 22:11:54 942192 ----a-w- C:\windows\System32\vnetlib64.dll
2012-01-18 22:11:40 433264 ----a-w- C:\windows\SysWow64\vmnat.exe
2012-01-18 22:11:32 354416 ----a-w- C:\windows\SysWow64\vmnetdhcp.exe
2012-01-18 22:11:08 32880 ----a-w- C:\windows\System32\drivers\VMkbd.sys
2012-01-18 22:10:38 30320 ----a-w- C:\windows\System32\drivers\vmnetuserif.sys
2012-01-18 19:41:32 252016 ----a-w- C:\windows\SysWow64\vmnc.dll
2012-01-18 19:06:00 62064 ----a-w- C:\windows\System32\vmnetbridge.dll
2012-01-18 19:06:00 48752 ----a-w- C:\windows\System32\vnetinst.dll
2012-01-18 19:06:00 45680 ----a-w- C:\windows\System32\drivers\vmnetbridge.sys
2012-01-18 19:06:00 24176 ----a-w- C:\windows\System32\drivers\vmnet.sys
2012-01-18 19:06:00 20080 ----a-w- C:\windows\System32\drivers\vmnetadapter.sys
.
============= FINISH: 1:51:43.70 ===============


SpyBot Results:

DoubleClick: Tracking cookie (Internet Explorer: jbigane) (Cookie, nothing done)


DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Statcounter: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


WebTrends live: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


FastClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2012-04-01 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2012-01-16 Includes\Adware.sbi (*)
2012-03-20 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-11-29 Includes\DialerC.sbi (*)
2012-01-31 Includes\HeavyDuty.sbi (*)
2012-03-20 Includes\Hijackers.sbi (*)
2011-10-04 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2012-03-13 Includes\Keyloggers.sbi (*)
2012-03-13 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2012-03-27 Includes\Malware.sbi (*)
2012-03-27 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2012-02-28 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-12-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-01-17 Includes\Spyware.sbi (*)
2012-02-28 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2011-09-28 Includes\Trojans.sbi (*)
2012-03-21 Includes\TrojansC-02.sbi (*)
2012-03-27 Includes\TrojansC-03.sbi (*)
2012-03-27 Includes\TrojansC-04.sbi (*)
2012-03-27 Includes\TrojansC-05.sbi (*)
2012-03-21 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll