help please - Windows 7 (x86)

[Teknique]

DDS (Ver_10-03-17.01) - NTFSX64

Run by Brent at 23:56:38.06 on Thu 03/18/2010

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3999.2239 [GMT -4:00]

AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe

C:\Program Files\LSI SoftModem\agr64svc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe

C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe

C:\Windows\system32\mfevtps.exe

C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe

C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SMManager.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Windows\SysWOW64\explorer.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Windows\SysWOW64\explorer.exe

C:\Program Files (x86)\Cisco Systems\Clean Access Agent\CCAAgent.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Java\jre6\bin\jusched.exe

c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\Program Files (x86)\iPod\bin\iPodService.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe

C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Users\Brent\Downloads\dds.scr

C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb

mLocal Page = c:\windows\syswow64\blank.htm

uInternet Settings,ProxyOverride = *.local

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files (x86)\mcafee\virusscan enterprise\scriptsn.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live

\WindowsLiveLogin.dll

BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - c:\program files (x86)\common files\homepage protection\HomepageProtection.dll

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\msn\toolbar\3.0.0560.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files (x86)\msn\toolbar\3.0.0560.0\msneshellx.dll

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [LightScribe Control Panel] c:\program files (x86)\common files\lightscribe\LightScribeControlPanel.exe -hidden

uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background

uRun: [skype] "c:\program files (x86)\skype\phone\Skype.exe" /nosplash /minimized

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [HKCU] c:\users\brent\appdata\roaming\microsoft\Winlogon.exe

mRun: [HPCam_Menu] "c:\program files (x86)\hewlett-packard\media\webcam\muitransfer\muistartmenu.exe" "c:\program files (x86)\hewlett-packard\media\webcam"

updatewithcreateonce "software\hewlett-packard\media\Webcam"

mRun: [<NO NAME>]

mRun: [HP Connection Manager.exe]

mRun: [QlbCtrl.exe] c:\program files (x86)\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start

mRun: [updatePRCShortCut] "c:\program files (x86)\hewlett-packard\recovery\muitransfer\muistartmenu.exe" "c:\program files (x86)\hewlett-packard\recovery"

updatewithcreateonce "software\cyberlink\PowerRecover"

mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe

mRun: [WirelessAssistant] c:\program files (x86)\hewlett-packard\hp wireless assistant\HPWAMain.exe

mRun: [McAfeeUpdaterUI] "c:\program files (x86)\mcafee\common framework\udaterui.exe" /StartedFromRunKey

mRun: [shStatEXE] "c:\program files (x86)\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE

mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe"

mRun: [sunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"

mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"

mRun: [HKLM] c:\users\brent\appdata\roaming\microsoft\Winlogon.exe

uExplorerRun: [Policies] c:\users\brent\appdata\roaming\microsoft\Winlogon.exe

mExplorerRun: [Policies] c:\users\brent\appdata\roaming\microsoft\Winlogon.exe

StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\cleana~1.lnk - c:\program files (x86)\cisco systems\clean access agent

\CCAAgentLauncher.exe

uPolicies-system: WallpaperStyle = 2

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

dPolicies-system: WallpaperStyle = 2

IE: E&xport to Microsoft Excel - c:\progra~2\micros~4\office12\EXCEL.EXE/3000

IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files (x86)\pokerstars\PokerStarsUpdate.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~4\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~4\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files (x86)\hp\digital imaging\smart web printing

\hpswp_BHO.dll

DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

TCP: {20DD4F8A-FB32-418D-98B0-E85EBC7482B6} = 209.183.33.23 209.183.33.23

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files (x86)\common files\lightscribe\LSRunOnce.exe"

mASetup: {47Q3L657-A1UU-U2O0-50G5-7Y47W3805IQM} - c:\users\brent\appdata\roaming\microsoft\Winlogon.exe

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files (x86)\mcafee\virusscan enterprise\x64\scriptsn.dll

BHO-X64: scriptproxy - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

mRun-x64: [Apoint] c:\program files\apoint2k\Apoint.exe

mRun-x64: [sysTrayApp] c:\program files\idt\wdm\sttray64.exe

mRun-x64: [smartMenu] c:\program files\hewlett-packard\hp mediasmart\SmartMenu.exe /background

mRun-x64: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun-x64: [igfxTray] c:\windows\system32\igfxtray.exe

mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe

================= FIREFOX ===================

FF - ProfilePath - c:\users\brent\appdata\roaming\mozilla\firefox\profiles\kifhqxt6.default\

FF - prefs.js: browser.startup.homepage - hxxps://my.fordham.edu/cp/home/displaylogin

FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdnu.dll

FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdnupdater2.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors",

true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name",

"chrome://browser/locale/browser.properties");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description",

"chrome://browser/locale/browser.properties");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-3-9 69152]

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-11-14 465792]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-9-25

89600]

R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2009-7-8 30520]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\lavasoft\ad-aware\AAWService.exe [2010-2-4 1229232]

R2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\mcafee\virusscan enterprise\x64\engineserver.exe [2008-9-29 17920]

R2 McAfeeFramework;McAfee Framework Service;c:\program files (x86)\mcafee\common framework\FrameworkService.exe [2008-3-14 103744]

R2 McShield;McAfee McShield;c:\program files (x86)\mcafee\virusscan enterprise\x64\mcshield.exe [2008-9-29 175072]

R2 McTaskManager;McAfee Task Manager;c:\program files (x86)\mcafee\virusscan enterprise\vstskmgr.exe [2008-9-29 62800]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-11-14 75656]

R2 QDLService2kHP;Qualcomm Gobi 2000 Download Service (HP);c:\program files (x86)\qualcomm\qdlservice2k\QDLService2kHP.exe [2009-7-27 329976]

R2 SMManager;HP Connection Manager Service;c:\program files (x86)\hewlett-packard\hp connection manager\SMManager.exe [2009-7-31 82248]

R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-8-24 228408]

R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2009-5-20 70656]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-5-26 138752]

R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-7-22 140712]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-11-14 118688]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\drivers\NETw5s64.sys [2009-9-15 6952960]

R3 qcfilterhp2k;Gobi 2000 USB Composite Device Filter Driver(03F0-251D);c:\windows\system32\drivers\qcfilterhp2k.sys [2009-7-27 6400]

R3 qcusbnethp2k;Gobi 2000 USB-NDIS miniport(03F0-251D);c:\windows\system32\drivers\qcusbnethp2k.sys [2009-7-27 220672]

R3 qcusbserhp2k;Gobi 2000 USB Device for Legacy Serial Communication(03F0-251D);c:\windows\system32\drivers\qcusbserhp2k.sys [2009-7-27 120960]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-9-25 215040]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 17920]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-11-14 75800]

S3 NETw1v64;Intel® Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\NETw1v64.sys [2009-9-25 7058432]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\netw5v64.sys [2009-6-10 5434368]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL6.SYS [2009-7-13 292864]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV6.SYS [2009-7-13 1485312]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT6.SYS [2009-7-13 740864]

S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-8-28 49152]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-5 1255736]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x64.sys [2009-6-10 389120]

=============== Created Last 30 ================

2010-03-19 03:52:26 188 ----a-w- c:\users\brent\defogger_reenable

2010-03-15 02:58:19 0 d-----w- C:\OKIDATA

2010-03-09 08:04:23 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-03-09 07:44:09 0 d-----w- c:\users\brent\appdata\roaming\Malwarebytes

2010-03-09 07:44:02 22104 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-09 07:44:02 0 d-----w- c:\programdata\Malwarebytes

2010-03-09 07:44:01 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2010-03-09 07:41:35 69152 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-03-09 07:41:31 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-03-09 07:38:53 0 dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

2010-03-09 07:38:43 0 d-----w- c:\programdata\Lavasoft

2010-03-09 07:38:43 0 d-----w- c:\program files (x86)\Lavasoft

2010-03-05 17:40:55 0 d-----w- c:\windows\syswow64\Wat

2010-03-05 17:40:54 0 d-----w- c:\windows\system32\Wat

2010-03-04 20:58:38 33874 ----a-w- c:\users\brent\appdata\roaming\SQLite3.dll

2010-03-01 03:51:52 0 d-----w- c:\program files (x86)\common files\Software Update Utility

2010-03-01 03:51:49 0 d-----w- c:\program files (x86)\common files\AOL

2010-03-01 03:51:34 346 ---ha-w- C:\IPH.PH

2010-02-28 01:57:11 0 d-----w- C:\QUARANTINE

==================== Find3M ====================

2010-03-10 16:54:19 69 ----a-w- c:\users\brent\jagex_runescape_preferences2.dat

2010-03-10 16:54:19 41 ----a-w- c:\users\brent\jagex_runescape_preferences.dat

2010-02-24 14:16:06 212864 ------w- c:\windows\system32\MpSigStub.exe

2010-02-02 08:36:47 2048 ----a-w- c:\windows\system32\tzres.dll

2010-02-02 07:45:54 2048 ----a-w- c:\windows\syswow64\tzres.dll

2010-01-19 09:05:57 424960 ----a-w- c:\windows\system32\secproc.dll

2010-01-19 09:05:57 422912 ----a-w- c:\windows\system32\secproc_isv.dll

2010-01-19 09:05:57 121856 ----a-w- c:\windows\system32\secproc_ssp_isv.dll

2010-01-19 09:05:57 121856 ----a-w- c:\windows\system32\secproc_ssp.dll

2010-01-19 09:00:44 305152 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe

2010-01-19 09:00:43 357888 ----a-w- c:\windows\system32\RMActivate_isv.exe

2010-01-19 09:00:37 356352 ----a-w- c:\windows\system32\RMActivate.exe

2010-01-19 09:00:37 306688 ----a-w- c:\windows\system32\RMActivate_ssp.exe

2010-01-18 23:29:31 85504 ----a-w- c:\windows\syswow64\secproc_ssp_isv.dll

2010-01-18 23:29:31 85504 ----a-w- c:\windows\syswow64\secproc_ssp.dll

2010-01-18 23:29:31 365568 ----a-w- c:\windows\syswow64\secproc_isv.dll

2010-01-18 23:29:30 369152 ----a-w- c:\windows\syswow64\secproc.dll

2010-01-18 23:28:33 324608 ----a-w- c:\windows\syswow64\RMActivate_isv.exe

2010-01-18 23:28:33 277504 ----a-w- c:\windows\syswow64\RMActivate_ssp_isv.exe

2010-01-18 23:28:30 320512 ----a-w- c:\windows\syswow64\RMActivate.exe

2010-01-18 23:28:30 280064 ----a-w- c:\windows\syswow64\RMActivate_ssp.exe

2010-01-11 07:12:38 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll

2009-12-22 08:36:19 243200 ----a-w- c:\windows\system32\wow64.dll

2009-12-22 08:24:35 14336 ----a-w- c:\windows\syswow64\ntvdm64.dll

2009-12-22 08:23:35 25600 ----a-w- c:\windows\syswow64\setup16.exe

2009-12-22 08:22:10 5120 ----a-w- c:\windows\syswow64\wow32.dll

2009-12-22 04:28:10 7680 ----a-w- c:\windows\syswow64\instnm.exe

2009-12-22 04:28:08 2048 ----a-w- c:\windows\syswow64\user.exe

2009-12-19 09:51:24 1192960 ----a-w- c:\windows\system32\wininet.dll

2009-12-19 09:50:56 14848 ----a-w- c:\windows\system32\tsbyuv.dll

2009-12-19 09:49:47 1572352 ----a-w- c:\windows\system32\quartz.dll

2009-12-19 09:47:56 25088 ----a-w- c:\windows\system32\msyuv.dll

2009-12-19 09:47:53 38912 ----a-w- c:\windows\system32\msvidc32.dll

2009-12-19 09:47:46 16384 ----a-w- c:\windows\system32\msrle32.dll

2009-12-19 09:46:35 54272 ----a-w- c:\windows\system32\iyuv_32.dll

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini

2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2009-07-14 05:12:52 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat

2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-

app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c

\WinMail.exe

============= FINISH: 23:57:37.33 ===============

Attach.zip

[screen317]

Hi,

What issues are you experiencing??

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and Paste the entire report in your next reply along with a fresh HijackThis log.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

[Teknique]

I have malwarebytes and it is up to date, I ran it multiple times and it wouldn't remove the infected files, I have more information here

One of my accounts from www.runescape.com was hacked then I ran this and found I had multiple trojans as well as backdoors. I ran malwarebytes multiple times and it wouldn't remove the infected files but I ran it about 10 times and then they were starting to go away and now it doesn't find them. I still want to make sure that I don't have any hidden malware on my computer though.

[screen317]

Hi,

There's a reason why I want to see the log from MBAM, so please post it.

Please scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
  
• Click the button.
  
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your Desktop.
    
  • Double click on the icon on your Desktop.
    

  [*]Check

  [*]Click the button.

  [*]Accept any security warnings from your browser.

  [*]Check

  [*]Push the Start button.

  [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

  [*]When the scan completes, push

  [*]Push , and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

  [*]Push the button.

  [*]Push

-screen317

[Teknique]

MBAM:

Malwarebytes' Anti-Malware 1.44

Database version: 3888

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

3/20/2010 12:06:24 PM

mbam-log-2010-03-20 (12-06-24).txt

Scan type: Quick Scan

Objects scanned: 117734

Time elapsed: 6 minute(s), 24 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

[screen317]

Hi,

Well considering the detections shown in your other topic, I'm afraid I have bad news.

Your logs reveal a backdoor trojan. A backdoor severely compromises system integrity.

A compromised system may allow illicit network connections, disabling of security software, modifying critical system files and collection and transmiission of personal identifiable information without your consent.

I recommend that you disconnect this PC from the Internet immediately, and only reconnect to download any tools that are required. If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. If it were on my PC I would not hesitate for a moment to do so. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy.

Should you have any questions, please feel free to ask.

Let me know what you decide.

If you would like to proceed, run the ESET online scan as previously instructed.

-screen317