New
#11
Hi Corrine,
Thanks a ton again, following is the log
NOTE:- My MacFee was expired and did not find any option to disable it, so I uninstalled it.
Also, I am in UK timezone, so kindly accept the dealy in my next response.
==========================
ComboFix 12-06-05.03 - lifeRockss 06/06/2012 0:54.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2980.1399 [GMT 1:00]
Running from: c:\users\lifeRockss\Desktop\ComboFix.exe
Command switches used :: c:\users\lifeRockss\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\lifeRockss\AppData\Local\lewqylml
c:\windows\system32\wbem\Performance\WmiApRpl_new.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-05-06 to 2012-06-06 )))))))))))))))))))))))))))))))
.
.
2012-06-06 00:04 . 2012-06-06 00:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-05 21:19 . 2012-05-08 09:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E2507CD2-0679-40D2-BB42-53BC5CFFC495}\mpengine.dll
2012-06-04 12:31 . 2012-06-05 20:32 -------- d-----w- c:\programdata\boost_interprocess
2012-06-04 12:30 . 2012-06-04 12:30 -------- d-----w- c:\users\Guest
2012-06-04 09:23 . 2012-05-08 09:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-03 22:36 . 2012-06-03 22:36 -------- d-----w- c:\users\lifeRockss\AppData\Roaming\Malwarebytes
2012-06-03 22:33 . 2012-06-03 22:33 -------- d-----w- c:\programdata\Malwarebytes
2012-06-03 22:33 . 2012-06-03 22:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-03 22:33 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-03 08:49 . 2012-06-03 08:49 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{78FD9AC8-32CE-4832-BCAB-63B78579596C}\gapaengine.dll
2012-06-03 08:48 . 2012-06-03 08:48 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-06-03 08:48 . 2012-06-03 08:48 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-03 07:34 . 2012-06-03 07:34 -------- d-----w- c:\program files (x86)\ERUNT
2012-06-02 22:03 . 2012-06-03 07:18 -------- d-----w- C:\s&d
2012-06-02 21:55 . 2012-06-04 19:30 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-02 21:55 . 2012-06-02 21:55 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-06-02 20:07 . 2012-06-02 20:07 -------- d-----w- C:\Sharekhan
2012-06-02 15:42 . 2012-06-02 15:42 -------- d-----w- c:\users\lifeRockss\AppData\Roaming\Macrovision
2012-06-02 15:41 . 2012-06-02 15:41 -------- d-----w- c:\users\lifeRockss\AppData\Roaming\Roxio Burn
2012-05-29 17:49 . 2012-05-29 17:49 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-05-27 14:25 . 2012-05-27 14:25 -------- d-----w- c:\users\lifeRockss\AppData\Local\blekkotb
2012-05-27 13:30 . 2012-05-27 13:30 -------- d-----w- c:\users\lifeRockss\AppData\Roaming\Roxio Log Files
2012-05-15 02:00 . 2012-05-15 02:00 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-15 02:00 . 2012-05-15 02:00 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-14 18:25 . 2012-05-14 18:25 -------- d-----w- c:\programdata\InstallShield
2012-05-14 18:25 . 2012-05-14 18:25 -------- d-----w- c:\program files (x86)\NOW
2012-05-14 18:25 . 2004-04-16 10:24 61440 ----a-w- c:\windows\SysWow64\ISUSPM.cpl
2012-05-14 18:25 . 2004-04-17 11:40 385024 ----a-w- c:\program files (x86)\Common Files\InstallShield\UpdateService\_ispmres.dll
2012-05-14 18:25 . 2004-04-17 11:41 196608 ----a-w- c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
2012-05-14 18:25 . 2004-04-13 05:07 69632 ----a-w- c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe
2012-05-14 18:25 . 2004-04-13 05:06 368640 ----a-w- c:\program files (x86)\Common Files\InstallShield\UpdateService\_isusres.dll
2012-05-14 18:25 . 2004-04-23 18:03 446464 ----a-w- c:\program files (x86)\Common Files\InstallShield\UpdateService\agent.exe
2012-05-14 18:25 . 2004-04-13 05:03 204800 ----a-w- c:\program files (x86)\Common Files\InstallShield\UpdateService\ISDM.exe
2012-05-14 18:23 . 2004-04-18 22:40 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2012-05-14 18:23 . 2004-04-18 22:39 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2012-05-14 18:23 . 2004-04-18 22:39 172032 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2012-05-14 18:23 . 2004-04-18 22:42 733184 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2012-05-14 18:23 . 2004-04-18 22:39 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2012-05-14 18:23 . 2012-05-14 18:23 303236 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2012-05-14 18:23 . 2012-05-14 18:23 180356 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2012-05-11 17:02 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-11 17:02 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-11 17:02 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 17:02 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-11 17:02 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-11 17:02 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 17:02 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-11 17:02 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-11 17:02 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-11 17:02 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 17:02 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-11 17:02 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-11 17:01 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-24 11:48 . 2011-11-04 11:58 525544 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-18 16:12 . 2012-04-18 16:12 0 ----a-w- c:\windows\SysWow64\shoFA1E.tmp
2012-03-20 19:44 . 2012-03-20 19:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 19:44 . 2012-03-20 19:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-04_02.11.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-05 20:32 . 2012-06-05 20:32 13366 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-06-04 00:46 . 2012-06-04 00:46 13366 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2010-11-21 03:09 . 2012-06-05 20:36 53944 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-05 20:36 44124 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-12-02 15:21 . 2012-06-05 20:36 15416 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3553815003-590717795-807720870-1000_UserData.bin
+ 2009-07-14 05:30 . 2012-06-05 20:31 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2012-04-10 15:05 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-12-02 15:23 . 2012-06-05 19:19 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-12-02 15:23 . 2012-06-04 00:53 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-02 15:23 . 2012-06-05 19:19 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-12-02 15:23 . 2012-06-04 00:53 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-05 19:19 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.d at
- 2009-07-14 04:54 . 2012-06-04 00:53 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.d at
+ 2009-07-14 04:46 . 2012-06-05 20:41 97232 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache \cache.dat
- 2012-06-04 00:52 . 2012-06-04 00:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-05 20:33 . 2012-06-05 20:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-04 00:52 . 2012-06-04 00:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-05 20:33 . 2012-06-05 20:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-04 23:00 . 2012-06-04 23:00 4286 c:\windows\Installer\{3EEF7896-1F47-4FB4-92A2-8F7AEBD4B239}\_DC2BE438A759D5BF5B2514.exe
+ 2012-06-04 23:00 . 2012-06-04 23:00 4286 c:\windows\Installer\{3EEF7896-1F47-4FB4-92A2-8F7AEBD4B239}\_853F67D554F05449430E7E.exe
+ 2012-06-04 23:00 . 2012-06-04 23:00 4286 c:\windows\Installer\{3EEF7896-1F47-4FB4-92A2-8F7AEBD4B239}\_360D766D8A6E068CBDFF8D.exe
+ 2012-06-04 23:00 . 2012-06-04 23:00 4062 c:\windows\Installer\{3EEF7896-1F47-4FB4-92A2-8F7AEBD4B239}\_2B361F48AB373E9E088EB4.exe
+ 2011-12-03 22:23 . 2012-06-05 17:09 253024 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 04:45 . 2012-06-04 23:02 469968 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 05:30 . 2012-04-10 15:05 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-06-05 20:31 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-11-04 13:10 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2012-06-05 20:31 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2012-05-07 10:54 . 2012-06-05 20:32 755208 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2012-06-05 20:32 429860 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 02:36 . 2012-06-05 23:59 2827688 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-05 23:59 1225090 c:\windows\system32\perfc009.dat
+ 2009-07-14 04:45 . 2012-06-05 08:20 7298510 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\token s.dat
- 2009-07-14 04:45 . 2012-05-12 02:44 7298510 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\token s.dat
- 2011-12-05 14:11 . 2012-06-04 00:31 1874688 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3553815003-590717795-807720870-1000-12288.dat
+ 2011-12-05 14:11 . 2012-06-04 19:03 1874688 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3553815003-590717795-807720870-1000-12288.dat
+ 2009-07-14 02:34 . 2012-06-05 00:04 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-05-12 02:38 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-12-02 15:35 . 2012-06-05 00:03 26238372 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3553815003-590717795-807720870-1000-8192.dat
+ 2012-06-02 20:05 . 2012-06-02 20:05 21954560 c:\windows\Installer\bfe699.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-05-20 880496]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-05-03 17355912]
"SpybotSD TeaTimer"="c:\s&d\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-02-06 66872]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-04-29 885760]
"oc4j"="c:\obiee\oc4j_bi\bin\oc4j.cmd" [2011-12-03 4983]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
.
c:\users\lifeRockss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-27 116648]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-27 116648]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 129976]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 Oracle BI Cluster Controller;Oracle BI Cluster Controller;c:\obiee\server\Bin\NQSClusterController.exe [2011-07-28 33792]
R3 Oracle BI Scheduler;Oracle BI Scheduler;c:\obiee\server\Bin\NQScheduler.exe [2011-07-28 122880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 Oracle BI Server;Oracle BI Server;c:\obiee\server\Bin\NQSServer.exe [2011-07-28 49152]
S2 sawjavahostsvc;Oracle BI Java Host;c:\obiee\web\bin\sawjavahostsvc.exe [2011-07-28 94208]
S2 sawsvc;Oracle BI Presentation Server;c:\obiee\web\bin\sawserver.exe [2011-07-28 86016]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-07-08 1692480]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-02 2923392]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-27 14:46]
.
2012-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-27 14:46]
.
2012-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3553815003-590717795-807720870-1000Core.job
- c:\users\lifeRockss\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-10 15:05]
.
2012-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3553815003-590717795-807720870-1000UA.job
- c:\users\lifeRockss\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-10 15:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]
"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-04-29 2055016]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\lifeRockss\AppData\Roaming\Mozilla\Firefox\Profiles\ns61vjua.default\
FF - prefs.js: browser.search.selectedEngine - Blekko
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://blekko.com/?source=c3348dd4&tbp=url&toolbarid=blekkotb&u=___userid___&q=
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-06 01:21:37
ComboFix-quarantined-files.txt 2012-06-06 00:21
ComboFix2.txt 2012-06-05 21:13
ComboFix3.txt 2012-06-04 02:51
.
Pre-Run: 125,849,993,216 bytes free
Post-Run: 125,794,697,216 bytes free
.
- - End Of File - - 8A0B785BB88D0D91FA1FBA74F6908088
Last edited by liferockss; 05 Jun 2012 at 19:26.