Wifi help

[Jstratfl]

Heloo,

I need assistance reconnecting my wifi. I was infected with live security platinum, which I think I've deleted, however I now can not connect to Internet via wifi on my laptop. I'm currently on IPad to find information. Please advise direction. Thanks, Jason

 

[Jack]

Hi and welcome to the malwaretips.com forums!

I'm Jack and I am going to try to assist you with your problem. Please take note of the below:

• I will start working on your malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for this issue on this machine!
• The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
• If you don't know, stop and ask! Don't keep going on.
• Please reply to this thread. Do not start a new topic.
• Refrain from running self fixes as this will hinder the malware removal process.
• It may prove beneficial if you print of the following instructions or save them to notepad as I post them.

Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.


Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
<hr />
Please run the following utility so that I can get a log of your system...
STEP 1 : Run a scan with Combofix

Please read and follow very carefully the below instructions​

 
Download ComboFix from one of the following locations: 

COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2  (This link will automatically download Combofix on your computer)
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop  
 
<ul>
<li>Close any open browsers.</li>
<li>Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
<ul>
<li><>Very Important!</> Temporarily <>disable</> your <>anti-virus</>, <>script blocking</> and any <>anti-malware</> real-time protection <em><>before</></em>performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause <em>"unpredictable results"</em>.</li>
<li><em>Click on <a title="External link" href="http://www.bleepingcomputer.com/forums/topic114351.html" rel="nofollow external"><>this link</></a> to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.</em>
-----------------------------------------------------------</li>
</ul>
<ul>
<li>Close any open browsers.</li>
<li><>WARNING: Combofix will disconnect your machine from the Internet as soon as it starts</></li>
<li>Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.</li>
<li>If there is no internet connection after running Combofix, then restart your computer to restore back your connection.</li>
</ul>
-----------------------------------------------------------</li></ul>
How to run the Combofix scan :

1. Double click on ComboFix.exe & follow the prompts.
2. Accept the disclaimer and allow to update if it asks
   
3. When finished, it shall produce a log for you. 
   [*]Please include the C:\ComboFix.txt in your next reply.

Notes:
<ol><li> Do not mouse-click Combofix's window while it is running. That may cause it to stall.</li>
<li> Do not "re-run" Combofix. If you have a problem, reply back for further instructions.</li>
<li>  If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.</li></ol>



<hr />
What's next?

Please post in your next reply:
1.Combofix log
2.Let me know if you had any problems with the above instructions and also <>let me know how things are running now!</>

 

[Jstratfl]

Hi Jack...as I stated I can not get Internet connection to download the information you've requested. Sorry if I wasn't clear in orig post.

 

[Jack]

Is Live Security Platinum window on your computer? Can you see it or it's gone ? What steps have your taken in order to remove this infection?

 

[Jstratfl]

I can't see it...I tried to follow all steps ive read in your posts concerning this. I was able to run Auslogics BoostSpeed ( a program i bought to speed up my laptop ) program while in safe mode and then rebooted. It disappeared after that, but still could not get onto wifi to Internet connection. I also have McAfee and am unable to turn on Firewall in that program. Thanks again for your help!

 

[Jack]

Did you try to reset your router?
Ok,lets run the following commands to see if we can get you back on the Internet:

1. Click the Start buton
2. Type “cmd” in the Search Box and then press Enter
3. Right-click “cmd.exe" and select “Run as administrator”
4. Click “Continue” on the “User Account Control” Window
5. In the command prompt type the following command
<code>sc create BITS binpath= “c:\windows\system32\svchost.exe -k netsvcs” start= delayed-auto</code>
6.Restart your computer and check if the problem is solved.

<hr />

NEXT,
1.Click Start and go to Run
2.In the run box type notepad.exe
3.Paste the following code below into notepad and save as reset.bat


Please save everything before running this file as it will restart your computer automatically

<code>@echo off

ipconfig /flushdns
netsh int ip reset
netsh winsock reset
netsh firewall reset
shutdown -r -t 0 </code>
<hr />

 

[Jstratfl]

Ok did all three...reset router, nothing, ran both Commands also. Still not connected to Internet. ???

 

[Jack]

Most likely you still have an active infection on your system...
What operating system are you on?
Can you please try to temporarily disable McAfee to see if you can connect to the Internet.

 

[Jstratfl]

Tried turning off Mcafee...nothing different. System is Dell laptop, windows 7 home service pack 1. I ran trouble shooting Internet connections and got a answer to unlock fire wall... Tried to turn off and keep getting same respone...windows firewall is not using recommend settings to protect computer...I click on "use recommended settings" and nothing happens.

 

[Jack]

Can you transfer a utility on the infected computer via an USB stick?

 

[Jstratfl]

What utility?

 

[Jstratfl]

I'll try...what utility

 

[Jack]

OK,I need you to download on a USB stick this three utilities and run them on the infected computer:
STEP 1: Run a scan with RogueKiller
<ol>
<li>Please <>download the latest official version of </><>RogueKiller</>.
<a href="http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe" rel="nofollow" target="_blank">ROGUEKILLER DOWNLOAD LINK</a> (This link will automatically download RogueKiller on your computer)</li>
<li><>Double click on RogueKiller.exe</> to start this utility and then <>wait for the Prescan to complete</>.This should take only a few seconds and then you can <>click the Start button</> to perform a system scan.
<img title="Click on the Start button to perform a system scan" src="http://malwaretips.com/blogs/wp-content/uploads/2012/04/roguek-1.png" alt="[Image: roguekiller-1.png]" width="600" height="450" border="0" /></li>
<li>After the scan has completed, <>press the Delete button</> to remove any malicious registry keys.
<img title="Press Delete to remove the malicious registry keys" src="http://malwaretips.com/blogs/wp-content/uploads/2012/04/roguek-2.png" alt="[Image: roguekiller-2.png]" width="600" height="450" border="0" /></li>
<li>Next we will need to restore your shortcuts, <>so click on the ShortcutsFix button </>and allow the program to run.
<img title="Click on the Start button to perform a system scan" src="http://malwaretips.com/blogs/wp-content/uploads/2012/04/roguek-3.png" alt="[Image: roguekiller-1.png]" width="600" height="450" border="0" /></li>
</ol>

The report has been created on the desktop.In your next reply please post:

All RKreport.txt text files located on your desktop.

<hr />
STEP 2 : Run a scan with Combofix

Please read and follow very carefully the below instructions​

 
Download ComboFix from one of the following locations: 

COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2  (This link will automatically download Combofix on your computer)
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop  
 
<ul>
<li>Close any open browsers.</li>
<li>Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
<ul>
<li><>Very Important!</> Temporarily <>disable</> your <>anti-virus</>, <>script blocking</> and any <>anti-malware</> real-time protection <em><>before</></em>performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause <em>"unpredictable results"</em>.</li>
<li><em>Click on <a title="External link" href="http://www.bleepingcomputer.com/forums/topic114351.html" rel="nofollow external"><>this link</></a> to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.</em>
-----------------------------------------------------------</li>
</ul>
<ul>
<li>Close any open browsers.</li>
<li><>WARNING: Combofix will disconnect your machine from the Internet as soon as it starts</></li>
<li>Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.</li>
<li>If there is no internet connection after running Combofix, then restart your computer to restore back your connection.</li>
</ul>
-----------------------------------------------------------</li></ul>
How to run the Combofix scan :

1. Double click on ComboFix.exe & follow the prompts.
2. Accept the disclaimer and allow to update if it asks
   
3. When finished, it shall produce a log for you. 
   [*]Please include the C:\ComboFix.txt in your next reply.

Notes:
<ol><li> Do not mouse-click Combofix's window while it is running. That may cause it to stall.</li>
<li> Do not "re-run" Combofix. If you have a problem, reply back for further instructions.</li>
<li>  If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.</li></ol>



<hr />
STEP 3: Run the Complete Internet Repair utility.
<ol><li>Download <a title="External link" href="http://www.datum-forensics.com/down/comintrep.exe" rel="nofollow external" rel="nofollow">Complete Internet Repair utility</a>to your desktop</li>
<li>Unzip all the files to their own folder on the desktop</li>
<li>Within the folder double click <>CIntRep</></li>
<li>Select the following items,then press the GO button.
<ul><li>Reset Interent Protocol (TCP/IP)</li>
<li>Repair Winsock (Reset Catalog)</li>
<li>Renew Internet Connection</li>
<li>Flush DNS Resolver Cache</li>
<li>Reset Windows Firewall Configuration</li>
<li>Reset the default hosts fie</li></ul>
</li>
</ol>

What's next?

Please post in your next reply:
1.RogueKiller logs
2.Combofix log
3.CIR log
4.Let me know if you had any problems with the above instructions and also <>let me know how things are running now!</>

 

[Jstratfl]

Ok ran all programs. Need to figure out how to get info to iPad to post. Also now have an runDLL error..."problem starting C:\windows\SysWOW64\usblib.dll" this keeps popping up. ??

 

[Jstratfl]

here is the RogueKiller Info

RogueKiller V8.0.0 [08/26/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Jason [Admin rights]
Mode : Scan -- Date : 08/26/2012 09:27:15

¤¤¤ Bad processes : 3 ¤¤¤
[RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc]
[RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc]
[RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 10 ¤¤¤
[TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> FOUND
[TASK][ROGUE ST] 4688 : wscript.exe -> FOUND
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[FILEASSO] HKLM\[...]\command : (C:\Program Files (x86)\Internet Explorer\iexplore.exe) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD642JJ ATA Device +++++
--- User ---
[MBR] 7388c7080aeefc8cbe5ed7ff21e10894
[BSP] 10ed711f10c2dece51a3902e594c4c11 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 595439 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Generic- Compact Flash USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive3: Generic- SD/MMC USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive4: Generic- MS/MS-Pro/HG USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt


RogueKiller V8.0.0 [08/26/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Jason [Admin rights]
Mode : Remove -- Date : 08/26/2012 09:29:03

¤¤¤ Bad processes : 5 ¤¤¤
[RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc]
[RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc]
[RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc]
[RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc]
[RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 10 ¤¤¤
[TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> DELETED
[TASK][ROGUE ST] 4688 : wscript.exe -> DELETED
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[FILEASSO] HKLM\[...]\command : (C:\Program Files (x86)\Internet Explorer\iexplore.exe) -> REPLACED ("C:\Program Files (x86)\Internet Explorer\iexplore.exe")

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD642JJ ATA Device +++++
--- User ---
[MBR] 7388c7080aeefc8cbe5ed7ff21e10894
[BSP] 10ed711f10c2dece51a3902e594c4c11 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 595439 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

RogueKiller V8.0.0 [08/26/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : jason [Admin rights]
Mode : Shortcuts HJfix -- Date : 08/26/2012 09:49:25

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 1 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 9 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 153 / Fail 0
My documents: Success 2 / Fail 2
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 20 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 140 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[E:] \Device\HarddiskVolume4 -- 0x2 --> Restored

¤¤¤ Infection : ZeroAccess ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

 

[Jack]

Can you also post the Combofix log?
Did you run the Complete Internet Repair utility ? Can you connect to the Internet now?

 

[Jstratfl]

Didn't get a combo fix log...will run again. Also still not connected

 

[Jstratfl]

Jack,

sorry so long. I work in retail in South FL and the storm was a little hektic. here is the Combo Fix Log...

ComboFix 12-08-25.04 - jason 08/26/2012 11:33:31.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6058.4522 [GMT -4:00]
Running from: c:\users\jason\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Install.exe
c:\windows\SysWow64\binperf.dll
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\popsvr.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-07-26 to 2012-08-26 )))))))))))))))))))))))))))))))
.
.
2012-08-26 15:38 . 2012-08-26 15:38 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-26 15:38 . 2012-08-26 15:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-25 15:34 . 2012-08-25 15:35 -------- d-----w- c:\programdata\7531CCA9006AA673177B6A13F875F002
2012-08-25 15:04 . 2012-08-25 15:04 -------- d-----w- c:\users\jason\AppData\Roaming\Free-PDF-to-Word.com
2012-08-25 15:04 . 2012-08-25 15:09 -------- d-----w- c:\program files (x86)\Free PDF to Word Converter
2012-08-24 21:29 . 2012-08-01 22:58 9309624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{54F9CCBF-F553-4E04-A07A-04F92A5CCD13}\mpengine.dll
2012-08-15 13:21 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-08-15 13:12 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 13:12 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 13:12 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-15 13:12 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-14 20:13 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-14 20:13 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-14 20:13 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-14 20:13 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-14 20:13 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-14 20:13 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-14 20:13 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-14 20:13 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-07 05:01 . 2012-06-04 07:59 99384 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2012-08-07 05:01 . 2012-06-04 07:59 203320 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-08-05 22:18 . 2012-08-05 22:18 -------- d-----w- c:\program files (x86)\PLX Technology
2012-08-05 22:18 . 2010-05-25 13:14 31280 ----a-w- c:\windows\system32\drivers\OXUDIDRV_x64.sys
2012-08-05 22:18 . 2012-08-05 22:18 -------- d-----w- c:\program files\Iomega
2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-16 20:23 . 2012-07-01 13:01 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-16 20:23 . 2011-06-11 13:43 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 13:11 . 2011-05-08 12:52 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-09 12:45 . 2012-07-09 12:45 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-07-09 12:45 . 2012-07-09 12:45 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-07-09 12:45 . 2012-07-09 12:45 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-07-09 12:45 . 2012-07-09 12:45 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-07-09 12:45 . 2012-07-09 12:45 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-07-09 12:45 . 2012-07-09 12:45 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-07-09 12:45 . 2012-07-09 12:45 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-07-09 12:45 . 2012-07-09 12:45 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-07-09 12:45 . 2012-07-09 12:45 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-07-09 12:45 . 2012-07-09 12:45 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-07-09 12:45 . 2012-07-09 12:45 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-07-09 12:45 . 2012-07-09 12:45 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-07-09 12:45 . 2012-07-09 12:45 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-07-09 12:45 . 2012-07-09 12:45 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-07-09 12:45 . 2012-07-09 12:45 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-07-09 12:45 . 2012-07-09 12:45 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-07-09 12:45 . 2012-07-09 12:45 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-07-09 12:45 . 2012-07-09 12:45 222208 ----a-w- c:\windows\system32\msls31.dll
2012-07-09 12:45 . 2012-07-09 12:45 197120 ----a-w- c:\windows\system32\msrating.dll
2012-07-09 12:45 . 2012-07-09 12:45 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-07-09 12:45 . 2012-07-09 12:45 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-07-09 12:45 . 2012-07-09 12:45 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-07-09 12:45 . 2012-07-09 12:45 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-07-09 12:45 . 2012-07-09 12:45 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-07-09 12:45 . 2012-07-09 12:45 149504 ----a-w- c:\windows\system32\occache.dll
2012-07-09 12:45 . 2012-07-09 12:45 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-07-09 12:45 . 2012-07-09 12:45 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-07-09 12:45 . 2012-07-09 12:45 12288 ----a-w- c:\windows\system32\mshta.exe
2012-07-09 12:45 . 2012-07-09 12:45 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-07-09 12:45 . 2012-07-09 12:45 114176 ----a-w- c:\windows\system32\admparse.dll
2012-07-09 12:45 . 2012-07-09 12:45 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-07-09 12:45 . 2012-07-09 12:45 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-07-09 12:45 . 2012-07-09 12:45 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-07-09 12:45 . 2012-07-09 12:45 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-07-09 12:45 . 2012-07-09 12:45 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-07-09 12:45 . 2012-07-09 12:45 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-07-09 12:45 . 2012-07-09 12:45 82432 ----a-w- c:\windows\system32\icardie.dll
2012-07-09 12:45 . 2012-07-09 12:45 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-07-09 12:45 . 2012-07-09 12:45 697344 ----a-w- c:\windows\system32\msfeeds.dll
2012-07-09 12:45 . 2012-07-09 12:45 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-07-09 12:45 . 2012-07-09 12:45 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-07-09 12:45 . 2012-07-09 12:45 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-07-09 12:45 . 2012-07-09 12:45 448512 ----a-w- c:\windows\system32\html.iec
2012-07-09 12:45 . 2012-07-09 12:45 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-07-09 12:45 . 2012-07-09 12:45 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-07-09 12:45 . 2012-07-09 12:45 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-07-09 12:45 . 2012-07-09 12:45 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-09 12:45 . 2012-07-09 12:45 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-07-09 12:45 . 2012-07-09 12:45 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-07-09 12:45 . 2012-07-09 12:45 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-07-09 12:45 . 2012-07-09 12:45 160256 ----a-w- c:\windows\system32\wextract.exe
2012-07-09 12:45 . 2012-07-09 12:45 103936 ----a-w- c:\windows\system32\inseng.dll
2012-06-26 07:02 . 2012-03-29 02:11 330240 ----a-w- c:\windows\MASetupCaller.dll
2012-06-09 05:43 . 2012-07-11 13:03 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 12:49 . 2012-06-06 12:49 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06 . 2012-07-11 13:03 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 13:03 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 13:03 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 13:03 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 13:03 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 13:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-22 12:58 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 12:58 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 12:58 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 12:58 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 12:58 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 12:58 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 12:58 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-22 12:58 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-22 12:58 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-11 13:03 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 13:03 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48 . 2012-07-11 13:03 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45 . 2012-07-11 13:03 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 13:03 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 13:03 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 13:03 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 13:03 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 13:03 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-31 16:25 . 2011-08-14 17:06 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-26_14.38.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-19 00:08 . 2012-08-26 15:41 49494 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-26 15:41 28468 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-04-27 11:35 . 2012-08-26 15:41 12344 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3435974654-3500693669-253271430-1001_UserData.bin
+ 2011-04-26 13:00 . 2012-08-26 14:45 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-04-26 13:00 . 2012-08-26 13:41 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-04-26 13:00 . 2012-08-26 14:45 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-04-26 13:00 . 2012-08-26 13:41 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-26 13:41 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-26 14:45 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-08-26 14:37 . 2012-08-26 14:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-26 15:39 . 2012-08-26 15:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-26 15:39 . 2012-08-26 15:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-26 14:37 . 2012-08-26 14:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-08-26 14:37 510900 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-26 15:38 510900 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-04-27 16:39 . 2012-08-26 15:38 32175668 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3435974654-3500693669-253271430-1001-8192.dat
- 2011-04-27 16:39 . 2012-08-26 14:37 32175668 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3435974654-3500693669-253271430-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Wsockctrl]
@="{0158F685-6249-486F-85B4-08D218BC1A51}"
[HKEY_CLASSES_ROOT\CLSID\{0158F685-6249-486F-85B4-08D218BC1A51}]
2011-07-16 04:24 2118888 ----a-w- c:\windows\SysWOW64\usblib.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-17 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2010-10-29 75048]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\ismagent.exe" [2012-05-21 155456]
"Intel AppUp(SM) center Systray"="c:\program files (x86)\Intel\IntelAppStore\bin\AppUp.exe" [2012-05-21 901416]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R2 0186111345904461mcinstcleanup;McAfee Application Installer Cleanup (0186111345904461);c:\windows\TEMP\018611~1.EXE [x]
R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/04/18 19:46;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-10-29 236016]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2010-11-16 141192]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-27 136176]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R2 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 250056]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-06-04 99384]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-27 136176]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-11-12 155752]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 OXSDIDRV_x64;Oxford Semi eSATA Filter (x64);c:\windows\system32\DRIVERS\OXSDIDRV_x64.sys [2009-09-28 51760]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-06-04 203320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-29 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2011-04-11 71800]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2010-11-30 25576]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [2010-04-14 66040]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2010-12-14 974912]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]
S2 MOBKbackup;McAfee Online Backup;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-04-14 231224]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-11-30 1997416]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-11-29 378472]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S2 VBoxDrv;VBox Support Driver;c:\program files (x86)\YouWave_Android\vb\VBoxDrv.sys [2010-07-15 203864]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2010-12-14 1298496]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2010-12-14 58128]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-15 327168]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 175168]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-10 60416]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-12-22 8505856]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_9EC60124
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-01 20:23]
.
2012-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-27 13:19]
.
2012-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-27 13:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-14 00:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-14 00:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-14 00:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Wsockctrl]
@="{0158F685-6249-486F-85B4-08D218BC1A51}"
[HKEY_CLASSES_ROOT\CLSID\{0158F685-6249-486F-85B4-08D218BC1A51}]
2011-07-16 04:24 1751281 ----a-w- c:\windows\SysWOW64\chkfax.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-12-14 6561384]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-18 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-18 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-18 417304]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-11-29 312936]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-01-05 592240]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2010-12-14 10222080]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"McPvTray_exe"="c:\program files\McAfee\MAT\McPvTray.exe" [2011-04-08 436384]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
DPF: {16F67783-7E72-4C39-99C4-4780A8335484} - hxxp://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab
FF - ProfilePath - c:\users\jason\AppData\Roaming\Mozilla\Firefox\Profiles\jf9dh41e.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: general.useragent.extra.brc -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-08-26 11:44:57 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-26 15:44
.
Pre-Run: 400,112,300,032 bytes free
Post-Run: 399,786,856,448 bytes free
.
- - End Of File - - DFAEBDFBACFF19789AE1F36F99C7B78F


still not connected to internet. thanks jason

 

[Jstratfl]

Hi Jack,
Any advise??

Thanks,
Jason

 

[Jack]

Jstratfl can you please run this utilities:
STEP 1 : Run a scan with Kaspersky TDSSKiller
<ol>
<li>Download Kaspersky TDSKiller from the below link.
<><a title="External link" href="http://support.kaspersky.com/downloads/utils/tdsskiller.exe" rel="external">KASPERKSY TDSSKILLER DOWNLOAD LINK</a></> <em> (This link will automatically download Kaspersky TDSSKiller on your computer)</em>
</li>
<li>Double-click on <>TDSSKiller.exe</> to run the application.
<img src="http://img4.imageshack.us/img4/1907/tdss1.png" alt="Posted Image" /></li>
<li>Click <>Change parameters</>
<img src="http://img593.imageshack.us/img593/288/tdss2.png" alt="Posted Image" /></li>
<li>Check the boxes next to <>Verify Driver Digital Signature</> and <>Detect TDLFS file system</>, then click <>OK</>
<img src="http://img521.imageshack.us/img521/1456/tdss3.png" alt="Posted Image" /></li>
<li>Click on the <>Start Scan</> button to begin the scan and wait for it to finish.
<>NOTE:</> Do not use the computer during the scan!</li>
<li>During the scan it will look similar to the image below:
<img src="http://img6.imageshack.us/img6/9136/tdss4.jpg" alt="Posted Image" /></li>
<li>When it finishes, you will either see a report that no threats were found like below:
<img src="http://img696.imageshack.us/img696/9898/tdss5.jpg" alt="Posted Image" />
If no threats are found at this point, just click the <>Report</> selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.</li>
<li>If any infection or suspected items are found, you will see a window similar to below:
<img src="http://img854.imageshack.us/img854/905/tdss7.jpg" alt="Posted Image" />
<ul>
<li>If you have files that are shown to fail <em>signature check</em> do not take any action on these. Make sure you select <>Skip</>. I will tell you what to do with these later. They may not be issues at all.</li>
<li>If <em>Suspicious objects</em> are detected, the default action will be Skip. Leave the default set to Skip.</li>
<li>If <em>Malicious objects</em> are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
Make sure that <>Cure</> is selected. <>Important!</> - If <em>Cure</em> is not available, please choose <>Skip</> instead. Do not choose Delete unless instructed to do so.</li>
</ul>
</li>
<li>Click <>Continue</> to apply selected actions.</li>
<li>A reboot may be required to complete disinfection. A window like the below will appear:
<img src="http://img828.imageshack.us/img828/4812/tdss6.jpg" alt="Posted Image" />
Reboot immediately if TDSSKiller states that one is needed.</li>
<li>Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like <>TDSSKiller.2.1.1_2.12.2012_14.17.04_log.txt</> which is based on the program version # and date and time run.</li>
<li>Attach this log to your next reply.</li>
</ol>
<hr />
STEP 2: Run a scan with OTL by OldTimer:
<ol><li>Download the OTL utility using the below link :
<><a title="External link" href="http://oldtimer.geekstogo.com/OTL.exe" rel="nofollow external">OTL DOWNLOAD LINK</a></> <em>(This link will automatically download OTL on your computer)</em></li>
<li>Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/07/OTL-logo.png" alt="" title="OTL-logo" width="106" height="118" class="alignnone size-full wp-image-3946" /></li>
<li>When the window appears, <>underneath Output</> at the top change it to <>Minimal Output</>.</li>
<li>Check the boxes beside <>LOP Check</> and <>Purity Check</>.</li>
<li>Click the<> Run Scan</> button.
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/07/OTL.png" alt="" title="OTL" width="658" height="584" class="alignnone size-full wp-image-3945" /></li>
<li>When the scan completes, it will open two notepad windows. <>OTL.Txt</> and <>Extras.Txt</>. These are saved in the same location as OTL.
<>Please post this 2 logs in your first reply.</>.</li></ol>
<em>Note: If OTL.exe will not run, it may be blocked by malware. Try these alternate versions: <a title="External link" href="http://www.itxassociates.com/OT-Tools/OTL.scr" rel="nofollow external">OTL.scr</a>, or <a title="External link" href="http://oldtimer.geekstogo.com/OTL.com" rel="nofollow external">OTL.com</a>.</em>
<hr />
STEP 3: Run a scan with Farbar Service Scanner

<ol> <li>Download Farbar Service Scanner from the below link.
<><a title="External link" href="http://download.bleepingcomputer.com/farbar/FSS.exe" rel="external">FABAR SERVICE SCANNER</a></> <em> (This link will automatically download Farbar Service Scanner on your computer)</em></li>
<li>Run the ulity and checkmark all the boxes</li>
<li> Click on the Scan button.
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/09/fabar.png" /></li>
<li>Add the log that will produce in your next reply.</li></ol>
What's next?

Attach the following logs to your post (You can find here details on how to use the Attachment System):

1.Kaspersky TDSSKiller
2.OTL logs
3.Farbar Service Scanner log
4.Let me know if you had any problems with the above instructions and also let me know how things are running now!