Hi,
Let's give ComboFix another go
Hi,
Let's give ComboFix another go
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
ComboFix 12-06-21.02 - Shelby 06/21/2012 16:24:47.5.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4056.2973 [GMT -4:00]
Running from: c:\users\Shelby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DWR4Z2OK\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
---- Previous Run -------
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-21 to 2012-06-21 )))))))))))))))))))))))))))))))
.
.
2012-06-21 20:34 . 2012-06-21 20:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-21 19:44 . 2012-06-21 19:44 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-21 15:16 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 15:16 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 15:16 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 15:16 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 15:15 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 15:15 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 22:18 . 2012-05-02 05:32 208896 ----a-w- c:\windows\system32\profsvc.dll
2012-06-19 22:18 . 2012-04-26 05:34 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-19 22:18 . 2012-04-26 05:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-19 22:18 . 2012-04-26 05:28 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-19 22:18 . 2012-05-15 01:32 3144192 ----a-w- c:\windows\system32\win32k.sys
2012-06-19 22:16 . 2012-04-28 03:50 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-19 22:16 . 2012-04-07 12:18 3213824 ----a-w- c:\windows\system32\msi.dll
2012-06-19 22:16 . 2012-04-07 11:34 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-19 22:14 . 2012-04-24 05:59 1460224 ----a-w- c:\windows\system32\crypt32.dll
2012-06-19 22:14 . 2012-04-24 04:47 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-19 22:14 . 2012-04-24 05:59 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-19 22:14 . 2012-04-24 05:59 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-19 22:14 . 2012-04-24 04:47 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-19 22:14 . 2012-04-24 04:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-13 21:09 . 2012-06-21 18:22 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-06-11 19:29 . 2011-03-25 03:22 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys
2012-06-11 19:29 . 2011-03-25 03:23 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2012-06-11 19:29 . 2011-03-25 03:23 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-06-11 19:29 . 2011-03-25 03:23 324608 ----a-w- c:\windows\system32\drivers\usbport.sys
2012-06-11 19:29 . 2011-03-25 03:22 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2012-06-11 19:29 . 2011-03-25 03:22 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2012-06-11 19:29 . 2011-03-25 03:22 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2012-06-11 19:25 . 2011-03-11 06:23 1657216 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-06-11 19:25 . 2011-03-11 06:23 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2012-06-11 19:25 . 2011-03-11 06:23 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2012-06-11 19:25 . 2011-03-11 06:22 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2012-06-11 19:25 . 2011-03-11 06:18 2566144 ----a-w- c:\windows\system32\esent.dll
2012-06-11 19:25 . 2011-03-11 06:23 187264 ----a-w- c:\windows\system32\drivers\storport.sys
2012-06-11 19:25 . 2011-03-11 06:22 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2012-06-11 19:25 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\SysWow64\esent.dll
2012-06-11 19:25 . 2011-03-11 06:23 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2012-06-11 19:25 . 2011-03-11 06:15 96768 ----a-w- c:\windows\system32\fsutil.exe
2012-06-11 19:25 . 2011-03-11 05:37 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2012-06-11 18:55 . 2012-06-11 18:55 -------- d-----w- c:\windows\SysWow64\Wat
2012-06-11 18:55 . 2012-06-11 18:55 -------- d-----w- c:\windows\system32\Wat
2012-06-10 20:36 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2012-06-10 20:36 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2012-06-10 20:12 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll
2012-06-10 20:12 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll
2012-06-10 19:52 . 2009-11-25 16:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2012-06-10 19:52 . 2009-11-25 16:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2012-06-10 19:52 . 2009-11-25 16:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2012-06-10 19:52 . 2009-11-25 16:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2012-06-10 19:52 . 2009-11-25 16:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2012-06-10 19:52 . 2009-11-25 16:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2012-06-10 19:52 . 2009-11-25 16:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-06-10 19:52 . 2009-11-25 16:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2012-06-10 19:52 . 2009-11-25 16:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2012-06-10 19:52 . 2009-11-25 16:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-06-10 19:36 . 2012-06-10 19:36 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-06-10 19:27 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-06-10 19:27 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-06-10 19:27 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-06-10 19:27 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
2012-06-10 19:27 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-06-10 19:27 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-06-10 19:27 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-06-10 18:55 . 2012-06-19 21:47 -------- d-----w- c:\program files (x86)\Microsoft Works
2012-06-10 18:55 . 2012-06-11 19:12 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-06-10 18:55 . 2012-06-10 18:55 -------- d-----w- c:\windows\PCHEALTH
2012-06-10 18:51 . 2012-06-20 00:07 -------- d-----w- c:\programdata\Microsoft Help
2012-06-10 17:48 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-06-10 17:46 . 2011-10-26 05:22 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-06-10 17:46 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\SysWow64\quartz.dll
2012-06-10 17:46 . 2011-10-26 05:22 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-06-10 17:46 . 2011-10-26 04:28 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-06-10 17:46 . 2012-01-04 09:58 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-06-10 17:46 . 2012-01-04 09:03 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-06-10 17:46 . 2010-06-29 05:35 4582912 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2012-06-10 17:46 . 2010-06-29 05:39 2085376 ----a-w- c:\windows\system32\ole32.dll
2012-06-10 17:46 . 2010-06-29 04:57 4247040 ----a-w- c:\program files (x86)\Windows NT\Accessories\wordpad.exe
2012-06-10 17:46 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\SysWow64\ole32.dll
2012-06-10 17:46 . 2011-05-04 05:28 2228224 ----a-w- c:\windows\system32\mssrch.dll
2012-06-10 17:44 . 2010-01-19 09:05 422912 ----a-w- c:\windows\system32\secproc_isv.dll
2012-06-10 17:43 . 2012-01-03 06:24 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-06-10 17:42 . 2010-06-19 06:53 52224 ----a-w- c:\windows\system32\rtutils.dll
2012-06-10 17:41 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-06-10 17:40 . 2011-12-28 03:59 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2012-06-10 17:40 . 2012-03-17 07:55 75632 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-06-10 17:40 . 2010-08-27 06:14 236032 ----a-w- c:\windows\system32\srvsvc.dll
2012-06-10 17:40 . 2010-08-27 05:46 9728 ----a-w- c:\windows\SysWow64\sscore.dll
2012-06-10 17:40 . 2010-10-12 05:05 35328 ----a-w- c:\program files\Windows Mail\wabfind.dll
2012-06-10 17:40 . 2010-10-12 05:00 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2012-06-10 17:40 . 2010-10-12 04:25 516096 ----a-w- c:\program files (x86)\Windows Mail\wab.exe
2012-06-10 17:40 . 2011-08-17 05:32 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-06-10 17:40 . 2011-08-17 05:27 288256 ----a-w- c:\windows\system32\MSNP.ax
2012-06-10 17:40 . 2011-08-17 05:27 108032 ----a-w- c:\windows\system32\psisrndr.ax
2012-06-10 17:40 . 2011-08-17 04:22 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2012-06-10 17:38 . 2011-07-16 05:04 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-06-10 17:37 . 2011-05-24 11:21 404992 ----a-w- c:\windows\system32\umpnpmgr.dll
2012-06-10 17:37 . 2011-05-24 10:34 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2012-06-10 17:37 . 2011-05-24 10:32 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2012-06-10 17:37 . 2011-05-24 10:34 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2012-06-10 17:37 . 2011-05-24 10:34 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2012-06-10 17:37 . 2011-02-12 06:14 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2012-06-10 17:25 . 2011-05-03 05:21 976896 ----a-w- c:\windows\system32\inetcomm.dll
2012-06-10 17:25 . 2011-05-03 04:50 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2012-06-10 17:25 . 2011-12-16 08:42 634368 ----a-w- c:\windows\system32\msvcrt.dll
2012-06-10 17:25 . 2011-12-16 07:59 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-06-10 17:25 . 2010-10-16 05:23 112000 ----a-w- c:\windows\system32\consent.exe
2012-06-10 17:25 . 2011-02-23 05:15 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-06-10 17:25 . 2011-08-27 05:40 861184 ----a-w- c:\windows\system32\oleaut32.dll
2012-06-10 17:25 . 2011-08-27 05:40 331776 ----a-w- c:\windows\system32\oleacc.dll
2012-06-10 17:25 . 2011-08-27 04:43 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-06-10 17:25 . 2011-08-27 04:43 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2012-06-10 17:25 . 2011-10-15 06:25 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-06-10 17:25 . 2011-10-15 05:48 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-06-10 17:24 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll
2012-06-10 17:24 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-06-10 17:24 . 2012-03-30 11:09 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-06-10 17:24 . 2012-04-02 05:26 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-06-10 17:24 . 2012-04-02 05:24 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-06-10 17:24 . 2012-04-02 05:24 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-06-10 17:24 . 2012-04-02 04:40 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-06-10 17:24 . 2012-04-02 05:24 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-06-10 17:23 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
2012-06-10 17:23 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
c:\users\Shelby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 257224]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 02:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}"=hex:51,66,7a,6c,4c,1d,38,12,26,bd,a8,
0a,e6,f4,22,0e,f1,4c,12,2a,bb,94,a4,70
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,38,12,ce,d6,a1,
79,73,3c,17,0b,c9,9b,20,49,f5,42,16,25
"{B164E929-A1B6-4A06-B104-2CD0E90A88FF}"=hex:51,66,7a,6c,4c,1d,38,12,47,ea,77,
b5,84,ef,68,0f,ce,12,6f,90,ec,54,cc,eb
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:35,db,6f,37,cf,4f,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\rundll32.exe
.
**************************************************************************
.
Completion time: 2012-06-21 16:51:44 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-21 20:51
.
Pre-Run: 148,951,822,336 bytes free
Post-Run: 148,862,464,000 bytes free
.
- - End Of File - - DD79FE68C47986692CC47B118DE6AB75
Hi,
Please place the ComboFix.exe file to your desktop.
* Go here to run an online scanner from ESET.
- Note: You will need to use Internet explorer for this scan
- Tick the box next to YES, I accept the Terms of Use.
- Click Start
- When asked, allow the activex control to install
- Click Start
- Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
- Click Scan
- Wait for the scan to finish.
Post back its report & a fresh dds.txt log. Any issues present?
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
Sorry for the delay. This scan has literally been running for the past 2 days and it just finished. Unfortunately, when I clicked finish, the details disappeared, and the screen jumped to an add for the company. Needless to say I am going to have to run the scan again, which will most likely take an additional 2 days. So far, I haven't seen any problems, they seem to have gone away. However, this scan did come up with 63 issues, and I want to see this through. Thank you for your patience, and I will get back to you as soon as the scan is finished.
Hi,
Make sure your McAfee antivirus protection is disabled when running ESET scanner. That may speed up the scanning process.
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
Hi,
So here is the ESET but now I am having troubles with the dds links. I turned off mcaffe but the link would just act like it's loading but never appear. I will try again in the morning. So far, no issues though. Thanks again for all of your help so far; you're amazing!
Here is the report haha.
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric8.zip Win32/Bagle.gen.zip worm
C:\TDSSKiller_Quarantine\21.06.2012_15.44.02\mbr0000\tdlfs0000\tsk0000.dta Win64/Olmarik.AK trojan
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric8.zip Win32/Bagle.gen.zip worm
C:\Windows.old\Documents and Settings\Shelby\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm HTML/ScrInject.B.Gen virus
C:\Windows.old\Documents and Settings\Shelby\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm HTML/Iframe.B.Gen virus
C:\Windows.old\Documents and Settings\Shelby\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm HTML/ScrInject.B.Gen virus
C:\Windows.old\Documents and Settings\Shelby\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm HTML/ScrInject.B.Gen virus
C:\Windows.old\Documents and Settings\Shelby\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm HTML/Iframe.B.Gen virus
C:\Windows.old\Documents and Settings\Shelby\AppData\Local\Application Data\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm HTML/ScrInject.B.Gen virus
C:\Windows.old\Documents and Settings\Shelby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm HTML/ScrInject.B.Gen virus
C:\Windows.old\Documents and Settings\Shelby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm HTML/Iframe.B.Gen virus
C:\Windows.old\Documents and Settings\Shelby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm HTML/ScrInject.B.Gen virus
C:\Windows.old\Documents and Settings\Shelby\AppData\Local\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm HTML/ScrInject.B.Gen virus
C:\Windows.old\Documents and Settings\Shelby\AppData\Local\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm HTML/Iframe.B.Gen virus
C:\Windows.old\Documents and Settings\Shelby\AppData\Local\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm HTML/ScrInject.B.Gen virus
C:\Windows.old\Documents and Settings\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\ec625cb-7627966d multiple threats
C:\Windows.old\Documents and Settings\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\57a3fb8e-3775af0e a variant of Win32/Kryptik.AFDK trojan
C:\Windows.old\Documents and Settings\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\1b0b81d-22fff9be multiple threats
C:\Windows.old\Documents and Settings\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\53784821-4355561b a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Windows.old\Documents and Settings\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\e5a51ab-236f96ea a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Windows.old\Documents and Settings\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\3eb5fd45-6b8d64b6 a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Windows.old\Documents and Settings\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\64a5ca89-58885d98 a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Windows.old\Documents and Settings\Shelby\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm HTML/ScrInject.B.Gen virus
C:\Windows.old\Documents and Settings\Shelby\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm HTML/Iframe.B.Gen virus
C:\Windows.old\Documents and Settings\Shelby\Local Settings\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm HTML/ScrInject.B.Gen virus
C:\Windows.old\Documents and Settings\Shelby\Local Settings\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm HTML/ScrInject.B.Gen virus
C:\Windows.old\Documents and Settings\Shelby\Local Settings\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm HTML/Iframe.B.Gen virus
C:\Windows.old\Documents and Settings\Shelby\Local Settings\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm HTML/ScrInject.B.Gen virus
C:\Windows.old\Users\Shelby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm HTML/ScrInject.B.Gen virus
C:\Windows.old\Users\Shelby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm HTML/Iframe.B.Gen virus
C:\Windows.old\Users\Shelby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm HTML/ScrInject.B.Gen virus
C:\Windows.old\Users\Shelby\AppData\Local\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm HTML/ScrInject.B.Gen virus
C:\Windows.old\Users\Shelby\AppData\Local\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm HTML/Iframe.B.Gen virus
C:\Windows.old\Users\Shelby\AppData\Local\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm HTML/ScrInject.B.Gen virus
C:\Windows.old\Users\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\ec625cb-7627966d multiple threats
C:\Windows.old\Users\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\57a3fb8e-3775af0e a variant of Win32/Kryptik.AFDK trojan
C:\Windows.old\Users\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\1b0b81d-22fff9be multiple threats
C:\Windows.old\Users\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\53784821-4355561b a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Windows.old\Users\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\e5a51ab-236f96ea a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Windows.old\Users\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\3eb5fd45-6b8d64b6 a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Windows.old\Users\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\64a5ca89-58885d98 a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Windows.old\Users\Shelby\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm HTML/ScrInject.B.Gen virus
C:\Windows.old\Users\Shelby\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm HTML/Iframe.B.Gen virus
C:\Windows.old\Users\Shelby\Local Settings\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm HTML/ScrInject.B.Gen virus
C:\Windows.old\Users\Shelby\Local Settings\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm HTML/ScrInject.B.Gen virus
C:\Windows.old\Users\Shelby\Local Settings\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm HTML/Iframe.B.Gen virus
C:\Windows.old\Users\Shelby\Local Settings\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm HTML/ScrInject.B.Gen virus
Hi,
Both DDS links listed here work. I'll get back to dealing with those ESET findings after seeing DDS report firstSo here is the ESET but now I am having troubles with the dds links. I turned off mcaffe but the link would just act like it's loading but never appear. I will try again in the morning.
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Shelby at 8:38:06 on 2012-06-26
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4056.2998 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Microsoft Games\minesweeper\minesweeper.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120611170811.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Shelby\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{23ABA2C2-32B0-4CD4-A2A1-593D5A68FE43} : DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120611170811.dll
BHO-X64: scriptproxy - No File
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-6-9 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-6-9 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-6-9 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-6-9 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-6-9 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-6-9 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-6-9 1153368]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-9 257224]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-06-22 19:29:41 -------- d-----w- C:\Program Files (x86)\ESET
2012-06-22 13:42:50 -------- d-sh--w- C:\$RECYCLE.BIN
2012-06-21 19:44:57 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-21 15:16:42 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-21 15:16:11 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-21 15:15:42 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-21 15:15:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-20 18:41:28 98816 ----a-w- C:\Windows\sed.exe
2012-06-20 18:41:28 518144 ----a-w- C:\Windows\SWREG.exe
2012-06-20 18:41:28 256000 ----a-w- C:\Windows\PEV.exe
2012-06-20 18:41:28 208896 ----a-w- C:\Windows\MBR.exe
2012-06-19 22:18:57 208896 ----a-w- C:\Windows\System32\profsvc.dll
2012-06-19 22:18:53 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-19 22:18:53 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-19 22:18:53 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-19 22:18:33 3144192 ----a-w- C:\Windows\System32\win32k.sys
2012-06-19 22:16:16 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-19 22:16:10 3213824 ----a-w- C:\Windows\System32\msi.dll
2012-06-19 22:16:09 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-19 22:14:48 1460224 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-19 22:14:48 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-19 22:14:47 182272 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-19 22:14:47 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-19 22:14:46 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-19 22:14:46 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-13 21:14:55 -------- d-----w- C:\Users\Shelby\AppData\Local\Adobe
2012-06-13 19:30:01 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-13 19:29:58 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-13 19:29:58 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-11 19:29:29 52224 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2012-06-11 19:29:28 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2012-06-11 19:29:28 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2012-06-11 19:29:28 324608 ----a-w- C:\Windows\System32\drivers\usbport.sys
2012-06-11 19:29:27 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2012-06-11 19:29:27 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2012-06-11 19:29:27 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2012-06-11 19:25:26 1657216 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-06-11 19:25:25 2566144 ----a-w- C:\Windows\System32\esent.dll
2012-06-11 19:25:25 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2012-06-11 19:25:25 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2012-06-11 19:25:25 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2012-06-11 19:25:24 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2012-06-11 19:25:24 187264 ----a-w- C:\Windows\System32\drivers\storport.sys
2012-06-11 19:25:24 1686016 ----a-w- C:\Windows\SysWow64\esent.dll
2012-06-11 19:25:23 96768 ----a-w- C:\Windows\System32\fsutil.exe
2012-06-11 19:25:23 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2012-06-11 19:25:22 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2012-06-11 18:55:04 -------- d-----w- C:\Windows\SysWow64\Wat
2012-06-11 18:55:04 -------- d-----w- C:\Windows\System32\Wat
2012-06-10 20:36:57 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2012-06-10 20:36:57 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2012-06-10 20:12:12 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2012-06-10 20:12:12 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2012-06-10 19:52:54 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2012-06-10 19:52:54 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2012-06-10 19:52:54 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2012-06-10 19:52:54 444752 ----a-w- C:\Windows\System32\mscoree.dll
2012-06-10 19:52:54 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2012-06-10 19:52:54 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2012-06-10 19:52:54 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2012-06-10 19:52:54 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2012-06-10 19:52:54 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2012-06-10 19:52:54 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2012-06-10 19:27:45 80896 ----a-w- C:\Windows\System32\imagehlp.dll
2012-06-10 19:27:45 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-06-10 19:27:45 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-06-10 19:27:45 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-06-10 19:27:45 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-06-10 19:27:45 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-06-10 19:27:45 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-06-10 18:55:20 -------- d-----w- C:\Windows\PCHEALTH
2012-06-10 18:52:02 -------- d-----w- C:\Users\Shelby\AppData\Local\Microsoft Help
2012-06-10 17:48:56 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2012-06-10 17:46:44 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-06-10 17:46:44 1328640 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-06-10 17:46:43 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-06-10 17:46:43 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-06-10 17:46:31 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-06-10 17:46:31 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-06-10 17:46:26 4582912 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe
2012-06-10 17:46:25 4247040 ----a-w- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
2012-06-10 17:46:25 2085376 ----a-w- C:\Windows\System32\ole32.dll
2012-06-10 17:46:24 1413632 ----a-w- C:\Windows\SysWow64\ole32.dll
2012-06-10 17:46:00 2228224 ----a-w- C:\Windows\System32\mssrch.dll
2012-06-10 17:44:39 422912 ----a-w- C:\Windows\System32\secproc_isv.dll
2012-06-10 17:43:54 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-06-10 17:42:57 52224 ----a-w- C:\Windows\System32\rtutils.dll
2012-06-10 17:41:44 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2012-06-10 17:40:14 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-06-10 17:40:11 75632 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-06-10 17:40:09 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2012-06-10 17:40:08 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2012-06-10 17:40:06 516096 ----a-w- C:\Program Files\Windows Mail\wab.exe
2012-06-10 17:40:06 516096 ----a-w- C:\Program Files (x86)\Windows Mail\wab.exe
2012-06-10 17:40:06 35328 ----a-w- C:\Program Files\Windows Mail\wabfind.dll
2012-06-10 17:40:01 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2012-06-10 17:40:01 288256 ----a-w- C:\Windows\System32\MSNP.ax
2012-06-10 17:40:00 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2012-06-10 17:40:00 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2012-06-10 17:38:59 4608 ---ha-w- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-06-10 17:37:55 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll
2012-06-10 17:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2012-06-10 17:37:54 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2012-06-10 17:37:53 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2012-06-10 17:37:53 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2012-06-10 17:37:44 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2012-06-10 17:25:41 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2012-06-10 17:25:40 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2012-06-10 17:25:37 634368 ----a-w- C:\Windows\System32\msvcrt.dll
2012-06-10 17:25:36 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-06-10 17:25:33 112000 ----a-w- C:\Windows\System32\consent.exe
2012-06-10 17:25:30 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2012-06-10 17:25:24 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2012-06-10 17:25:24 331776 ----a-w- C:\Windows\System32\oleacc.dll
2012-06-10 17:25:23 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2012-06-10 17:25:23 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2012-06-10 17:25:16 723456 ----a-w- C:\Windows\System32\EncDec.dll
2012-06-10 17:25:15 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2012-06-10 17:24:55 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-06-10 17:24:55 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-06-10 17:24:13 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-06-10 17:24:05 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-06-10 17:24:05 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-06-10 17:24:04 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-06-10 17:24:04 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-06-10 17:24:03 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-06-10 17:23:57 720896 ----a-w- C:\Windows\System32\odbc32.dll
2012-06-10 17:23:56 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll
2012-06-10 17:23:56 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2012-06-10 17:23:55 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2012-06-10 17:23:55 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2012-06-10 17:23:55 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2012-06-10 17:23:54 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2012-06-10 17:23:53 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2012-06-10 17:23:53 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2012-06-10 17:23:53 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2012-06-10 17:23:34 1739160 ----a-w- C:\Windows\System32\ntdll.dll
2012-06-10 17:23:33 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-06-10 17:19:56 77312 ----a-w- C:\Windows\System32\packager.dll
2012-06-10 17:19:55 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-06-10 13:05:44 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2012-06-10 13:05:44 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2012-06-10 07:15:54 -------- d-----w- C:\Windows\Panther
2012-06-10 07:15:25 -------- d-----w- C:\Windows\System32\oem
2012-06-10 06:49:54 -------- d-----w- C:\Windows.old
2012-06-10 03:12:00 -------- d-----w- C:\Users\Shelby\AppData\Local\Microsoft Games
2012-06-10 02:33:09 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-10 02:33:09 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-10 01:29:43 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-06-10 01:29:43 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-06-10 01:17:50 -------- d-----w- C:\Program Files (x86)\McAfee.com
2012-06-10 01:17:38 10248 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2012-06-10 01:17:38 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
2012-06-10 01:16:44 75936 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2012-06-10 01:16:44 65264 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2012-06-10 01:16:44 487296 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2012-06-10 01:16:44 289664 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2012-06-10 01:16:44 229528 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2012-06-10 01:16:44 100912 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2012-06-10 01:16:32 -------- d-----w- C:\Program Files\McAfee.com
2012-06-10 01:16:32 -------- d-----w- C:\Program Files\McAfee
2012-06-10 01:16:32 -------- d-----w- C:\Program Files\Common Files\McAfee
2012-06-10 01:16:29 -------- d-----w- C:\Program Files (x86)\McAfee
2012-06-10 01:07:34 162192 ----a-w- C:\Windows\System32\mfevtps.exe
2012-06-10 00:35:54 -------- d-----w- C:\Users\Shelby\AppData\Local\Diagnostics
2012-06-10 00:27:50 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7250C547-3BEC-4613-AECF-28596846A027}\mpengine.dll
2012-06-10 00:27:49 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-06-10 00:04:13 45056 ----a-r- C:\Users\Shelby\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
2012-06-10 00:04:12 -------- d-----w- C:\Windows\SysWow64\vmm32
2012-06-10 00:04:12 -------- d-----w- C:\Program Files (x86)\Dell
2012-06-10 00:03:44 -------- d-sh--w- C:\Windows\Installer
2012-06-09 23:58:08 89088 ----a-w- C:\Windows\SysWow64\atl71.dll
2012-06-09 23:58:08 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-06-09 23:58:08 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-06-09 23:58:08 1060864 ----a-w- C:\Windows\SysWow64\MFC71.dll
2012-06-09 23:58:08 1047552 ----a-w- C:\Windows\SysWow64\MFC71u.dll
2012-06-09 23:56:07 139264 ----a-w- C:\Windows\System32\cabview.dll
2012-06-09 23:56:07 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2012-06-09 23:56:05 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-06-09 23:56:05 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-06-09 23:56:05 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-06-09 23:52:56 -------- d-----w- C:\Recovery
.
==================== Find3M ====================
.
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 8:40:20.13 ===============
Hi again,
Open notepad and copy/paste the text in the quotebox below into it:
Code:Folder:: C:\TDSSKiller_Quarantine File:: C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric8.zip C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric8.zip C:\Windows.old\Documents and Settings\Shelby\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm C:\Windows.old\Documents and Settings\Shelby\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm C:\Windows.old\Documents and Settings\Shelby\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm C:\Windows.old\Documents and Settings\Shelby\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm C:\Windows.old\Documents and Settings\Shelby\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm C:\Windows.old\Documents and Settings\Shelby\AppData\Local\Application Data\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm C:\Windows.old\Documents and Settings\Shelby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm C:\Windows.old\Documents and Settings\Shelby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm C:\Windows.old\Documents and Settings\Shelby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm C:\Windows.old\Documents and Settings\Shelby\AppData\Local\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm C:\Windows.old\Documents and Settings\Shelby\AppData\Local\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm C:\Windows.old\Documents and Settings\Shelby\AppData\Local\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm C:\Windows.old\Documents and Settings\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\ec625cb-7627966d C:\Windows.old\Documents and Settings\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\57a3fb8e-3775af0e C:\Windows.old\Documents and Settings\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\1b0b81d-22fff9be C:\Windows.old\Documents and Settings\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\53784821-4355561b C:\Windows.old\Documents and Settings\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\e5a51ab-236f96ea C:\Windows.old\Documents and Settings\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\3eb5fd45-6b8d64b6 C:\Windows.old\Documents and Settings\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\64a5ca89-58885d98 C:\Windows.old\Documents and Settings\Shelby\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm C:\Windows.old\Documents and Settings\Shelby\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm C:\Windows.old\Documents and Settings\Shelby\Local Settings\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm C:\Windows.old\Documents and Settings\Shelby\Local Settings\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm C:\Windows.old\Documents and Settings\Shelby\Local Settings\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm C:\Windows.old\Documents and Settings\Shelby\Local Settings\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm C:\Windows.old\Users\Shelby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm C:\Windows.old\Users\Shelby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm C:\Windows.old\Users\Shelby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm C:\Windows.old\Users\Shelby\AppData\Local\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm C:\Windows.old\Users\Shelby\AppData\Local\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm C:\Windows.old\Users\Shelby\AppData\Local\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm C:\Windows.old\Users\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\ec625cb-7627966d C:\Windows.old\Users\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\57a3fb8e-3775af0e C:\Windows.old\Users\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\1b0b81d-22fff9be C:\Windows.old\Users\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\53784821-4355561b C:\Windows.old\Users\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\e5a51ab-236f96ea C:\Windows.old\Users\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\3eb5fd45-6b8d64b6 C:\Windows.old\Users\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\64a5ca89-58885d98 C:\Windows.old\Users\Shelby\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm C:\Windows.old\Users\Shelby\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm C:\Windows.old\Users\Shelby\Local Settings\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm C:\Windows.old\Users\Shelby\Local Settings\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm C:\Windows.old\Users\Shelby\Local Settings\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm C:\Windows.old\Users\Shelby\Local Settings\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log.
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.