Jump to content

It appears I have a trojan or virus


gaboyde88
 Share

Recommended Posts

This is a continuation of this thread: http://forums.pcpitstop.com/index.php?/topic/200198-it-appears-i-have-a-trojan-or-virus/

 

 

 

DDS (Ver_2012-10-19.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2

Run by rhonda at 12:59:28 on 2012-10-28

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5943.4534 [GMT -5:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Windows\system32\mfevtps.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\System32\rundll32.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Users\rhonda\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files (x86)\Ask.com\Updater\Updater.exe

C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe

C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\splwow64.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\SysWOW64\ctfmon.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uProxyServer = 40439756946785358287000000:80

uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120621204508.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

uRun: [Google Update] "C:\Users\rhonda\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconstartup.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRun: [startNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe"

mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

StartupFolder: C:\Users\rhonda\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{43144CFA-A79C-4D17-A07B-DF5CDC2E9069} : DHCPNameServer = 192.168.1.1

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

SSODL: WebCheck - <orphaned>

x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120621204508.dll

x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll

x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\rhonda\AppData\Roaming\Mozilla\Firefox\Profiles\08awarrn.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com Search

FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z192&install_date=20110921

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

FF - plugin: C:\Users\rhonda\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2012-10-27 21:15; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-3-13 647208]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-9-20 289664]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-9-20 55856]

R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-10-27 984144]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-10-27 364096]

R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2011-9-20 75936]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-18 140672]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]

R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-10-27 25232]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-10-27 71600]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-10-27 44808]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-20 249936]

R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-20 249936]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-20 249936]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-20 249936]

R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-9-20 199272]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-9-20 210584]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2011-9-20 162192]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-20 2320920]

R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-9-20 65264]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-9-20 56344]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-10-16 321064]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-9-20 229528]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-9-20 487296]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]

S2 0285601345917542mcinstcleanup;McAfee Application Installer Cleanup (0285601345917542);C:\Windows\TEMP\028560~1.EXE -cleanup -nolog --> C:\Windows\TEMP\028560~1.EXE -cleanup -nolog [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

S2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe --> C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [?]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-19 250288]

S3 massfilter_hs;HS HandSet Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter_hs.sys [2012-7-14 18456]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-3 227232]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-9-20 100912]

S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-9-20 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-20 1255736]

.

=============== Created Last 30 ================

.

2012-10-28 05:37:13 -------- d-----w- C:\Users\rhonda\AppData\Roaming\Malwarebytes

2012-10-28 05:37:02 -------- d-----w- C:\ProgramData\Malwarebytes

2012-10-28 05:37:01 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-10-28 05:37:01 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-10-28 04:53:58 8862544 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2012-10-28 04:53:55 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9854BBF5-A816-415A-91BB-7C26EE0C5004}\mpengine.dll

2012-10-28 03:07:44 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-10-28 03:07:44 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-10-28 02:35:11 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe

2012-10-28 02:34:35 1464320 ----a-w- C:\Windows\System32\crypt32.dll

2012-10-28 02:34:34 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-10-28 02:34:33 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-10-28 02:34:33 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-10-28 02:34:32 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-10-28 02:34:32 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-10-28 02:28:30 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-10-28 02:28:28 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-10-28 02:28:28 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-10-28 02:28:15 220160 ----a-w- C:\Windows\System32\wintrust.dll

2012-10-28 02:28:14 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-10-28 02:21:52 715776 ----a-w- C:\Windows\System32\kerberos.dll

2012-10-28 02:21:52 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll

2012-10-28 02:16:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2012-10-28 02:15:28 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2012-10-28 02:15:23 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2012-10-28 02:15:22 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2012-10-28 02:15:03 41224 ----a-w- C:\Windows\avastSS.scr

2012-10-28 02:14:55 -------- d-----w- C:\ProgramData\AVAST Software

2012-10-28 02:14:55 -------- d-----w- C:\Program Files\AVAST Software

2012-10-28 00:03:28 -------- d-----w- C:\Users\rhonda\AppData\Roaming\AVG2013

2012-10-28 00:02:57 -------- d-----w- C:\Users\rhonda\AppData\Roaming\TuneUp Software

2012-10-28 00:02:40 -------- d-----w- C:\ProgramData\AVG2013

2012-10-27 21:22:42 -------- d--h--w- C:\ProgramData\Common Files

2012-10-27 21:22:42 -------- d-----w- C:\Users\rhonda\AppData\Local\MFAData

2012-10-27 21:22:42 -------- d-----w- C:\Users\rhonda\AppData\Local\Avg2013

2012-10-27 21:22:42 -------- d-----w- C:\ProgramData\MFAData

2012-10-22 18:53:11 163056 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin

.

==================== Find3M ====================

.

2012-09-21 09:59:20 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-21 09:59:20 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-09-03 13:47:51 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-03 13:47:47 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-09-03 13:47:47 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys

2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys

2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll

2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe

2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll

2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll

.

============= FINISH: 12:59:45.70 ===============

 

 

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-10-19.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 9/19/2011 18:54:35

System Uptime: 10/28/2012 11:51:19 (1 hours ago)

.

Motherboard: Dell Inc. | | 0C2KJT

Processor: Intel® Core i3 CPU 550 @ 3.20GHz | CPU 1 | 3200/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 699 GiB total, 649.087 GiB free.

D: is CDROM (CDFS)

E: is Removable

F: is Removable

G: is Removable

H: is Removable

K: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP139: 10/14/2012 19:34:03 - Windows Backup

RP140: 10/21/2012 19:01:27 - Windows Backup

RP141: 10/27/2012 05:38:09 - Restore Operation

RP142: 10/27/2012 16:18:14 - Windows Backup

RP143: 10/27/2012 19:01:57 - Installed AVG 2013

RP144: 10/27/2012 19:02:15 - Installed AVG 2013

RP145: 10/27/2012 20:18:53 - Removed AVG 2013

RP146: 10/27/2012 20:19:51 - Removed AVG 2013

RP147: 10/27/2012 21:14:47 - avast! Free Antivirus Setup

RP148: 10/27/2012 23:52:47 - Windows Update

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.4)

Ask Toolbar

Ask Toolbar Updater

avast! Free Antivirus

AVG PC Tuneup 2011

Broadcom NetXtreme-I Netlink Driver and Management Installer

Canon Easy-PhotoPrint EX

Canon Easy-WebPrint EX

Canon Inkjet Printer/Scanner/Fax Extended Survey Program

Canon MP Navigator EX 4.1

Canon MP560 series MP Drivers

Canon MX360 series MP Drivers

Canon MX360 series User Registration

Canon My Printer

Canon Solution Menu EX

Canon Speed Dial Utility

Coupon Printer for Windows

Dell Support Center

DirectX 9 Runtime

DW 1525 Driver Installation

Google Chrome

GoToAssist Corporate

Intel® Management Engine Components

Java 7 Update 7

Java Auto Updater

Java 6 Update 22

JavaFX 2.1.1

Malwarebytes Anti-Malware version 1.65.1.1000

Masque IGT Slots Texas Tea

McAfee Security Scan Plus

McAfee SecurityCenter

Microsoft .NET Framework 4 Client Profile

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mozilla Firefox 10.0.2 (x86 en-US)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

OpenOffice.org 3.3

PhotoShowExpress

RBVirtualFolder64Inst

Roxio Activation Module

Roxio BackOnTrack

Roxio Burn

Roxio Creator Starter

Roxio Express Labeler 3

Roxio File Backup

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Sonic CinePlayer Decoder Pack

SUPERAntiSpyware

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Visual Studio 2010 x64 Redistributables

WinZip 15.5

ZTE Handset USB Driver

.

==== Event Viewer Messages From Past Week ========

.

10/28/2012 01:04:35, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.5 with the system having network hardware address 60-FB-42-6E-E0-AE. Network operations on this system may be disrupted as a result.

10/27/2012 19:22:42, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

10/27/2012 19:20:42, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

10/27/2012 19:20:41, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

10/27/2012 19:20:40, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

10/27/2012 19:20:40, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

10/27/2012 19:20:40, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

10/27/2012 19:20:39, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

10/27/2012 19:20:34, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

10/27/2012 19:20:24, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AVGIDSDriver Avgldx64 Avgtdia DfsC discache mfehidk mfenlfk NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx vwififlt Wanarpv6 WfpLwf

10/27/2012 19:20:24, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.

10/27/2012 19:20:23, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

10/27/2012 19:20:23, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

10/27/2012 19:20:23, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

10/27/2012 19:20:23, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

10/27/2012 19:20:23, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.

10/27/2012 19:20:23, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.

10/27/2012 19:20:23, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.

10/27/2012 19:20:23, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.

10/27/2012 19:20:23, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.

10/27/2012 19:20:23, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

10/27/2012 19:20:23, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.

10/27/2012 19:20:22, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

10/27/2012 19:20:22, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

10/27/2012 19:20:22, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

10/27/2012 19:20:22, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

10/27/2012 19:20:22, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

10/27/2012 15:47:46, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

10/27/2012 15:47:19, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache mfehidk mfenlfk NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx vwififlt Wanarpv6 WfpLwf

10/27/2012 15:37:00, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..

10/27/2012 15:26:00, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.

10/27/2012 12:31:45, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

10/27/2012 12:13:42, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}

10/27/2012 12:11:32, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06}

10/27/2012 12:04:42, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache SASDIFSV SASKUTIL spldr Wanarpv6

10/26/2012 21:27:12, Error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 2 time(s).

10/26/2012 21:25:30, Error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 1 time(s).

.

==== End Of File ===========================

Link to comment
Share on other sites

Hello gaboyde88 and :wp:

 

My name is JonTom

  • Malware Logs can sometimes take a lot of time to research and interpret.
  • Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation.
  • Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
  • Read every reply you receive carefully and thoroughly before carrying out the instructions. You may also find it helpful to print out the instructions you receive, as in some instances you may have to disconnect your computer from the Internet.
  • PLEASE NOTE: If you do not reply after 3 days your thread will be closed.
Thank you for the DDS logs.

  • Security Programs

    • I can see from your log that you have a number of real-time security programs running, namely avast! Antivirus and McAfee Anti-Virus and Anti-Spyware.
    • Whilst both of these programs provide good security, they may clash with each other which can leave your system vulnerable to infection.
    • You are advised to remove one of these programs.
    • Please make sure that you only have ONE Firewall and ONE real-time Antivirus running on your system.
    Please confirm that you uninstalled AVG 2013 (I can still see evidence of it on your machine).

     

    Before we continue I would like to see a report from the following scan:

  • aswMBR

    • Download aswMBR.exe to your desktop.
    • Double click the aswMBR.exe to run it.
    • When asked if you want to download Avast's virus definitions please select Yes.
    • Click the "Scan" button to start scan.
    Posted Image

     

    • On completion of the scan click save log, save it to your desktop and post in your next reply.
    Posted Image

     

    Please post the aswMBR log in your next reply.

Link to comment
Share on other sites

McAfee doesn't not fully function in real-time protection now. If I try to turn it on, it shuts it's self right back off.

 

I first installed AVG yesterday because McAfee would no longer run correctly. I tried to run a virus scan with AVG, but it could not download the updates because my connection has been acting screwy. So I removed it and installed Avanst! which did not find any major issues.

 

 

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-10-28 15:50:40

-----------------------------

15:50:40.398 OS Version: Windows x64 6.1.7601 Service Pack 1

15:50:40.398 Number of processors: 4 586 0x2505

15:50:40.399 ComputerName: RHONDA-PC UserName: rhonda

15:50:41.782 Initialize success

15:50:42.372 AVAST engine defs: 12102800

15:51:23.503 Disk 0 (boot) DeviceHarddisk0DR0 -> DeviceIdeIdeDeviceP0T0L0-0

15:51:23.507 Disk 0 Vendor: ST3750528AS CC46 Size: 715404MB BusType: 3

15:51:23.531 Disk 0 MBR read successfully

15:51:23.535 Disk 0 MBR scan

15:51:23.540 Disk 0 Windows 7 default MBR code

15:51:23.552 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048

15:51:23.561 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 715302 MB offset 206848

15:51:23.582 Disk 0 scanning C:Windowssystem32drivers

15:51:28.307 Service scanning

15:51:38.788 Modules scanning

15:51:38.800 Disk 0 trace - called modules:

15:51:38.833 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys

15:51:38.841 1 nt!IofCallDriver -> DeviceHarddisk0DR0[0xfffffa80064e6060]

15:51:38.849 3 CLASSPNP.SYS[fffff880018a643f] -> nt!IofCallDriver -> [0xfffffa80061ea520]

15:51:38.856 5 ACPI.sys[fffff88000f8f7a1] -> nt!IofCallDriver -> DeviceIdeIdeDeviceP0T0L0-0[0xfffffa80061ec060]

15:51:39.628 AVAST engine scan C:Windows

15:51:41.360 AVAST engine scan C:Windowssystem32

15:52:57.936 AVAST engine scan C:Windowssystem32drivers

15:53:02.388 AVAST engine scan C:Usersrhonda

15:57:43.499 AVAST engine scan C:ProgramData

15:59:32.942 Scan finished successfully

16:01:59.097 Disk 0 MBR has been saved successfully to "C:UsersrhondaDesktopMBR.dat"

16:01:59.101 The log file has been saved successfully to "C:UsersrhondaDesktopaswMBR.txt"

Edited by gaboyde88
Link to comment
Share on other sites

Hello gaboyde88

 

Thank you for the log.

 

Please do the following:

  • Combofix

    • Download ComboFix from one of the following locations:

       

      Link 1

      Link 2

    • VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
    • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here.
    • Right click on ComboFix.exe and select "Run as Administrator" to run the program. Follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    Posted Image

     

    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    Posted Image

     

    • Click on Yes, to continue scanning for malware.
    • When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
    • Notes: Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    • Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
    • Should there be issues with internet afterward:

       

      In IE: Tools Menu -> Internet Options -> Connections Tab -> Lan Settings -> uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

       

      In Firefox: Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.

  • Security Check

    • Please download Security Check by screen317 from here or here and save the file (called securitycheck.exe) to your desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box (NOTE: If you are running Vista or Win7 please Right click and select "Run as Administrator"..
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document in your next reply.
    Please post both logs in your next reply.
Link to comment
Share on other sites

ComboFix 12-10-29.05 - rhonda 10/29/2012 13:56:51.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5943.4223 [GMT -5:00]

Running from: c:usersrhondaDesktopComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:programdataPCDr6032AddOnDownloaded305a1406-381f-449d-9486-32504a38e5b0.dll

c:programdataPCDr6032AddOnDownloaded3b429c4f-8ba9-4a7d-bbb4-4548bb6d2539.dll

c:programdataPCDr6032AddOnDownloaded8c199aef-9eca-4ab6-863d-c9136ebec654.dll

c:programdataPCDr6032AddOnDownloadeda7201707-7895-43cf-9119-8a0279b75d4c.dll

c:programdataPCDr6032AddOnDownloadedaf728edb-0984-4c06-9a4b-0878bcfa9a26.dll

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chrome.manifest

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chromecontentbar.js

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chromecontentbar.xul

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chromecontentbuttons.js

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chromecontentconstants.js

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chromecontentevents.js

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chromecontentglobals.js

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chromecontenthtmldialog.js

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chromecontenthtmldialog.xul

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chromecontenthtmldropdown.xul

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chromecontentinit.js

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chromecontentresourcesimagesengine_images.png

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chromecontentresourcesimagesengine_maps.png

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chromecontentresourcesimagesengine_news.png

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chromecontentresourcesimagesengine_videos.png

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chromecontentresourcesimagesengine_web.png

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chromecontentresourcesimagesicon_amazon.png

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chromecontentresourcesimagesicon_ebay.png

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chromecontentresourcesimagesicon_facebook.png

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chromecontentresourcesimagesicon_games.png

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chromecontentresourcesimagesicon_msn.png

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chromecontentresourcesimagesicon_shopping.png

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chromecontentresourcesimagesicon_travel.png

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chromecontentresourcesimagesicon_twitter.png

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chromecontentresourcesimagesstartnow_logo.png

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chromecontentresourcesinstaller.xml

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chromecontentresourcesprotectindex.html

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chromecontentresourcesprotectNotIE6.css

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chromecontentresourcesprotectOnlyIE6.css

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chromecontentresourcesprotectSearchProtectIcon.png

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chromecontentresourcesprotectWeb.config

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chromecontentresourcesprotectwindow.css

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chromecontentresourcesprotectwindow.js

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chromecontentresourcesreactivateindex.html

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chromecontentresourcesreactivateLeftImage.png

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chromecontentresourcesreactivateNotIE6.css

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chromecontentresourcesreactivateOnlyIE6.css

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chromecontentresourcesreactivatewindow.css

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chromecontentresourcesreactivatewindow.js

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chromecontentresourcesskinchevron_button.png

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chromecontentresourcesskinsearchbox_button_hover.png

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chromecontentresourcesskinsearchbox_button_normal.png

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chromecontentresourcesskinsearchbox_dropdown_button_normal.png

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chromecontentresourcesskinsearchbox_input_background.png

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chromecontentresourcesskinsearchbox_input_left.png

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chromecontentresourcesskinsearchbox_input_middle.png

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chromecontentresourcesskinseparator.png

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chromecontentresourcesskinsplitter.png

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chromecontentresourcesskintoolbarbutton_ff_hover_c.png

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chromecontentresourcesskintoolbarbutton_ie_hover_c.png

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chromecontentresourcesskintoolbarbutton_ie_hover_l.png

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chromecontentresourcesskintoolbarbutton_ie_hover_r.png

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chromecontentresourcesskintoolbarbutton_ie_normal_c.png

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chromecontentresourcesskintoolbarbutton_ie_normal_l.png

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chromecontentresourcesskintoolbarbutton_ie_normal_r.png

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chromecontentresourcestoolbar.xml

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chromelocaleen-US{5911488E-9D1E-40ec-8CBB-06B231CC153F}.dtd

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}chromeskinoverlay.css

c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.defaultextensions{5911488E-9D1E-40ec-8CBB-06B231CC153F}install.rdf

c:usersrhondaGoToAssistDownloadHelper.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------Service_Updater Service for StartNow Toolbar

.

.

((((((((((((((((((((((((( Files Created from 2012-09-28 to 2012-10-29 )))))))))))))))))))))))))))))))

.

.

2012-10-28 05:37 . 2012-10-28 05:37 -------- d-----w- c:usersrhondaAppDataRoamingMalwarebytes

2012-10-28 05:37 . 2012-10-28 05:37 -------- d-----w- c:programdataMalwarebytes

2012-10-28 05:37 . 2012-10-28 05:37 -------- d-----w- c:program files (x86)Malwarebytes' Anti-Malware

2012-10-28 05:37 . 2012-09-30 00:54 25928 ----a-w- c:windowssystem32driversmbam.sys

2012-10-28 04:53 . 2012-10-17 07:31 9291768 ----a-w- c:programdataMicrosoftWindows DefenderDefinition Updates{9854BBF5-A816-415A-91BB-7C26EE0C5004}mpengine.dll

2012-10-28 03:07 . 2012-09-14 19:19 2048 ----a-w- c:windowssystem32tzres.dll

2012-10-28 03:07 . 2012-09-14 18:28 2048 ----a-w- c:windowsSysWow64tzres.dll

2012-10-28 02:35 . 2012-08-21 21:01 245760 ----a-w- c:windowssystem32OxpsConverter.exe

2012-10-28 02:34 . 2012-06-02 05:41 1464320 ----a-w- c:windowssystem32crypt32.dll

2012-10-28 02:34 . 2012-06-02 04:36 1159680 ----a-w- c:windowsSysWow64crypt32.dll

2012-10-28 02:34 . 2012-06-02 05:41 184320 ----a-w- c:windowssystem32cryptsvc.dll

2012-10-28 02:34 . 2012-06-02 05:41 140288 ----a-w- c:windowssystem32cryptnet.dll

2012-10-28 02:34 . 2012-06-02 04:36 140288 ----a-w- c:windowsSysWow64cryptsvc.dll

2012-10-28 02:34 . 2012-06-02 04:36 103936 ----a-w- c:windowsSysWow64cryptnet.dll

2012-10-28 02:28 . 2012-08-30 18:03 5559664 ----a-w- c:windowssystem32ntoskrnl.exe

2012-10-28 02:28 . 2012-08-30 17:12 3968880 ----a-w- c:windowsSysWow64ntkrnlpa.exe

2012-10-28 02:28 . 2012-08-30 17:12 3914096 ----a-w- c:windowsSysWow64ntoskrnl.exe

2012-10-28 02:28 . 2012-08-24 18:05 220160 ----a-w- c:windowssystem32wintrust.dll

2012-10-28 02:28 . 2012-08-24 16:57 172544 ----a-w- c:windowsSysWow64wintrust.dll

2012-10-28 02:21 . 2012-08-11 00:56 715776 ----a-w- c:windowssystem32kerberos.dll

2012-10-28 02:21 . 2012-08-10 23:56 542208 ----a-w- c:windowsSysWow64kerberos.dll

2012-10-28 02:16 . 2012-08-31 18:19 1659760 ----a-w- c:windowssystem32driversntfs.sys

2012-10-28 02:15 . 2012-10-23 10:18 25232 ----a-w- c:windowssystem32driversaswFsBlk.sys

2012-10-28 02:15 . 2012-10-23 10:18 364096 ----a-w- c:windowssystem32driversaswSP.sys

2012-10-28 02:15 . 2012-10-15 16:59 54072 ----a-w- c:windowssystem32driversaswRdr2.sys

2012-10-28 02:15 . 2012-10-23 10:18 59728 ----a-w- c:windowssystem32driversaswTdi.sys

2012-10-28 02:15 . 2012-10-23 10:18 984144 ----a-w- c:windowssystem32driversaswSnx.sys

2012-10-28 02:15 . 2012-10-23 10:18 71600 ----a-w- c:windowssystem32driversaswMonFlt.sys

2012-10-28 02:15 . 2012-10-23 10:17 285328 ----a-w- c:windowssystem32aswBoot.exe

2012-10-28 02:15 . 2012-10-23 10:17 41224 ----a-w- c:windowsavastSS.scr

2012-10-28 02:15 . 2012-10-23 10:17 227648 ----a-w- c:windowsSysWow64aswBoot.exe

2012-10-28 02:14 . 2012-10-28 02:14 -------- d-----w- c:programdataAVAST Software

2012-10-28 02:14 . 2012-10-28 02:14 -------- d-----w- c:program filesAVAST Software

2012-10-28 00:03 . 2012-10-28 00:03 -------- d-----w- c:usersrhondaAppDataRoamingAVG2013

2012-10-28 00:02 . 2012-10-28 00:02 -------- d-----w- c:usersrhondaAppDataRoamingTuneUp Software

2012-10-28 00:02 . 2012-10-28 01:19 -------- d-----w- c:programdataAVG2013

2012-10-27 21:22 . 2012-10-28 01:37 -------- d-----w- c:programdataMFAData

2012-10-27 21:22 . 2012-10-28 00:21 -------- d-----w- c:usersrhondaAppDataLocalAvg2013

2012-10-27 21:22 . 2012-10-27 21:22 -------- d--h--w- c:programdataCommon Files

2012-10-27 21:22 . 2012-10-27 21:22 -------- d-----w- c:usersrhondaAppDataLocalMFAData

2012-10-22 18:53 . 2012-10-28 09:33 163056 ----a-w- c:programdataMicrosoftWindowsSqmManifestSqm10142.bin

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-29 02:02 . 2012-04-19 21:24 696760 ----a-w- c:windowsSysWow64FlashPlayerApp.exe

2012-10-29 02:02 . 2011-09-21 00:08 73656 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl

2012-10-28 04:55 . 2011-09-20 05:02 65309168 ----a-w- c:windowssystem32MRT.exe

2012-09-21 04:01 . 2012-08-11 23:20 2876528 ----a-w- c:programdataMicrosofteHomePackagesMCEClientUXUpdateableMarkupmarkup.dll

2012-09-21 04:01 . 2012-08-11 23:19 42776 ----a-w- c:programdataMicrosofteHomePackagesMCEClientUXdSMStartResources.dll

2012-09-03 13:47 . 2012-09-03 13:47 95208 ----a-w- c:windowsSysWow64WindowsAccessBridge-32.dll

2012-09-03 13:47 . 2012-07-10 02:21 821736 ----a-w- c:windowsSysWow64npDeployJava1.dll

2012-09-03 13:47 . 2011-09-21 00:24 746984 ----a-w- c:windowsSysWow64deployJava1.dll

2012-08-31 04:01 . 2012-08-31 04:01 4278384 ----a-w- c:programdataMicrosofteHomePackagesMCEClientUXUpdateableMarkup-2markup.dll

2012-08-31 04:01 . 2012-08-31 04:01 42776 ----a-w- c:programdataMicrosofteHomePackagesMCEClientUXdSM-2StartResources.dll

2012-08-24 11:15 . 2012-09-22 08:00 17810944 ----a-w- c:windowssystem32mshtml.dll

2012-08-24 10:39 . 2012-09-22 08:00 10925568 ----a-w- c:windowssystem32ieframe.dll

2012-08-24 10:31 . 2012-09-22 08:00 2312704 ----a-w- c:windowssystem32jscript9.dll

2012-08-24 10:22 . 2012-09-22 08:00 1346048 ----a-w- c:windowssystem32urlmon.dll

2012-08-24 10:21 . 2012-09-22 08:00 1392128 ----a-w- c:windowssystem32wininet.dll

2012-08-24 10:20 . 2012-09-22 08:00 1494528 ----a-w- c:windowssystem32inetcpl.cpl

2012-08-24 10:18 . 2012-09-22 08:00 237056 ----a-w- c:windowssystem32url.dll

2012-08-24 10:17 . 2012-09-22 08:00 85504 ----a-w- c:windowssystem32jsproxy.dll

2012-08-24 10:14 . 2012-09-22 08:00 173056 ----a-w- c:windowssystem32ieUnatt.exe

2012-08-24 10:14 . 2012-09-22 08:00 816640 ----a-w- c:windowssystem32jscript.dll

2012-08-24 10:13 . 2012-09-22 08:00 599040 ----a-w- c:windowssystem32vbscript.dll

2012-08-24 10:12 . 2012-09-22 08:00 2144768 ----a-w- c:windowssystem32iertutil.dll

2012-08-24 10:11 . 2012-09-22 08:00 729088 ----a-w- c:windowssystem32msfeeds.dll

2012-08-24 10:10 . 2012-09-22 08:00 96768 ----a-w- c:windowssystem32mshtmled.dll

2012-08-24 10:09 . 2012-09-22 08:00 2382848 ----a-w- c:windowssystem32mshtml.tlb

2012-08-24 10:04 . 2012-09-22 08:00 248320 ----a-w- c:windowssystem32ieui.dll

2012-08-24 06:59 . 2012-09-22 08:00 1800704 ----a-w- c:windowsSysWow64jscript9.dll

2012-08-24 06:51 . 2012-09-22 08:00 1129472 ----a-w- c:windowsSysWow64wininet.dll

2012-08-24 06:51 . 2012-09-22 08:00 1427968 ----a-w- c:windowsSysWow64inetcpl.cpl

2012-08-24 06:47 . 2012-09-22 08:00 142848 ----a-w- c:windowsSysWow64ieUnatt.exe

2012-08-24 06:47 . 2012-09-22 08:00 420864 ----a-w- c:windowsSysWow64vbscript.dll

2012-08-24 06:43 . 2012-09-22 08:00 2382848 ----a-w- c:windowsSysWow64mshtml.tlb

2012-08-22 18:12 . 2012-09-12 05:18 1913200 ----a-w- c:windowssystem32driverstcpip.sys

2012-08-22 18:12 . 2012-09-12 05:18 950128 ----a-w- c:windowssystem32driversndis.sys

2012-08-22 18:12 . 2012-09-12 05:18 376688 ----a-w- c:windowssystem32driversnetio.sys

2012-08-22 18:12 . 2012-09-12 05:18 288624 ----a-w- c:windowssystem32driversFWPKCLNT.SYS

2012-08-20 17:38 . 2012-10-28 02:50 44032 ----a-w- c:windowsapppatchacwow64.dll

2012-08-11 23:20 . 2012-08-11 23:20 737072 ----a-w- c:programdataMicrosofteHomePackagesSportsV2SportsTemplateCoreMicrosoft.MediaCenter.Sports.UI.dll

2012-08-11 23:19 . 2012-08-11 23:19 539984 ----a-w- c:programdataMicrosofteHomePackagesMCESpotlightMCESpotlightSpotlightResources.dll

2012-08-02 17:58 . 2012-09-12 05:18 574464 ----a-w- c:windowssystem32d3d10level9.dll

2012-08-02 16:57 . 2012-09-12 05:18 490496 ----a-w- c:windowsSysWow64d3d10level9.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks]

"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:program files (x86)Ask.comGenericAskToolbar.dll" [2012-01-04 1514152]

.

[HKEY_CLASSES_ROOTclsid{00000000-6e41-4fd3-8538-502f5495e5fc}]

.

[HKEY_LOCAL_MACHINEWow6432Node~Browser Helper Objects{D4027C7F-154A-4066-A1AD-4243D8127440}]

2012-01-04 00:31 1514152 ----a-w- c:program files (x86)Ask.comGenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftInternet ExplorerToolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:program files (x86)Ask.comGenericAskToolbar.dll" [2012-01-04 1514152]

.

[HKEY_CLASSES_ROOTclsid{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOTGenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOTTypeLib{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOTGenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"SUPERAntiSpyware"="c:program filesSUPERAntiSpywareSUPERAntiSpyware.exe" [2012-06-30 4786048]

.

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun]

"mcui_exe"="c:program filesMcAfee.comAgentmcagent.exe" [2012-03-22 1675160]

"IMSS"="c:program files (x86)IntelIntel® Management Engine ComponentsIMSSPIconstartup.exe" [2009-10-01 111640]

"Adobe ARM"="c:program files (x86)Common FilesAdobeARM1.0AdobeARM.exe" [2012-07-27 919008]

"RoxWatchTray"="c:program files (x86)Common FilesRoxio SharedOEM12.0SharedCOMRoxWatchTray12OEM.exe" [2010-11-25 240112]

"Desktop Disc Tool"="c:program files (x86)RoxioOEMRoxio BurnRoxioBurnLauncher.exe" [2010-11-17 514544]

"ApnUpdater"="c:program files (x86)Ask.comUpdaterUpdater.exe" [2012-01-04 1391272]

"CanonSolutionMenuEx"="c:program files (x86)CanonSolution Menu EXCNSEMAIN.EXE" [2010-09-15 1213848]

"SunJavaUpdateSched"="c:program files (x86)Common FilesJavaJava Updatejusched.exe" [2012-07-03 252848]

"avast"="c:program filesAVAST SoftwareAvastavastUI.exe" [2012-10-23 4297136]

.

c:usersrhondaAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup

OpenOffice.org 3.3.lnk - c:program files (x86)OpenOffice.org 3programquickstart.exe [2010-12-13 1198592]

.

c:programdataMicrosoftWindowsStart MenuProgramsStartup

McAfee Security Scan Plus.lnk - c:program files (x86)McAfee Security Scan2.1.121SSScheduler.exe [2010-9-3 255536]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversionwindows]

"LoadAppInit_DLLs"=0 (0x0)

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalmcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMCODS]

@=""

.

R2 0285601345917542mcinstcleanup;McAfee Application Installer Cleanup (0285601345917542);c:windowsTEMP028560~1.EXE [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-03-18 138576]

R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:program files (x86)Common FilesRoxio SharedOEM12.0SharedCOMRoxWatch12OEM.exe [2010-11-25 219632]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-10-29 250808]

R3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:windowssystem32driversmassfilter_hs.sys [2011-07-07 18456]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:program files (x86)McAfee Security Scan2.1.121McCHSvc.exe [2010-09-03 227232]

R3 mferkdet;McAfee Inc. mferkdet;c:windowssystem32driversmferkdet.sys [2012-02-22 100912]

R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:program files (x86)Common FilesRoxio SharedOEM12.0SharedCOMRoxMediaDB12OEM.exe [2010-11-25 1116656]

R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe [2011-09-20 1255736]

S0 mfewfpk;McAfee Inc. mfewfpk;c:windowssystem32driversmfewfpk.sys [2012-02-22 289664]

S0 PxHlpa64;PxHlpa64;c:windowsSystem32DriversPxHlpa64.sys [2010-03-19 55856]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 mfenlfk;McAfee NDIS Light Filter;c:windowssystem32DRIVERSmfenlfk.sys [2012-02-22 75936]

S1 SASDIFSV;SASDIFSV;c:program filesSUPERAntiSpywareSASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:program filesSUPERAntiSpywareSASKUTIL64.SYS [2011-07-12 12368]

S1 vwififlt;Virtual WiFi Filter Driver;c:windowssystem32DRIVERSvwififlt.sys [2009-07-14 59904]

S2 !SASCORE;SAS Core Service;c:program filesSUPERAntiSpywareSASCORE64.EXE [2011-09-20 140672]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:program files (x86)Common FilesAdobeARM1.0armsvc.exe [2012-07-27 63960]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:windowssystem32driversaswMonFlt.sys [2012-10-23 71600]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:program filesCommon FilesMcAfeeMcSvcHostMcSvHost.exe [2011-01-28 249936]

S2 McMPFSvc;McAfee Personal Firewall Service;c:program filesCommon FilesMcAfeeMcSvcHostMcSvHost.exe [2011-01-28 249936]

S2 McNaiAnn;McAfee VirusScan Announcer;c:program filesCommon FilesMcAfeeMcSvcHostMcSvHost.exe [2011-01-28 249936]

S2 mfefire;McAfee Firewall Core Service;c:program filesCommon FilesMcAfeeSystemCoremfefire.exe [2012-03-20 210584]

S2 mfevtp;McAfee Validation Trust Protection Service;c:windowssystem32mfevtps.exe [2012-03-20 162192]

S2 UNS;Intel® Management & Security Application User Notification Service;c:program files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe [2009-10-01 2320920]

S3 cfwids;McAfee Inc. cfwids;c:windowssystem32driverscfwids.sys [2012-02-22 65264]

S3 HECIx64;Intel® Management Engine Interface;c:windowssystem32DRIVERSHECIx64.sys [2009-09-17 56344]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:windowssystem32DRIVERSk57nd60a.sys [2009-10-16 321064]

S3 mfefirek;McAfee Inc. mfefirek;c:windowssystem32driversmfefirek.sys [2012-02-22 487296]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:windowssystem32DRIVERSvwifimp.sys [2009-07-14 17920]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2012-10-29 c:windowsTasksAdobe Flash Player Updater.job

- c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-04-19 02:02]

.

2012-10-28 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-1852485107-1149319046-1402754336-1000Core.job

- c:usersrhondaAppDataLocalGoogleUpdateGoogleUpdate.exe [2011-09-20 05:25]

.

2012-10-29 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-1852485107-1149319046-1402754336-1000UA.job

- c:usersrhondaAppDataLocalGoogleUpdateGoogleUpdate.exe [2011-09-20 05:25]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOTCLSID{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-23 10:17 133400 ----a-w- c:program filesAVAST SoftwareAvastashShA64.dll

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"IgfxTray"="c:windowssystem32igfxtray.exe" [2011-02-12 162328]

"HotKeysCmds"="c:windowssystem32hkcmd.exe" [2011-02-12 386584]

"Persistence"="c:windowssystem32igfxpers.exe" [2011-02-12 417304]

"CanonMyPrinter"="c:program filesCanonMyPrinterBJMyPrt.exe" [2010-07-26 2782096]

.

------- Supplementary Scan -------

.

uLocal Page = c:windowssystem32blank.htm

mLocal Page = c:windowsSysWOW64blank.htm

uInternet Settings,ProxyServer = 40439756946785358287000000:80

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.default

FF - prefs.js: browser.search.selectedEngine - Ask.com Search

FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z192&install_date=20110921

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

FF - ExtSQL: 2012-10-27 21:15; wrc@avast.com; c:program filesAVAST SoftwareAvastWebRepFF

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

Wow6432Node-HKLM-Run-StartNowToolbarHelper - c:program files (x86)StartNow ToolbarToolbarHelper.exe

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:Windowssystem32MacromedFlashFlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]

@="c:Windowssystem32MacromedFlashFlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]

@="c:WindowsSysWOW64MacromedFlashFlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREMcAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,

.

[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPCWSecurity]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:program filesAVAST SoftwareAvastAvastSvc.exe

c:program files (x86)CanonIJPLMIJPLMSVC.EXE

c:program files (x86)IntelIntel® Management Engine ComponentsLMSLMS.exe

c:windowsSysWOW64rundll32.exe

c:program files (x86)AVGAVG PC Tuneup 2011BoostSpeed.exe

c:program filesAVAST SoftwareAvastAvastEmUpdate.exe

.

**************************************************************************

.

Completion time: 2012-10-29 14:09:50 - machine was rebooted

ComboFix-quarantined-files.txt 2012-10-29 19:09

.

Pre-Run: 696,150,913,024 bytes free

Post-Run: 695,870,312,448 bytes free

.

- - End Of File - - 2D9D7328CEDB1D9AA0A3766D0EECD8DC

 

Results of screen317's Security Check version 0.99.54

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

avast! Antivirus

McAfee Anti-Virus and Anti-Spyware

Antivirus up to date! (On Access scanning disabled!)

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.65.1.1000

AVG PC Tuneup 2011

JavaFX 2.1.1

Java 6 Update 22

Java 7 Update 7

Java version out of Date!

Adobe Flash Player 11.4.402.287

Adobe Reader X (10.1.4)

Mozilla Firefox 10.0.2 Firefox out of Date!

Google Chrome 21.0.1180.83

Google Chrome 21.0.1180.89

Google Chrome 22.0.1229.94

Google Chrome Plugins...

````````Process Check: objlist.exe by Laurent````````

AVAST Software Avast AvastSvc.exe

AVAST Software Avast AvastUI.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 1%

````````````````````End of Log``````````````````````

Link to comment
Share on other sites

Hello gaboyde88

 

Thank you for the logs.

 

Before we continue, can you tell me if you recognise the following proxy:

 

uInternet Settings,ProxyServer = 40439756946785358287000000:80

Is this something that you set up yourself?
Link to comment
Share on other sites

Hello gaboyde88

 

I don't think so. I'm going to say no.

Thanks for letting me know.

 

Lets proceed as follows:

 

  • Reset your browser proxies

    • For Firefox:
    • Open Firefox, click on "Tools" then "Options" and then on "Advanced".
    • Click on the "Network" tab, and then on the "Settings" button.
    • Please make sure that the "No Proxy" option is selected.
    • For Internet Explorer:
    • Click on "Tools" and then select "Internet Options".
    • Click on the "Connections" tab and click the "Lan Settings" button at the bottom.
    • Uncheck "Use a Proxy server for your LAN".
    • Click Ok to close the Local Area Network (LAN) Settings window.
    • Click Ok to close the Internet Options window.
  • Please delete the following folders

    • You have some remnants of AVG 2013 oin your machine. Since you have already uninstalled it these can be safely removed.
    • Right-click your "Start" button and select "Explore".
    • Navigate to and delete the following folders in bold.

    c:\users\rhonda\AppData\Roaming\AVG2013 <==== Delete this folder.

     

    c:\programdata\AVG2013 <==== Delete this folder.

     

    c:\users\rhonda\AppData\Local\Avg2013 <==== Delete this folder.

    McAfee would no longer run correctly

    Since you are now using AVAST, please make sure that McAfee is uninstalled. This is important since running more than one real time antivirus will cause system slowness and can leave you more vulnerable to malware infection.

     

     

    Once you have uninstalled McAfee run the following removal tool to take care of any leftovers:

  • Download and run the McAfee Removal Tool

    • I can see that you have remnants of McAfee present on your system. To remove these, please do the following:
    • Download the McAfee Removal Tool by clicking here and save the file (called MCPR.exe) to your desktop.
    • Double click on MCPR.exe to run the removal tool.
    • Once you receive the "Cleanup Successful" message, restart your computer.
    Once you have completed the above steps, open MalwareBytes AntiMalware, update it and run a quick scan.

     

    Post the MBAM log and a new set of DDS logs in your next reply.

Link to comment
Share on other sites

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

 

Database version: v2012.10.28.01

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

rhonda :: RHONDA-PC [administrator]

 

10/30/2012 15:06:54

mbam-log-2012-10-30 (15-06-54).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 201253

Time elapsed: 2 minute(s), 27 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

 

DDS (Ver_2012-10-19.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.9.2

Run by rhonda at 15:10:47 on 2012-10-30

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5943.4306 [GMT -5:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:Windowssystem32wininit.exe

C:Windowssystem32lsm.exe

C:Windowssystem32svchost.exe -k DcomLaunch

C:Windowssystem32svchost.exe -k RPCSS

C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted

C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted

C:Windowssystem32svchost.exe -k netsvcs

C:Windowssystem32svchost.exe -k LocalService

C:Windowssystem32svchost.exe -k NetworkService

C:Program FilesAVAST SoftwareAvastAvastSvc.exe

C:WindowsSystem32spoolsv.exe

C:Windowssystem32svchost.exe -k LocalServiceNoNetwork

C:Program FilesSUPERAntiSpywareSASCORE64.EXE

C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe

C:Program Files (x86)CanonIJPLMIJPLMSVC.EXE

C:Program Files (x86)IntelIntel® Management Engine ComponentsLMSLMS.exe

C:Windowssystem32svchost.exe -k imgsvc

C:WindowsSystem32svchost.exe -k secsvcs

C:Windowssystem32Dwm.exe

C:Windowssystem32taskhost.exe

C:Windowssystem32taskeng.exe

C:Windowssystem32WUDFHost.exe

C:WindowsExplorer.EXE

C:Program Files (x86)AVGAVG PC Tuneup 2011BoostSpeed.exe

C:WindowsSystem32rundll32.exe

C:WindowsSystem32igfxtray.exe

C:WindowsSystem32hkcmd.exe

C:WindowsSystem32igfxpers.exe

C:Program FilesCanonMyPrinterBJMYPRT.EXE

C:Program Files (x86)OpenOffice.org 3programsoffice.exe

C:Program Files (x86)OpenOffice.org 3programsoffice.bin

C:Windowssystem32SearchIndexer.exe

C:Program Files (x86)RoxioOEMRoxio BurnRoxioBurnLauncher.exe

C:Program Files (x86)Ask.comUpdaterUpdater.exe

C:Program Files (x86)CanonSolution Menu EXCNSEMAIN.EXE

C:Program Files (x86)Common FilesJavaJava Updatejusched.exe

C:Program FilesAVAST SoftwareAvastAvastUI.exe

C:Program Files (x86)RoxioOEMRoxio BurnRoxio Burn.exe

C:Windowssplwow64.exe

C:Program Files (x86)Mozilla Firefoxfirefox.exe

C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation

C:Program Files (x86)IntelIntel® Management Engine ComponentsIMSSPrivacyIconClient.exe

C:Program Files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe

C:WindowsservicingTrustedInstaller.exe

C:Windowssystem32wbemwmiprvse.exe

C:Windowssystem32svchost.exe -k SDRSVC

C:Windowsnotepad.exe

C:Windowssystem32SearchProtocolHost.exe

C:Windowssystem32SearchFilterHost.exe

C:Windowssystem32taskhost.exe

C:Windowssystem32conhost.exe

C:Windowssystem32wbemwmiprvse.exe

C:WindowsSystem32cscript.exe

.

============== Pseudo HJT Report ===============

.

uProxyServer = 40439756946785358287000000:80

uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:Program Files (x86)Ask.comGenericAskToolbar.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll

BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:Program Files (x86)CanonEasy-WebPrint EXewpexbho.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)Javajre7binssv.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:Program FilesAVAST SoftwareAvastaswWebRepIE.dll

BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:Program Files (x86)Ask.comGenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre7binjp2ssv.dll

TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:Program Files (x86)Ask.comGenericAskToolbar.dll

TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:Program Files (x86)Ask.comGenericAskToolbar.dll

TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:Program Files (x86)CanonEasy-WebPrint EXewpexhlp.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:Program FilesAVAST SoftwareAvastaswWebRepIE.dll

EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:Program Files (x86)CanonEasy-WebPrint EXewpexhlp.dll

uRun: [sUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe

mRun: [iMSS] "C:Program Files (x86)IntelIntel® Management Engine ComponentsIMSSPIconstartup.exe"

mRun: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"

mRun: [RoxWatchTray] "C:Program Files (x86)Common FilesRoxio SharedOEM12.0SharedCOMRoxWatchTray12OEM.exe"

mRun: [Desktop Disc Tool] "C:Program Files (x86)RoxioOEMRoxio BurnRoxioBurnLauncher.exe"

mRun: [ApnUpdater] "C:Program Files (x86)Ask.comUpdaterUpdater.exe"

mRun: [CanonSolutionMenuEx] C:Program Files (x86)CanonSolution Menu EXCNSEMAIN.EXE /logon

mRun: [sunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe"

mRun: [avast] "C:Program FilesAVAST SoftwareAvastavastUI.exe" /nogui

StartupFolder: C:UsersrhondaAppDataRoamingMICROS~1WindowsSTARTM~1ProgramsStartupOPENOF~1.LNK - C:Program Files (x86)OpenOffice.org 3programquickstart.exe

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces{43144CFA-A79C-4D17-A07B-DF5CDC2E9069} : DHCPNameServer = 192.168.1.1

SSODL: WebCheck - <orphaned>

x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:Program FilesAVAST SoftwareAvastaswWebRepIE64.dll

x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:Program FilesAVAST SoftwareAvastaswWebRepIE64.dll

x64-Run: [igfxTray] C:WindowsSystem32igfxtray.exe

x64-Run: [HotKeysCmds] C:WindowsSystem32hkcmd.exe

x64-Run: [Persistence] C:WindowsSystem32igfxpers.exe

x64-Run: [CanonMyPrinter] C:Program FilesCanonMyPrinterBJMyPrt.exe /logon

x64-Notify: GoToAssist - C:Program Files (x86)CitrixGoToAssist615G2AWinLogon_x64.dll

x64-Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:UsersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.default

FF - prefs.js: browser.search.selectedEngine - Ask.com Search

FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z192&install_date=20110921

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:Program Files (x86)AdobeReader 10.0ReaderAIRnppdf32.dll

FF - plugin: C:Program Files (x86)CanonEasy-PhotoPrint EXNPEZFFPI.DLL

FF - plugin: C:Program Files (x86)Javajre7binplugin2npjp2.dll

FF - plugin: C:Program Files (x86)Mozilla FirefoxpluginsNPcol400.dll

FF - plugin: C:Program Files (x86)Mozilla FirefoxpluginsnpCouponPrinter.dll

FF - plugin: C:Program Files (x86)Mozilla FirefoxpluginsnpMozCouponPrinter.dll

FF - plugin: C:UsersrhondaAppDataLocalGoogleUpdate1.3.21.123npGoogleUpdate3.dll

FF - plugin: C:WindowsSysWOW64MacromedFlashNPSWF32_11_4_402_287.dll

FF - plugin: C:WindowsSysWOW64npDeployJava1.dll

FF - plugin: C:WindowsSysWOW64npmproxy.dll

FF - ExtSQL: 2012-10-27 21:15; wrc@avast.com; C:Program FilesAVAST SoftwareAvastWebRepFF

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:WindowsSystem32driversPxHlpa64.sys [2011-9-20 55856]

R1 aswSnx;aswSnx;C:WindowsSystem32driversaswSnx.sys [2012-10-27 984144]

R1 aswSP;aswSP;C:WindowsSystem32driversaswSP.sys [2012-10-27 364096]

R1 SASDIFSV;SASDIFSV;C:Program FilesSUPERAntiSpywaresasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:Program FilesSUPERAntiSpywaresaskutil64.sys [2011-7-12 12368]

R1 vwififlt;Virtual WiFi Filter Driver;C:WindowsSystem32driversvwififlt.sys [2009-7-13 59904]

R2 !SASCORE;SAS Core Service;C:Program FilesSUPERAntiSpywareSASCORE64.EXE [2011-7-18 140672]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [2012-7-27 63960]

R2 aswFsBlk;aswFsBlk;C:WindowsSystem32driversaswFsBlk.sys [2012-10-27 25232]

R2 aswMonFlt;aswMonFlt;C:WindowsSystem32driversaswMonFlt.sys [2012-10-27 71600]

R2 avast! Antivirus;avast! Antivirus;C:Program FilesAVAST SoftwareAvastAvastSvc.exe [2012-10-27 44808]

R2 UNS;Intel® Management & Security Application User Notification Service;C:Program Files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe [2011-9-20 2320920]

R3 HECIx64;Intel® Management Engine Interface;C:WindowsSystem32driversHECIx64.sys [2011-9-20 56344]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:WindowsSystem32driversk57nd60a.sys [2009-10-16 321064]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:WindowsSystem32driversvwifimp.sys [2009-7-13 17920]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-3-18 138576]

S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:Program Files (x86)Common FilesRoxio SharedOEM12.0SharedCOMRoxWatch12OEM.exe [2010-11-25 219632]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-4-19 250808]

S3 massfilter_hs;HS HandSet Mass Storage Filter Driver;C:WindowsSystem32driversmassfilter_hs.sys [2012-7-14 18456]

S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:Program Files (x86)Common FilesRoxio SharedOEM12.0SharedCOMRoxMediaDB12OEM.exe [2010-11-25 1116656]

S3 TsUsbFlt;TsUsbFlt;C:WindowsSystem32driversTsUsbFlt.sys [2011-9-20 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:WindowsSystem32WatWatAdminSvc.exe [2011-9-20 1255736]

.

=============== Created Last 30 ================

.

2012-10-30 17:04:40 95208 ----a-w- C:WindowsSysWow64WindowsAccessBridge-32.dll

2012-10-30 16:04:53 9291768 ----a-w- C:ProgramDataMicrosoftWindows DefenderDefinition Updates{EE7FF190-C8FD-4722-91A8-46C259356AE8}mpengine.dll

2012-10-29 19:06:53 -------- d-----w- C:$RECYCLE.BIN

2012-10-29 18:56:07 256000 ----a-w- C:WindowsPEV.exe

2012-10-29 18:56:07 208896 ----a-w- C:WindowsMBR.exe

2012-10-29 18:56:06 98816 ----a-w- C:Windowssed.exe

2012-10-28 05:37:13 -------- d-----w- C:UsersrhondaAppDataRoamingMalwarebytes

2012-10-28 05:37:02 -------- d-----w- C:ProgramDataMalwarebytes

2012-10-28 05:37:01 25928 ----a-w- C:WindowsSystem32driversmbam.sys

2012-10-28 05:37:01 -------- d-----w- C:Program Files (x86)Malwarebytes' Anti-Malware

2012-10-28 04:53:58 9291768 ----a-w- C:ProgramDataMicrosoftWindows DefenderDefinition UpdatesBackupmpengine.dll

2012-10-28 03:07:44 2048 ----a-w- C:WindowsSysWow64tzres.dll

2012-10-28 03:07:44 2048 ----a-w- C:WindowsSystem32tzres.dll

2012-10-28 02:35:11 245760 ----a-w- C:WindowsSystem32OxpsConverter.exe

2012-10-28 02:34:35 1464320 ----a-w- C:WindowsSystem32crypt32.dll

2012-10-28 02:34:34 1159680 ----a-w- C:WindowsSysWow64crypt32.dll

2012-10-28 02:34:33 184320 ----a-w- C:WindowsSystem32cryptsvc.dll

2012-10-28 02:34:33 140288 ----a-w- C:WindowsSystem32cryptnet.dll

2012-10-28 02:34:32 140288 ----a-w- C:WindowsSysWow64cryptsvc.dll

2012-10-28 02:34:32 103936 ----a-w- C:WindowsSysWow64cryptnet.dll

2012-10-28 02:28:30 5559664 ----a-w- C:WindowsSystem32ntoskrnl.exe

2012-10-28 02:28:28 3968880 ----a-w- C:WindowsSysWow64ntkrnlpa.exe

2012-10-28 02:28:28 3914096 ----a-w- C:WindowsSysWow64ntoskrnl.exe

2012-10-28 02:28:15 220160 ----a-w- C:WindowsSystem32wintrust.dll

2012-10-28 02:28:14 172544 ----a-w- C:WindowsSysWow64wintrust.dll

2012-10-28 02:21:52 715776 ----a-w- C:WindowsSystem32kerberos.dll

2012-10-28 02:21:52 542208 ----a-w- C:WindowsSysWow64kerberos.dll

2012-10-28 02:16:35 1659760 ----a-w- C:WindowsSystem32driversntfs.sys

2012-10-28 02:15:28 54072 ----a-w- C:WindowsSystem32driversaswRdr2.sys

2012-10-28 02:15:23 984144 ----a-w- C:WindowsSystem32driversaswSnx.sys

2012-10-28 02:15:22 71600 ----a-w- C:WindowsSystem32driversaswMonFlt.sys

2012-10-28 02:15:03 41224 ----a-w- C:WindowsavastSS.scr

2012-10-28 02:14:55 -------- d-----w- C:ProgramDataAVAST Software

2012-10-28 02:14:55 -------- d-----w- C:Program FilesAVAST Software

2012-10-28 00:03:28 -------- d-----w- C:UsersrhondaAppDataRoamingAVG2013

2012-10-28 00:02:57 -------- d-----w- C:UsersrhondaAppDataRoamingTuneUp Software

2012-10-27 21:22:42 -------- d--h--w- C:ProgramDataCommon Files

2012-10-27 21:22:42 -------- d-----w- C:UsersrhondaAppDataLocalMFAData

2012-10-27 21:22:42 -------- d-----w- C:ProgramDataMFAData

2012-10-22 18:53:11 163056 ----a-w- C:ProgramDataMicrosoftWindowsSqmManifestSqm10142.bin

.

==================== Find3M ====================

.

2012-10-29 02:02:45 73656 ----a-w- C:WindowsSysWow64FlashPlayerCPLApp.cpl

2012-10-29 02:02:45 696760 ----a-w- C:WindowsSysWow64FlashPlayerApp.exe

2012-09-03 13:47:47 821736 ----a-w- C:WindowsSysWow64npDeployJava1.dll

2012-09-03 13:47:47 746984 ----a-w- C:WindowsSysWow64deployJava1.dll

2012-08-24 10:31:32 2312704 ----a-w- C:WindowsSystem32jscript9.dll

2012-08-24 10:21:18 1392128 ----a-w- C:WindowsSystem32wininet.dll

2012-08-24 10:20:11 1494528 ----a-w- C:WindowsSystem32inetcpl.cpl

2012-08-24 10:14:45 173056 ----a-w- C:WindowsSystem32ieUnatt.exe

2012-08-24 10:13:29 599040 ----a-w- C:WindowsSystem32vbscript.dll

2012-08-24 10:09:42 2382848 ----a-w- C:WindowsSystem32mshtml.tlb

2012-08-24 06:59:17 1800704 ----a-w- C:WindowsSysWow64jscript9.dll

2012-08-24 06:51:27 1129472 ----a-w- C:WindowsSysWow64wininet.dll

2012-08-24 06:51:02 1427968 ----a-w- C:WindowsSysWow64inetcpl.cpl

2012-08-24 06:47:26 142848 ----a-w- C:WindowsSysWow64ieUnatt.exe

2012-08-24 06:47:12 420864 ----a-w- C:WindowsSysWow64vbscript.dll

2012-08-24 06:43:58 2382848 ----a-w- C:WindowsSysWow64mshtml.tlb

2012-08-22 18:12:50 1913200 ----a-w- C:WindowsSystem32driverstcpip.sys

2012-08-22 18:12:40 950128 ----a-w- C:WindowsSystem32driversndis.sys

2012-08-22 18:12:40 376688 ----a-w- C:WindowsSystem32driversnetio.sys

2012-08-22 18:12:33 288624 ----a-w- C:WindowsSystem32driversFWPKCLNT.SYS

2012-08-20 18:48:44 362496 ----a-w- C:WindowsSystem32wow64win.dll

2012-08-20 18:48:44 243200 ----a-w- C:WindowsSystem32wow64.dll

2012-08-20 18:48:44 13312 ----a-w- C:WindowsSystem32wow64cpu.dll

2012-08-20 18:48:43 215040 ----a-w- C:WindowsSystem32winsrv.dll

2012-08-20 18:48:37 16384 ----a-w- C:WindowsSystem32ntvdm64.dll

2012-08-20 18:48:35 424448 ----a-w- C:WindowsSystem32KernelBase.dll

2012-08-20 18:46:22 338432 ----a-w- C:WindowsSystem32conhost.exe

2012-08-20 17:40:21 14336 ----a-w- C:WindowsSysWow64ntvdm64.dll

2012-08-20 17:38:44 44032 ----a-w- C:Windowsapppatchacwow64.dll

2012-08-20 17:38:26 25600 ----a-w- C:WindowsSysWow64setup16.exe

2012-08-20 17:37:19 5120 ----a-w- C:WindowsSysWow64wow32.dll

2012-08-20 17:37:18 274944 ----a-w- C:WindowsSysWow64KernelBase.dll

2012-08-20 15:38:21 7680 ----a-w- C:WindowsSysWow64instnm.exe

2012-08-20 15:38:20 2048 ----a-w- C:WindowsSysWow64user.exe

2012-08-20 15:33:28 6144 ---ha-w- C:WindowsSysWow64api-ms-win-security-base-l1-1-0.dll

2012-08-20 15:33:28 4608 ---ha-w- C:WindowsSysWow64api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 15:33:28 3584 ---ha-w- C:WindowsSysWow64api-ms-win-core-xstate-l1-1-0.dll

 

2012-08-20 15:33:28 3072 ---ha-w- C:WindowsSysWow64api-ms-win-core-util-l1-1-0.dll

2012-08-02 17:58:52 574464 ----a-w- C:WindowsSystem32d3d10level9.dll

2012-08-02 16:57:20 490496 ----a-w- C:WindowsSysWow64d3d10level9.dll

.

============= FINISH: 15:11:06.59 ===============

 

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-10-19.01)

.

Microsoft Windows 7 Home Premium

Boot Device: DeviceHarddiskVolume1

Install Date: 9/19/2011 18:54:35

System Uptime: 10/30/2012 15:02:08 (0 hours ago)

.

Motherboard: Dell Inc. | | 0C2KJT

Processor: Intel® Core i3 CPU 550 @ 3.20GHz | CPU 1 | 2784/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 699 GiB total, 657.195 GiB free.

D: is CDROM (CDFS)

E: is Removable

F: is Removable

G: is Removable

H: is Removable

K: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP152: 10/30/2012 03:25:31 - Scheduled Checkpoint

RP153: 10/30/2012 12:03:54 - Installed Java 7 Update 9

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.4)

Ask Toolbar

Ask Toolbar Updater

avast! Free Antivirus

AVG PC Tuneup 2011

Broadcom NetXtreme-I Netlink Driver and Management Installer

Canon Easy-PhotoPrint EX

Canon Easy-WebPrint EX

Canon Inkjet Printer/Scanner/Fax Extended Survey Program

Canon MP Navigator EX 4.1

Canon MP560 series MP Drivers

Canon MX360 series MP Drivers

Canon MX360 series User Registration

Canon My Printer

Canon Solution Menu EX

Canon Speed Dial Utility

Coupon Printer for Windows

Dell Support Center

DirectX 9 Runtime

DW 1525 Driver Installation

Google Chrome

GoToAssist Corporate

Intel® Management Engine Components

Java 7 Update 9

Java Auto Updater

Java 6 Update 22

JavaFX 2.1.1

Malwarebytes Anti-Malware version 1.65.1.1000

Masque IGT Slots Texas Tea

Microsoft .NET Framework 4 Client Profile

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mozilla Firefox 10.0.2 (x86 en-US)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

OpenOffice.org 3.3

PhotoShowExpress

RBVirtualFolder64Inst

Roxio Activation Module

Roxio BackOnTrack

Roxio Burn

Roxio Creator Starter

Roxio Express Labeler 3

Roxio File Backup

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Sonic CinePlayer Decoder Pack

SUPERAntiSpyware

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Visual Studio 2010 x64 Redistributables

WinZip 15.5

ZTE Handset USB Driver

.

==== Event Viewer Messages From Past Week ========

.

10/29/2012 15:35:41, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

10/29/2012 14:01:51, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

10/29/2012 14:01:03, Error: Application Popup [1060] - ??C:ComboFixcatchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

10/28/2012 01:04:35, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.5 with the system having network hardware address 60-FB-42-6E-E0-AE. Network operations on this system may be disrupted as a result.

10/27/2012 19:22:42, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

10/27/2012 19:20:42, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

10/27/2012 19:20:41, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

10/27/2012 19:20:40, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

10/27/2012 19:20:40, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

10/27/2012 19:20:40, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

10/27/2012 19:20:39, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

10/27/2012 19:20:34, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

10/27/2012 19:20:24, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AVGIDSDriver Avgldx64 Avgtdia DfsC discache mfehidk mfenlfk NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx vwififlt Wanarpv6 WfpLwf

10/27/2012 19:20:24, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.

10/27/2012 19:20:23, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

10/27/2012 19:20:23, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

10/27/2012 19:20:23, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

10/27/2012 19:20:23, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

10/27/2012 19:20:23, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.

10/27/2012 19:20:23, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.

10/27/2012 19:20:23, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.

10/27/2012 19:20:23, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.

10/27/2012 19:20:23, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.

10/27/2012 19:20:23, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

10/27/2012 19:20:23, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.

10/27/2012 19:20:22, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

10/27/2012 19:20:22, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

10/27/2012 19:20:22, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

10/27/2012 19:20:22, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

10/27/2012 19:20:22, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

10/27/2012 15:47:46, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

10/27/2012 15:47:19, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache mfehidk mfenlfk NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx vwififlt Wanarpv6 WfpLwf

10/27/2012 15:37:00, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..

10/27/2012 15:26:00, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.

10/27/2012 12:31:45, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

10/27/2012 12:13:42, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}

10/27/2012 12:11:32, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06}

10/27/2012 12:04:42, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache SASDIFSV SASKUTIL spldr Wanarpv6

10/26/2012 21:27:12, Error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 2 time(s).

10/26/2012 21:25:30, Error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 1 time(s).

.

==== End Of File ===========================

Link to comment
Share on other sites

Hello gaboyde88

 

Thank you for the logs.

 

It looks like that proxy is still there. Lets tackle it another way:

 

  • Please un-install the following

    • Click on "Start" then on "Control Panel" and then on the "Programs and Features" tab.
    • Find the "Java™ 6 Update 22" program, click on it once and then click on the "uninstall" button.
    • If you are prompted to re-boot your computer to complete the uninstall please do so.
    • If you do not use Ask Toolbar and Ask Toolbar Updater these ought to be uninstalled also.
  • Please work through the following steps

    • Hold down the Windows key (has the Windows symbol on it) and press the "R" key. A Run box will open. Type in Notepad and press Enter then click on "OK").
    • NOTE: Do not Use Wordpad or any other text editor except Notepad or the script will fail.
    • Copy and Paste the text in the quotebox below into the open Notepad window:

       

      DDS::

      uInternet Settings,ProxyServer = 40439756946785358287000000:80

       

       

    • Save this as "CFScript.txt" (including the quotation marks), change the "Save as type" to "All Files" and save it to your desktop.
    • Close any open browsers.
    • Disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Refering to the picture below, drag CFScript.txt into ComboFix.exe

       

      Posted Image

    • When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
    • Once the log is produced, re-engage your resident anti virus.
  • Please run the following scan

    • Note: You will need to use Internet Explorer for this scan.
    • Note for Vista/Windows 7 Users: ESET is compatible but Internet Explorer must be run as Administrator. To do this, right-click on your Internet Explorer icon and select "Run as Administrator".
    • Please disable your real time security programs before performing the scan.
    • Scan your system with Eset Online Scanner
    • Place a check mark in the box YES, I accept the Terms Of Use.
    • Click the Posted Image button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps).
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
    • Check Posted Image
    • Click the Posted Image button.
    • Accept any security warnings from your browser.
    • Check Posted Image
    • Make sure that the option to "Remove Found Threats" is UN checked.
    • Push the "Start" button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push Posted Image
    • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Push the Posted Image button.
    • Push Posted Image
    Please post the Combofix log, the ESET log and a new DDS log in your next reply.

     

    I only need to see the DDS.txt log, there is no need to post the attach.txt log.

     

    Please not that you may have to make more than one post to fit all of the information in.

Link to comment
Share on other sites

Well, I hooked up my hard drive straight up comcast internet provider instead of using wireless and the computer runs faster through direction connection. Perhaps something is wrong with my netgear wireless router?

 

I was able to run this scan, but I was boneheaded and I didn't click in the on the box to NOT remove threats and so the scanner delated what appeared to be a trojan. So I don't have a log to post for that. But it did remove one threat. So that is a mistake on my part. But the computer seems to be running a tad more smooth since that threat was removed. It was a win32 trojan.

 

Should I still do another combofix run anyway?

Edited by gaboyde88
Link to comment
Share on other sites

Hello gaboyde88

 

I was boneheaded and I didn't click in the on the box to NOT remove threats and so the scanner delated what appeared to be a trojan

Thanks for letting me know.

 

Should I still do another combofix run anyway?

Yes, please run Combofix with the script provided in my previous post.

 

Once the scan has completed post the Combofix log along with a new DDS.txt log :)

Link to comment
Share on other sites

DDS (Ver_2012-10-19.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.9.2

Run by rhonda at 14:19:24 on 2012-11-01

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5943.4839 [GMT -5:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:Windowssystem32wininit.exe

C:Windowssystem32lsm.exe

C:Windowssystem32svchost.exe -k DcomLaunch

C:Windowssystem32svchost.exe -k RPCSS

C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted

C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted

C:Windowssystem32svchost.exe -k netsvcs

C:Windowssystem32svchost.exe -k LocalService

C:Windowssystem32svchost.exe -k NetworkService

C:Program FilesAVAST SoftwareAvastAvastSvc.exe

C:WindowsSystem32spoolsv.exe

C:Windowssystem32svchost.exe -k LocalServiceNoNetwork

C:Program FilesSUPERAntiSpywareSASCORE64.EXE

C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe

C:Program Files (x86)CanonIJPLMIJPLMSVC.EXE

C:Program Files (x86)IntelIntel® Management Engine ComponentsLMSLMS.exe

C:Windowssystem32svchost.exe -k imgsvc

C:WindowsSystem32svchost.exe -k secsvcs

C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted

C:Windowssystem32WUDFHost.exe

C:Windowssystem32Dwm.exe

C:Windowssystem32taskhost.exe

C:Windowssystem32taskeng.exe

C:WindowsExplorer.EXE

C:WindowsSystem32igfxtray.exe

C:WindowsSystem32hkcmd.exe

C:WindowsSystem32igfxpers.exe

C:Program Files (x86)AVGAVG PC Tuneup 2011BoostSpeed.exe

C:Program FilesCanonMyPrinterBJMYPRT.EXE

C:Program FilesSUPERAntiSpywareSUPERANTISPYWARE.EXE

C:Program Files (x86)CanonSolution Menu EXCNSEMAIN.EXE

C:Program FilesAVAST SoftwareAvastAvastUI.exe

C:Windowssplwow64.exe

C:Program Files (x86)OpenOffice.org 3programsoffice.exe

C:Program Files (x86)OpenOffice.org 3programsoffice.bin

C:Windowssystem32SearchIndexer.exe

C:Program Files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe

C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation

C:Windowssystem32svchost.exe -k SDRSVC

C:Windowssystem32notepad.exe

C:Windowssystem32WUDFHost.exe

C:Windowssystem32vssvc.exe

C:WindowsSystem32svchost.exe -k swprv

C:UsersrhondaAppDataLocalGoogleChromeApplicationchrome.exe

C:UsersrhondaAppDataLocalGoogleChromeApplicationchrome.exe

C:UsersrhondaAppDataLocalGoogleChromeApplicationchrome.exe

C:UsersrhondaAppDataLocalGoogleChromeApplicationchrome.exe

C:Windowssystem32conhost.exe

C:Windowssystem32wbemwmiprvse.exe

C:WindowsSystem32cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://forums.pcpitstop.com/index.php?/topic/200203-it-appears-i-have-a-trojan-or-virus/

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll

BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:Program Files (x86)CanonEasy-WebPrint EXewpexbho.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:Program FilesAVAST SoftwareAvastaswWebRepIE.dll

TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:Program Files (x86)CanonEasy-WebPrint EXewpexhlp.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:Program FilesAVAST SoftwareAvastaswWebRepIE.dll

EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:Program Files (x86)CanonEasy-WebPrint EXewpexhlp.dll

uRun: [sUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe

mRun: [iMSS] "C:Program Files (x86)IntelIntel® Management Engine ComponentsIMSSPIconstartup.exe"

mRun: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"

mRun: [RoxWatchTray] "C:Program Files (x86)Common FilesRoxio SharedOEM12.0SharedCOMRoxWatchTray12OEM.exe"

mRun: [Desktop Disc Tool] "C:Program Files (x86)RoxioOEMRoxio BurnRoxioBurnLauncher.exe"

mRun: [CanonSolutionMenuEx] C:Program Files (x86)CanonSolution Menu EXCNSEMAIN.EXE /logon

mRun: [avast] "C:Program FilesAVAST SoftwareAvastavastUI.exe" /nogui

StartupFolder: C:UsersrhondaAppDataRoamingMICROS~1WindowsSTARTM~1ProgramsStartupOPENOF~1.LNK - C:Program Files (x86)OpenOffice.org 3programquickstart.exe

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces{43144CFA-A79C-4D17-A07B-DF5CDC2E9069} : DHCPNameServer = 192.168.1.1

TCP: Interfaces{8CB55828-C91A-4568-9FC6-5ABC1A36371E} : DHCPNameServer = 192.168.1.1

SSODL: WebCheck - <orphaned>

x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:Program FilesAVAST SoftwareAvastaswWebRepIE64.dll

x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:Program FilesAVAST SoftwareAvastaswWebRepIE64.dll

x64-Run: [igfxTray] C:WindowsSystem32igfxtray.exe

x64-Run: [HotKeysCmds] C:WindowsSystem32hkcmd.exe

x64-Run: [Persistence] C:WindowsSystem32igfxpers.exe

x64-Run: [CanonMyPrinter] C:Program FilesCanonMyPrinterBJMyPrt.exe /logon

x64-Notify: GoToAssist - C:Program Files (x86)CitrixGoToAssist615G2AWinLogon_x64.dll

x64-Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:UsersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.default

FF - prefs.js: browser.search.selectedEngine - Ask.com Search

FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z192&install_date=20110921

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:Program Files (x86)AdobeReader 10.0ReaderAIRnppdf32.dll

FF - plugin: C:Program Files (x86)CanonEasy-PhotoPrint EXNPEZFFPI.DLL

FF - plugin: C:Program Files (x86)Javajre7binplugin2npjp2.dll

FF - plugin: C:Program Files (x86)Mozilla FirefoxpluginsNPcol400.dll

FF - plugin: C:Program Files (x86)Mozilla FirefoxpluginsnpCouponPrinter.dll

FF - plugin: C:Program Files (x86)Mozilla FirefoxpluginsnpMozCouponPrinter.dll

FF - plugin: C:UsersrhondaAppDataLocalGoogleUpdate1.3.21.123npGoogleUpdate3.dll

FF - plugin: C:WindowsSysWOW64MacromedFlashNPSWF32_11_4_402_287.dll

FF - plugin: C:WindowsSysWOW64npDeployJava1.dll

FF - plugin: C:WindowsSysWOW64npmproxy.dll

FF - ExtSQL: 2012-10-27 21:15; wrc@avast.com; C:Program FilesAVAST SoftwareAvastWebRepFF

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:WindowsSystem32driversPxHlpa64.sys [2011-9-20 55856]

R1 aswSnx;aswSnx;C:WindowsSystem32driversaswSnx.sys [2012-10-27 984144]

R1 aswSP;aswSP;C:WindowsSystem32driversaswSP.sys [2012-10-27 364096]

R1 SASDIFSV;SASDIFSV;C:Program FilesSUPERAntiSpywaresasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:Program FilesSUPERAntiSpywaresaskutil64.sys [2011-7-12 12368]

R1 vwififlt;Virtual WiFi Filter Driver;C:WindowsSystem32driversvwififlt.sys [2009-7-13 59904]

R2 !SASCORE;SAS Core Service;C:Program FilesSUPERAntiSpywareSASCORE64.EXE [2011-7-18 140672]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [2012-7-27 63960]

R2 aswFsBlk;aswFsBlk;C:WindowsSystem32driversaswFsBlk.sys [2012-10-27 25232]

R2 aswMonFlt;aswMonFlt;C:WindowsSystem32driversaswMonFlt.sys [2012-10-27 71600]

R2 avast! Antivirus;avast! Antivirus;C:Program FilesAVAST SoftwareAvastAvastSvc.exe [2012-10-27 44808]

R2 UNS;Intel® Management & Security Application User Notification Service;C:Program Files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe [2011-9-20 2320920]

R3 HECIx64;Intel® Management Engine Interface;C:WindowsSystem32driversHECIx64.sys [2011-9-20 56344]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:WindowsSystem32driversk57nd60a.sys [2009-10-16 321064]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:WindowsSystem32driversvwifimp.sys [2009-7-13 17920]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-3-18 138576]

S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:Program Files (x86)Common FilesRoxio SharedOEM12.0SharedCOMRoxWatch12OEM.exe [2010-11-25 219632]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-4-19 250808]

S3 massfilter_hs;HS HandSet Mass Storage Filter Driver;C:WindowsSystem32driversmassfilter_hs.sys [2012-7-14 18456]

S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:Program Files (x86)Common FilesRoxio SharedOEM12.0SharedCOMRoxMediaDB12OEM.exe [2010-11-25 1116656]

S3 TsUsbFlt;TsUsbFlt;C:WindowsSystem32driversTsUsbFlt.sys [2011-9-20 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:WindowsSystem32WatWatAdminSvc.exe [2011-9-20 1255736]

.

=============== Created Last 30 ================

.

2012-10-31 23:12:10 -------- d-----w- C:Program Files (x86)ESET

2012-10-30 17:04:40 95208 ----a-w- C:WindowsSysWow64WindowsAccessBridge-32.dll

2012-10-30 16:04:53 9291768 ----a-w- C:ProgramDataMicrosoftWindows DefenderDefinition Updates{EE7FF190-C8FD-4722-91A8-46C259356AE8}mpengine.dll

2012-10-29 18:56:07 256000 ----a-w- C:WindowsPEV.exe

2012-10-29 18:56:07 208896 ----a-w- C:WindowsMBR.exe

2012-10-29 18:56:06 98816 ----a-w- C:Windowssed.exe

2012-10-28 05:37:13 -------- d-----w- C:UsersrhondaAppDataRoamingMalwarebytes

2012-10-28 05:37:02 -------- d-----w- C:ProgramDataMalwarebytes

2012-10-28 05:37:01 25928 ----a-w- C:WindowsSystem32driversmbam.sys

2012-10-28 05:37:01 -------- d-----w- C:Program Files (x86)Malwarebytes' Anti-Malware

2012-10-28 04:53:58 9291768 ----a-w- C:ProgramDataMicrosoftWindows DefenderDefinition UpdatesBackupmpengine.dll

2012-10-28 03:07:44 2048 ----a-w- C:WindowsSysWow64tzres.dll

2012-10-28 03:07:44 2048 ----a-w- C:WindowsSystem32tzres.dll

2012-10-28 02:35:11 245760 ----a-w- C:WindowsSystem32OxpsConverter.exe

2012-10-28 02:34:35 1464320 ----a-w- C:WindowsSystem32crypt32.dll

2012-10-28 02:34:34 1159680 ----a-w- C:WindowsSysWow64crypt32.dll

2012-10-28 02:34:33 184320 ----a-w- C:WindowsSystem32cryptsvc.dll

2012-10-28 02:34:33 140288 ----a-w- C:WindowsSystem32cryptnet.dll

2012-10-28 02:34:32 140288 ----a-w- C:WindowsSysWow64cryptsvc.dll

2012-10-28 02:34:32 103936 ----a-w- C:WindowsSysWow64cryptnet.dll

2012-10-28 02:28:30 5559664 ----a-w- C:WindowsSystem32ntoskrnl.exe

2012-10-28 02:28:28 3968880 ----a-w- C:WindowsSysWow64ntkrnlpa.exe

2012-10-28 02:28:28 3914096 ----a-w- C:WindowsSysWow64ntoskrnl.exe

2012-10-28 02:28:15 220160 ----a-w- C:WindowsSystem32wintrust.dll

2012-10-28 02:28:14 172544 ----a-w- C:WindowsSysWow64wintrust.dll

2012-10-28 02:21:52 715776 ----a-w- C:WindowsSystem32kerberos.dll

2012-10-28 02:21:52 542208 ----a-w- C:WindowsSysWow64kerberos.dll

2012-10-28 02:16:35 1659760 ----a-w- C:WindowsSystem32driversntfs.sys

2012-10-28 02:15:28 54072 ----a-w- C:WindowsSystem32driversaswRdr2.sys

2012-10-28 02:15:23 984144 ----a-w- C:WindowsSystem32driversaswSnx.sys

2012-10-28 02:15:22 71600 ----a-w- C:WindowsSystem32driversaswMonFlt.sys

2012-10-28 02:15:03 41224 ----a-w- C:WindowsavastSS.scr

2012-10-28 02:14:55 -------- d-----w- C:ProgramDataAVAST Software

2012-10-28 02:14:55 -------- d-----w- C:Program FilesAVAST Software

2012-10-28 00:03:28 -------- d-----w- C:UsersrhondaAppDataRoamingAVG2013

2012-10-28 00:02:57 -------- d-----w- C:UsersrhondaAppDataRoamingTuneUp Software

2012-10-27 21:22:42 -------- d--h--w- C:ProgramDataCommon Files

2012-10-27 21:22:42 -------- d-----w- C:UsersrhondaAppDataLocalMFAData

2012-10-27 21:22:42 -------- d-----w- C:ProgramDataMFAData

2012-10-22 18:53:11 163056 ----a-w- C:ProgramDataMicrosoftWindowsSqmManifestSqm10142.bin

.

==================== Find3M ====================

.

2012-10-29 02:02:45 73656 ----a-w- C:WindowsSysWow64FlashPlayerCPLApp.cpl

2012-10-29 02:02:45 696760 ----a-w- C:WindowsSysWow64FlashPlayerApp.exe

2012-09-03 13:47:47 821736 ----a-w- C:WindowsSysWow64npDeployJava1.dll

2012-09-03 13:47:47 746984 ----a-w- C:WindowsSysWow64deployJava1.dll

2012-08-24 10:31:32 2312704 ----a-w- C:WindowsSystem32jscript9.dll

2012-08-24 10:21:18 1392128 ----a-w- C:WindowsSystem32wininet.dll

2012-08-24 10:20:11 1494528 ----a-w- C:WindowsSystem32inetcpl.cpl

2012-08-24 10:14:45 173056 ----a-w- C:WindowsSystem32ieUnatt.exe

2012-08-24 10:13:29 599040 ----a-w- C:WindowsSystem32vbscript.dll

2012-08-24 10:09:42 2382848 ----a-w- C:WindowsSystem32mshtml.tlb

2012-08-24 06:59:17 1800704 ----a-w- C:WindowsSysWow64jscript9.dll

2012-08-24 06:51:27 1129472 ----a-w- C:WindowsSysWow64wininet.dll

2012-08-24 06:51:02 1427968 ----a-w- C:WindowsSysWow64inetcpl.cpl

2012-08-24 06:47:26 142848 ----a-w- C:WindowsSysWow64ieUnatt.exe

2012-08-24 06:47:12 420864 ----a-w- C:WindowsSysWow64vbscript.dll

2012-08-24 06:43:58 2382848 ----a-w- C:WindowsSysWow64mshtml.tlb

2012-08-22 18:12:50 1913200 ----a-w- C:WindowsSystem32driverstcpip.sys

2012-08-22 18:12:40 950128 ----a-w- C:WindowsSystem32driversndis.sys

2012-08-22 18:12:40 376688 ----a-w- C:WindowsSystem32driversnetio.sys

2012-08-22 18:12:33 288624 ----a-w- C:WindowsSystem32driversFWPKCLNT.SYS

2012-08-20 18:48:44 362496 ----a-w- C:WindowsSystem32wow64win.dll

2012-08-20 18:48:44 243200 ----a-w- C:WindowsSystem32wow64.dll

2012-08-20 18:48:44 13312 ----a-w- C:WindowsSystem32wow64cpu.dll

2012-08-20 18:48:43 215040 ----a-w- C:WindowsSystem32winsrv.dll

2012-08-20 18:48:37 16384 ----a-w- C:WindowsSystem32ntvdm64.dll

2012-08-20 18:48:35 424448 ----a-w- C:WindowsSystem32KernelBase.dll

2012-08-20 18:46:22 338432 ----a-w- C:WindowsSystem32conhost.exe

2012-08-20 17:40:21 14336 ----a-w- C:WindowsSysWow64ntvdm64.dll

2012-08-20 17:38:44 44032 ----a-w- C:Windowsapppatchacwow64.dll

2012-08-20 17:38:26 25600 ----a-w- C:WindowsSysWow64setup16.exe

2012-08-20 17:37:19 5120 ----a-w- C:WindowsSysWow64wow32.dll

2012-08-20 17:37:18 274944 ----a-w- C:WindowsSysWow64KernelBase.dll

2012-08-20 15:38:21 7680 ----a-w- C:WindowsSysWow64instnm.exe

2012-08-20 15:38:20 2048 ----a-w- C:WindowsSysWow64user.exe

2012-08-20 15:33:28 6144 ---ha-w- C:WindowsSysWow64api-ms-win-security-base-l1-1-0.dll

2012-08-20 15:33:28 4608 ---ha-w- C:WindowsSysWow64api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 15:33:28 3584 ---ha-w- C:WindowsSysWow64api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 15:33:28 3072 ---ha-w- C:WindowsSysWow64api-ms-win-core-util-l1-1-0.dll

.

============= FINISH: 14:19:32.78 ===============

 

 

 

ComboFix 12-10-29.05 - rhonda 11/01/2012 13:01:14.3.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5943.4540 [GMT -5:00]

Running from: c:usersrhondaDesktopComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:programdataPCDr6032AddOnDownloaded087abda5-3ca9-433a-8a4e-6b9fc9285607.dll

c:programdataPCDr6032AddOnDownloaded305a1406-381f-449d-9486-32504a38e5b0.dll

c:programdataPCDr6032AddOnDownloaded3b429c4f-8ba9-4a7d-bbb4-4548bb6d2539.dll

c:programdataPCDr6032AddOnDownloaded3c49c05a-0eb3-4044-a0f8-d4ea2a439295.dll

c:programdataPCDr6032AddOnDownloaded4704833a-6508-40cc-b98b-5ebd235e52ca.dll

c:programdataPCDr6032AddOnDownloaded5cd81d7c-326c-42d2-8929-1ee85c69dc1d.dll

c:programdataPCDr6032AddOnDownloaded5f169f6e-cfce-411e-b266-aa53ac35ce83.dll

c:programdataPCDr6032AddOnDownloaded8c199aef-9eca-4ab6-863d-c9136ebec654.dll

c:programdataPCDr6032AddOnDownloadeda7201707-7895-43cf-9119-8a0279b75d4c.dll

c:programdataPCDr6032AddOnDownloadedaf728edb-0984-4c06-9a4b-0878bcfa9a26.dll

c:programdataPCDr6032AddOnDownloadedb510dd11-341c-4dfa-9f1e-dd5ddcc444f4.dll

c:programdataPCDr6032AddOnDownloadedcf9bce06-e765-4c6f-afa9-0d82a3adc417.dll

c:programdataPCDr6032AddOnDownloadede1ce76af-328a-41dc-b2c4-0dd9771f6aa1.dll

c:programdataPCDr6032AddOnDownloadede3e252fe-80ab-4f89-82a9-b607007220bd.dll

c:programdataPCDr6032AddOnDownloadedeb115e4d-8592-4082-bffa-e65ae6b21e95.dll

c:programdataPCDr6032AddOnDownloadedf28ef68b-8cc4-4c00-891d-473fb67bd0b0.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-10-01 to 2012-11-01 )))))))))))))))))))))))))))))))

.

.

2012-11-01 18:05 . 2012-11-01 18:05 -------- d-----w- c:usersDefaultAppDataLocaltemp

2012-10-31 23:12 . 2012-10-31 23:12 -------- d-----w- c:program files (x86)ESET

2012-10-30 17:04 . 2012-09-25 04:16 95208 ----a-w- c:windowsSysWow64WindowsAccessBridge-32.dll

2012-10-30 16:04 . 2012-10-17 07:31 9291768 ----a-w- c:programdataMicrosoftWindows DefenderDefinition Updates{EE7FF190-C8FD-4722-91A8-46C259356AE8}mpengine.dll

2012-10-28 05:37 . 2012-10-28 05:37 -------- d-----w- c:usersrhondaAppDataRoamingMalwarebytes

2012-10-28 05:37 . 2012-10-28 05:37 -------- d-----w- c:programdataMalwarebytes

2012-10-28 05:37 . 2012-10-28 05:37 -------- d-----w- c:program files (x86)Malwarebytes' Anti-Malware

2012-10-28 05:37 . 2012-09-30 00:54 25928 ----a-w- c:windowssystem32driversmbam.sys

2012-10-28 03:07 . 2012-09-14 19:19 2048 ----a-w- c:windowssystem32tzres.dll

2012-10-28 03:07 . 2012-09-14 18:28 2048 ----a-w- c:windowsSysWow64tzres.dll

2012-10-28 02:35 . 2012-08-21 21:01 245760 ----a-w- c:windowssystem32OxpsConverter.exe

2012-10-28 02:34 . 2012-06-02 05:41 1464320 ----a-w- c:windowssystem32crypt32.dll

2012-10-28 02:34 . 2012-06-02 04:36 1159680 ----a-w- c:windowsSysWow64crypt32.dll

2012-10-28 02:34 . 2012-06-02 05:41 184320 ----a-w- c:windowssystem32cryptsvc.dll

2012-10-28 02:34 . 2012-06-02 05:41 140288 ----a-w- c:windowssystem32cryptnet.dll

2012-10-28 02:34 . 2012-06-02 04:36 140288 ----a-w- c:windowsSysWow64cryptsvc.dll

2012-10-28 02:34 . 2012-06-02 04:36 103936 ----a-w- c:windowsSysWow64cryptnet.dll

2012-10-28 02:28 . 2012-08-30 18:03 5559664 ----a-w- c:windowssystem32ntoskrnl.exe

2012-10-28 02:28 . 2012-08-30 17:12 3968880 ----a-w- c:windowsSysWow64ntkrnlpa.exe

2012-10-28 02:28 . 2012-08-30 17:12 3914096 ----a-w- c:windowsSysWow64ntoskrnl.exe

2012-10-28 02:28 . 2012-08-24 18:05 220160 ----a-w- c:windowssystem32wintrust.dll

2012-10-28 02:28 . 2012-08-24 16:57 172544 ----a-w- c:windowsSysWow64wintrust.dll

2012-10-28 02:21 . 2012-08-11 00:56 715776 ----a-w- c:windowssystem32kerberos.dll

2012-10-28 02:21 . 2012-08-10 23:56 542208 ----a-w- c:windowsSysWow64kerberos.dll

2012-10-28 02:16 . 2012-08-31 18:19 1659760 ----a-w- c:windowssystem32driversntfs.sys

2012-10-28 02:15 . 2012-10-23 10:18 25232 ----a-w- c:windowssystem32driversaswFsBlk.sys

2012-10-28 02:15 . 2012-10-23 10:18 364096 ----a-w- c:windowssystem32driversaswSP.sys

2012-10-28 02:15 . 2012-10-15 16:59 54072 ----a-w- c:windowssystem32driversaswRdr2.sys

2012-10-28 02:15 . 2012-10-23 10:18 59728 ----a-w- c:windowssystem32driversaswTdi.sys

2012-10-28 02:15 . 2012-10-23 10:18 984144 ----a-w- c:windowssystem32driversaswSnx.sys

2012-10-28 02:15 . 2012-10-23 10:18 71600 ----a-w- c:windowssystem32driversaswMonFlt.sys

2012-10-28 02:15 . 2012-10-23 10:17 285328 ----a-w- c:windowssystem32aswBoot.exe

2012-10-28 02:15 . 2012-10-23 10:17 41224 ----a-w- c:windowsavastSS.scr

2012-10-28 02:15 . 2012-10-23 10:17 227648 ----a-w- c:windowsSysWow64aswBoot.exe

2012-10-28 02:14 . 2012-10-28 02:14 -------- d-----w- c:programdataAVAST Software

2012-10-28 02:14 . 2012-10-28 02:14 -------- d-----w- c:program filesAVAST Software

2012-10-28 00:03 . 2012-10-30 19:13 -------- d-----w- c:usersrhondaAppDataRoamingAVG2013

2012-10-28 00:02 . 2012-10-28 00:02 -------- d-----w- c:usersrhondaAppDataRoamingTuneUp Software

2012-10-27 21:22 . 2012-10-28 01:37 -------- d-----w- c:programdataMFAData

2012-10-27 21:22 . 2012-10-27 21:22 -------- d--h--w- c:programdataCommon Files

2012-10-27 21:22 . 2012-10-27 21:22 -------- d-----w- c:usersrhondaAppDataLocalMFAData

2012-10-22 18:53 . 2012-10-28 09:33 163056 ----a-w- c:programdataMicrosoftWindowsSqmManifestSqm10142.bin

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-31 10:44 . 2012-08-31 04:01 42776 ----a-w- c:programdataMicrosofteHomePackagesMCEClientUXdSM-2StartResources.dll

2012-10-29 02:02 . 2012-04-19 21:24 696760 ----a-w- c:windowsSysWow64FlashPlayerApp.exe

2012-10-29 02:02 . 2011-09-21 00:08 73656 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl

2012-10-28 04:55 . 2011-09-20 05:02 65309168 ----a-w- c:windowssystem32MRT.exe

2012-09-21 04:01 . 2012-08-11 23:20 2876528 ----a-w- c:programdataMicrosofteHomePackagesMCEClientUXUpdateableMarkupmarkup.dll

2012-09-21 04:01 . 2012-08-11 23:19 42776 ----a-w- c:programdataMicrosofteHomePackagesMCEClientUXdSMStartResources.dll

2012-09-03 13:47 . 2012-07-10 02:21 821736 ----a-w- c:windowsSysWow64npDeployJava1.dll

2012-09-03 13:47 . 2011-09-21 00:24 746984 ----a-w- c:windowsSysWow64deployJava1.dll

2012-08-31 04:01 . 2012-08-31 04:01 4278384 ----a-w- c:programdataMicrosofteHomePackagesMCEClientUXUpdateableMarkup-2markup.dll

2012-08-24 11:15 . 2012-09-22 08:00 17810944 ----a-w- c:windowssystem32mshtml.dll

2012-08-24 10:39 . 2012-09-22 08:00 10925568 ----a-w- c:windowssystem32ieframe.dll

2012-08-24 10:31 . 2012-09-22 08:00 2312704 ----a-w- c:windowssystem32jscript9.dll

2012-08-24 10:22 . 2012-09-22 08:00 1346048 ----a-w- c:windowssystem32urlmon.dll

2012-08-24 10:21 . 2012-09-22 08:00 1392128 ----a-w- c:windowssystem32wininet.dll

2012-08-24 10:20 . 2012-09-22 08:00 1494528 ----a-w- c:windowssystem32inetcpl.cpl

2012-08-24 10:18 . 2012-09-22 08:00 237056 ----a-w- c:windowssystem32url.dll

2012-08-24 10:17 . 2012-09-22 08:00 85504 ----a-w- c:windowssystem32jsproxy.dll

2012-08-24 10:14 . 2012-09-22 08:00 173056 ----a-w- c:windowssystem32ieUnatt.exe

2012-08-24 10:14 . 2012-09-22 08:00 816640 ----a-w- c:windowssystem32jscript.dll

2012-08-24 10:13 . 2012-09-22 08:00 599040 ----a-w- c:windowssystem32vbscript.dll

2012-08-24 10:12 . 2012-09-22 08:00 2144768 ----a-w- c:windowssystem32iertutil.dll

2012-08-24 10:11 . 2012-09-22 08:00 729088 ----a-w- c:windowssystem32msfeeds.dll

2012-08-24 10:10 . 2012-09-22 08:00 96768 ----a-w- c:windowssystem32mshtmled.dll

2012-08-24 10:09 . 2012-09-22 08:00 2382848 ----a-w- c:windowssystem32mshtml.tlb

2012-08-24 10:04 . 2012-09-22 08:00 248320 ----a-w- c:windowssystem32ieui.dll

2012-08-24 06:59 . 2012-09-22 08:00 1800704 ----a-w- c:windowsSysWow64jscript9.dll

2012-08-24 06:51 . 2012-09-22 08:00 1129472 ----a-w- c:windowsSysWow64wininet.dll

2012-08-24 06:51 . 2012-09-22 08:00 1427968 ----a-w- c:windowsSysWow64inetcpl.cpl

2012-08-24 06:47 . 2012-09-22 08:00 142848 ----a-w- c:windowsSysWow64ieUnatt.exe

2012-08-24 06:47 . 2012-09-22 08:00 420864 ----a-w- c:windowsSysWow64vbscript.dll

2012-08-24 06:43 . 2012-09-22 08:00 2382848 ----a-w- c:windowsSysWow64mshtml.tlb

2012-08-22 18:12 . 2012-09-12 05:18 1913200 ----a-w- c:windowssystem32driverstcpip.sys

2012-08-22 18:12 . 2012-09-12 05:18 950128 ----a-w- c:windowssystem32driversndis.sys

2012-08-22 18:12 . 2012-09-12 05:18 376688 ----a-w- c:windowssystem32driversnetio.sys

2012-08-22 18:12 . 2012-09-12 05:18 288624 ----a-w- c:windowssystem32driversFWPKCLNT.SYS

2012-08-20 17:38 . 2012-10-28 02:50 44032 ----a-w- c:windowsapppatchacwow64.dll

2012-08-11 23:20 . 2012-08-11 23:20 737072 ----a-w- c:programdataMicrosofteHomePackagesSportsV2SportsTemplateCoreMicrosoft.MediaCenter.Sports.UI.dll

2012-08-11 23:19 . 2012-08-11 23:19 539984 ----a-w- c:programdataMicrosofteHomePackagesMCESpotlightMCESpotlightSpotlightResources.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"SUPERAntiSpyware"="c:program filesSUPERAntiSpywareSUPERAntiSpyware.exe" [2012-10-30 5628800]

.

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun]

"IMSS"="c:program files (x86)IntelIntel® Management Engine ComponentsIMSSPIconstartup.exe" [2009-10-01 111640]

"Adobe ARM"="c:program files (x86)Common FilesAdobeARM1.0AdobeARM.exe" [2012-07-27 919008]

"RoxWatchTray"="c:program files (x86)Common FilesRoxio SharedOEM12.0SharedCOMRoxWatchTray12OEM.exe" [2010-11-25 240112]

"Desktop Disc Tool"="c:program files (x86)RoxioOEMRoxio BurnRoxioBurnLauncher.exe" [2010-11-17 514544]

"CanonSolutionMenuEx"="c:program files (x86)CanonSolution Menu EXCNSEMAIN.EXE" [2010-09-15 1213848]

"avast"="c:program filesAVAST SoftwareAvastavastUI.exe" [2012-10-23 4297136]

.

c:usersrhondaAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup

OpenOffice.org 3.3.lnk - c:program files (x86)OpenOffice.org 3programquickstart.exe [2010-12-13 1198592]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversionwindows]

"LoadAppInit_DLLs"=0 (0x0)

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-03-18 138576]

R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:program files (x86)Common FilesRoxio SharedOEM12.0SharedCOMRoxWatch12OEM.exe [2010-11-25 219632]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-10-29 250808]

R3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:windowssystem32driversmassfilter_hs.sys [2011-07-07 18456]

R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:program files (x86)Common FilesRoxio SharedOEM12.0SharedCOMRoxMediaDB12OEM.exe [2010-11-25 1116656]

R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe [2011-09-20 1255736]

S0 PxHlpa64;PxHlpa64;c:windowsSystem32DriversPxHlpa64.sys [2010-03-19 55856]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 SASDIFSV;SASDIFSV;c:program filesSUPERAntiSpywareSASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:program filesSUPERAntiSpywareSASKUTIL64.SYS [2011-07-12 12368]

S1 vwififlt;Virtual WiFi Filter Driver;c:windowssystem32DRIVERSvwififlt.sys [2009-07-14 59904]

S2 !SASCORE;SAS Core Service;c:program filesSUPERAntiSpywareSASCORE64.EXE [2012-10-30 140672]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:program files (x86)Common FilesAdobeARM1.0armsvc.exe [2012-07-27 63960]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:windowssystem32driversaswMonFlt.sys [2012-10-23 71600]

S2 UNS;Intel® Management & Security Application User Notification Service;c:program files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe [2009-10-01 2320920]

S3 HECIx64;Intel® Management Engine Interface;c:windowssystem32DRIVERSHECIx64.sys [2009-09-17 56344]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:windowssystem32DRIVERSk57nd60a.sys [2009-10-16 321064]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:windowssystem32DRIVERSvwifimp.sys [2009-07-14 17920]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-01 c:windowsTasksAdobe Flash Player Updater.job

- c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-04-19 02:02]

.

2012-10-31 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-1852485107-1149319046-1402754336-1000Core.job

- c:usersrhondaAppDataLocalGoogleUpdateGoogleUpdate.exe [2011-09-20 05:25]

.

2012-11-01 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-1852485107-1149319046-1402754336-1000UA.job

- c:usersrhondaAppDataLocalGoogleUpdateGoogleUpdate.exe [2011-09-20 05:25]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOTCLSID{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-23 10:17 133400 ----a-w- c:program filesAVAST SoftwareAvastashShA64.dll

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"IgfxTray"="c:windowssystem32igfxtray.exe" [2011-02-12 162328]

"HotKeysCmds"="c:windowssystem32hkcmd.exe" [2011-02-12 386584]

"Persistence"="c:windowssystem32igfxpers.exe" [2011-02-12 417304]

"CanonMyPrinter"="c:program filesCanonMyPrinterBJMyPrt.exe" [2010-07-26 2782096]

.

------- Supplementary Scan -------

.

uLocal Page = c:windowssystem32blank.htm

uStart Page = hxxp://forums.pcpitstop.com/index.php?/topic/200203-it-appears-i-have-a-trojan-or-virus/

mLocal Page = c:windowsSysWOW64blank.htm

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:usersrhondaAppDataRoamingMozillaFirefoxProfiles08awarrn.default

FF - prefs.js: browser.search.selectedEngine - Ask.com Search

FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z192&install_date=20110921

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: 2012-10-27 21:15; wrc@avast.com; c:program filesAVAST SoftwareAvastWebRepFF

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:Windowssystem32MacromedFlashFlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]

@="c:Windowssystem32MacromedFlashFlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]

@="c:WindowsSysWOW64MacromedFlashFlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPCWSecurity]

@Denied: (Full) (Everyone)

.

Completion time: 2012-11-01 13:06:46

ComboFix-quarantined-files.txt 2012-11-01 18:06

ComboFix2.txt 2012-10-31 15:42

ComboFix3.txt 2012-10-29 19:09

.

Pre-Run: 703,666,540,544 bytes free

Post-Run: 703,621,197,824 bytes free

.

- - End Of File - - E7CA52F27A363666E03A1F3818726870

Link to comment
Share on other sites

The system runs fine. But the wireless connection still doesn't work correctly. I believe the problem is related to the netgear wireless since when I hook the hard drive directly through the comcast router the internet runs fast and normal. So it seems that netgear is probably the issue.

Edited by gaboyde88
Link to comment
Share on other sites

Hello gaboyde88

 

The system runs fine

Thats great news :)

 

So it seems that netgear is probably the issue

From what you describe it certainly sounds possible. For additional assistance with your wireless connection please feel free to start a new thread in our Networking, Email, and Internet Connections Forum

 

Your latest system logs appear to be clean so lets remove our tools in the steps below:

  • Please Uninstall Combofix

    • Hold down the Windows key (has the Windows symbol on it) and press the "R" key.
    • A Run box will open.
    • Type combofix /uninstall in the run box and click "OK". Please note the space between the "x" and the "/Uninstall", it needs to be there.
  • Removal of Tools

    • You no longer need DDS, aswMBR, Security Check or McAfee Removal Tool.
    • Please delete them from your machine.
    Once you have completed the above steps you should be good to go! If you have any further questions, please feel free to ask.
  • Finally, please take the time to read through the information provided below:

     

    Enhance your System Security

    • For an excellent list of free anti virus software, free online virus scanners, free spyware detection/removal and free firewalls, click here.
    • IMPORTANT! Please make sure you only have ONE firewall and ONE real-time antivirus installed on your system. When using "on demand" scanners, first update the detection signature files, then disconnect from the internet and disable your resident security program before running the scan.
    • Once complete, remember to re-engage your resident security before going online.
    Web Browsers and Browser Security

     

    Firefox

    • Firefox is generally considered to have greater browsing security in comparison to other popular programs. You can download Firefox 3.0 from here.
    No-Script

    • If you use Firefox as your default browser, No-Script can provide additional security by preventing malicious scripts from being executed on your system.
    • You can download No-Script by clicking here.
    Internet Explorer

    • The newest version of Internet Explorer is available from here.
    SpywareBlaster

    • If you use Internet Explorer as your default browser, SpywareBlaster would be a valuable addition to your online security.
    • SpywareBlaster prevents malicious ActiveX objects from being downloaded onto your system.
    • You can download SpywareBlaster by clicking here.
    Web of Trust

    • When using search engines, Web of Trust provides you with an easy way of telling the good sites from the bad and is compatible with both Firefox and Internet Explorer.
    • Coloured symbols are displayed next to search results, giving you more confidence in the links you choose to click on: Green (To go), Yellow (Caution) and Red (Stop).
    • You can download Web of Trust by clicking here.
    Keep your Software Updated

    • Outdated software can sometimes have vulnerabilities that are exploitable by malware.
    • Check if there are available updates for your installed software with Secunia's Online Software Inspector by clicking here.
    Passwords

    • Learn how to create strong passwords by clicking here and test the strength of the passwords you already use by clicking here.
    General Reading

    Learn How To Combat Malware

    • Would you like to learn how to fight back against malware and help others? Enroll at the What The Tech (Formerly Tom Coyotes) Malware Classroom by clicking here.
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...