Jump to content

Malwarebytes successfully blocked access to a potentially malicious website (multiple adresses)

Recommended Posts

hey guys, recently ive been getting this popup when surfing the net that states

"Malwarebytes successfully blocked access to a potentially malicious website" with an ip adress of, though this appears to change to and

I've tried a few fixes without success, my last attempt was running combofix which resulting in having to do a system restore.

I've also noticed that i can no longer run Mcafee as it states "the ordinal 1112 could not be located in the dynamic link library WSOCK32.dll"

Not too sure if this was before or after the popup started occuring.

But im trying to avoid a rebuild, and was hoping you guys might know a solution.

Please see below for the DDS log.... ive also attached the other log as instructed in your forums.

thanks in advance



DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by Kevin at 16:27:38 on 2012-04-30

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.3959.751 [GMT 8:00]


AV: McAfee VirusScan Enterprise *Disabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Outdated* {3D54B793-665E-3129-9103-206115370C8A}


============== Running Processes ===============




C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS


C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs


C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService


C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE



C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe


C:\windows\system32\svchost.exe -k LocalServiceNoNetwork


C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe


C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe


C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe






C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE

C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\MagicDisc\MagicDisc.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Winamp\winampa.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe


C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\McAfee\Common Framework\McTray.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\swtor\RetailClient\swtor.exe

C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\swtor\RetailClient\swtor.exe








============== Pseudo HJT Report ===============


uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll

mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120429212703.dll

BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [softAuto.exe] "C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe"

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

mRun: [shStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

dRunOnce: [DeleteEngineAfterUpdate] reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine /f

StartupFolder: C:\Users\Kevin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe

StartupFolder: C:\Users\Kevin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer =

TCP: Interfaces\{9F8AE21A-C670-4482-8874-72C7C1CE0313} : DhcpNameServer =

TCP: Interfaces\{9F8AE21A-C670-4482-8874-72C7C1CE0313}\E4544574541425 : DhcpNameServer =

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120429212703.dll

BHO-X64: scriptproxy - No File

BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll

BHO-X64: uTorrentBar - No File

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

mRun-x64: [shStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm


================= FIREFOX ===================


FF - ProfilePath - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\1pqnwcbi.default\

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Kevin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll


============= SERVICES / DRIVERS ===============


R0 mfehidk;McAfee Inc. mfehidk;C:\windows\system32\drivers\mfehidk.sys --> C:\windows\system32\drivers\mfehidk.sys [?]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\system32\drivers\mfewfpk.sys --> C:\windows\system32\drivers\mfewfpk.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe [2010-7-7 89600]

R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]

R2 dgdersvc;Device Error Recovery Service;C:\Windows\SysWOW64\dgdersvc.exe [2010-5-25 95568]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-7 13336]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-28 654408]

R2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2011-1-12 120128]

R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-4-29 190256]

R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [2011-1-12 209760]

R2 mfevtp;McAfee Validation Trust Protection Service;"C:\windows\system32\mfevtps.exe" --> C:\windows\system32\mfevtps.exe [?]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-7-7 2320920]

R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]

R3 BcmVWL;Broadcom Virtual Wireless;C:\windows\system32\DRIVERS\bcmvwl64.sys --> C:\windows\system32\DRIVERS\bcmvwl64.sys [?]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\system32\DRIVERS\CtClsFlt.sys --> C:\windows\system32\DRIVERS\CtClsFlt.sys [?]

R3 dgderdrv;dgderdrv;C:\Windows\System32\drivers\dgderdrv.sys [2010-5-25 18120]

R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\system32\drivers\mfeavfk.sys --> C:\windows\system32\drivers\mfeavfk.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe --> C:\Program Files\Dell\DellDock\DockLogin.exe [?]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-5 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-28 253088]

S3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?]

S3 CTUPnPSv;Creative Centrale Media Server;C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [2008-5-21 64000]

S3 FACAP;facap, FastAccess Video Capture;C:\windows\system32\DRIVERS\facap.sys --> C:\windows\system32\DRIVERS\facap.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-5 136176]

S3 mferkdet;McAfee Inc. mferkdet;C:\windows\system32\drivers\mferkdet.sys --> C:\windows\system32\drivers\mferkdet.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-30 129976]

S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\windows\system32\DRIVERS\ssadbus.sys --> C:\windows\system32\DRIVERS\ssadbus.sys [?]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\windows\system32\DRIVERS\ssadmdfl.sys --> C:\windows\system32\DRIVERS\ssadmdfl.sys [?]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\windows\system32\DRIVERS\ssadmdm.sys --> C:\windows\system32\DRIVERS\ssadmdm.sys [?]

S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.Sys [2010-9-29 16392]

S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\system32\DRIVERS\wdcsam64.sys --> C:\windows\system32\DRIVERS\wdcsam64.sys [?]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\system32\DRIVERS\yk62x64.sys --> C:\windows\system32\DRIVERS\yk62x64.sys [?]


=============== Created Last 30 ================


2012-04-29 13:27:01 9984 ----a-w- C:\windows\System32\drivers\mfeclnk.sys

2012-04-29 13:27:00 97960 ----a-w- C:\windows\System32\drivers\mferkdet.sys

2012-04-29 13:26:59 217696 ----a-w- C:\windows\System32\drivers\mfeavfk.sys

2012-04-29 13:26:59 153952 ----a-w- C:\windows\System32\drivers\mfeapfk.sys

2012-04-29 13:26:57 607152 ----a-w- C:\windows\System32\drivers\mfehidk.sys

2012-04-29 13:26:45 281544 ----a-w- C:\windows\System32\drivers\mfewfpk.sys

2012-04-29 13:26:45 156248 ----a-w- C:\windows\System32\mfevtps.exe

2012-04-29 13:25:17 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee

2012-04-29 12:11:01 -------- d-----w- C:\ComboFix

2012-04-29 11:58:34 -------- d-----w- C:\$RECYCLE.BIN

2012-04-29 11:43:30 208896 ----a-w- C:\windows\MBR.exe

2012-04-29 11:43:28 98816 ----a-w- C:\windows\sed.exe

2012-04-29 11:43:28 518144 ----a-w- C:\windows\SWREG.exe

2012-04-29 11:43:28 256000 ----a-w- C:\windows\PEV.exe

2012-04-29 11:35:34 156248 ----a-w- C:\windows\System32\mfevtps.exe.f1e7.deleteme

2012-04-29 11:12:10 -------- d-----w- C:\TDSSKiller_Quarantine

2012-04-28 08:12:02 -------- d-----w- C:\Users\Kevin\AppData\Roaming\Malwarebytes

2012-04-28 08:11:54 -------- d-----w- C:\ProgramData\Malwarebytes

2012-04-28 08:11:53 24904 ----a-w- C:\windows\System32\drivers\mbam.sys

2012-04-28 08:11:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-04-28 08:11:41 -------- d-----w- C:\Users\Kevin\AppData\Roaming\Obahmu

2012-04-28 08:11:41 -------- d-----w- C:\Users\Kevin\AppData\Roaming\Elfab

2012-04-28 07:22:51 -------- d-----w- C:\Users\Kevin\AppData\Roaming\McAfee

2012-04-28 07:20:26 74848 ----a-w- C:\windows\SysWow64\MfeOtlkAddin.dll

2012-04-28 07:19:54 99056 ----a-w- C:\windows\System32\MfeOtlkAddin.dll

2012-04-28 07:19:47 -------- d-----w- C:\Program Files\Common Files\McAfee

2012-04-28 04:08:09 -------- d-----w- C:\Users\Kevin\AppData\Roaming\Uwavomo

2012-04-28 04:08:09 -------- d-----w- C:\Users\Kevin\AppData\Roaming\Qiygnoy

2012-04-28 03:57:36 418464 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2012-04-27 13:11:57 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{18469D68-D10C-48D0-A9A8-252C51BDD041}\mpengine.dll

2012-04-22 09:53:46 -------- d-----w- C:\Users\Kevin\Diablo-III-8370-enUS-Installer

2012-04-22 09:53:19 -------- d-----w- C:\Program Files\Diablo 3

2012-04-20 14:25:00 -------- d-----w- C:\Program Files (x86)\Diablo III Beta

2012-04-20 14:23:29 -------- d-----w- C:\ProgramData\Battle.net

2012-04-18 14:00:55 -------- d-----w- C:\Users\Kevin\.Virtualbox

2012-04-18 14:00:52 -------- d-----w- C:\Users\Kevin\youwave

2012-04-18 14:00:15 -------- d-----w- C:\Program Files (x86)\YouWave_Android

2012-04-12 16:19:54 81408 ----a-w- C:\windows\System32\imagehlp.dll

2012-04-12 16:19:54 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys

2012-04-12 16:19:53 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll

2012-04-12 16:19:49 172544 ----a-w- C:\windows\SysWow64\wintrust.dll

2012-04-12 16:19:48 5120 ----a-w- C:\windows\SysWow64\wmi.dll

2012-04-12 16:19:48 5120 ----a-w- C:\windows\System32\wmi.dll

2012-04-12 16:19:48 220672 ----a-w- C:\windows\System32\wintrust.dll


==================== Find3M ====================


2012-04-29 13:26:06 22816 ----a-w- C:\windows\SysWow64\MFEOtlk.dll

2012-04-28 03:57:36 70304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-28 06:56:48 2311168 ----a-w- C:\windows\System32\jscript9.dll

2012-02-28 06:49:56 1390080 ----a-w- C:\windows\System32\wininet.dll

2012-02-28 06:48:57 1493504 ----a-w- C:\windows\System32\inetcpl.cpl

2012-02-28 06:42:55 2382848 ----a-w- C:\windows\System32\mshtml.tlb

2012-02-28 01:18:55 1799168 ----a-w- C:\windows\SysWow64\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- C:\windows\SysWow64\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb

2012-02-23 02:18:36 279656 ------w- C:\windows\System32\MpSigStub.exe

2012-02-17 06:38:26 1031680 ----a-w- C:\windows\System32\rdpcore.dll

2012-02-17 05:34:22 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58:24 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys

2012-02-17 04:57:32 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys

2012-02-10 06:36:07 1544192 ----a-w- C:\windows\System32\DWrite.dll

2012-02-10 05:38:43 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll

2012-02-03 04:34:34 3145728 ----a-w- C:\windows\System32\win32k.sys


============= FINISH: 16:29:08.75 ===============


Link to post
Share on other sites

Hello, and :welcome:

Unfortunately you have a nasty rootkit on your computer. Please read the following first.



One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

I notice you ran combofix already, please delete any old copy you may still have and download a new one.



Please download ComboFix from one of these locations:


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

So far I have seen no evidence of malware that spreads to other devices, but to be sure better run some other scans first.

It depends a bit on when the image you want to use was created though (if the computer contained infected files back then, they will be restored once you reimage).

Link to post
Share on other sites

I am sorry to hear that, but I hope everything is running okay now.

Please read these advices, in order to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.