Jump to content

Recommended Posts

I have been having problems with my computer for the last few weeks. I was on Deviantart.com and a window popped up saying I had Windows 7 security installed and was doing a scan. I recognized it as malware and finally got it uninstalled. I got Malwarebytes Pro and it says that there are no infected files, but McAfee and Windows will neither one update. I didn't have this problem until after the malware problem.

Here is the last Malwarebytes log:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6539

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

5/9/2011 4:20:32 PM

mbam-log-2011-05-09 (16-20-32).txt

Scan type: Quick scan

Objects scanned: 200205

Time elapsed: 14 minute(s), 19 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Here is the DDS.txt:

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Shane's at 16:03:40.49 on Mon 05/09/2011

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3033.1665 [GMT -4:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_25c3c9ef676ad202\STacSV.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_25c3c9ef676ad202\aestsrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

C:\Windows\system32\rundll32.exe

C:\Program Files\McAfee Online Backup\MOBKbackup.exe

C:\Windows\system32\DRIVERS\o2flash.exe

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\McAfee Online Backup\MOBKbackup.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Users\Shane's\Desktop\cleaning tools\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.ask.com?o=14196&l=dis

uInternet Settings,ProxyOverride = *.local

uInternet Settings,ProxyServer = http=127.0.0.1:51151

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101103115631.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2

mRun: [OEM13Mon.exe] c:\windows\OEM13Mon.exe

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [Reader Library Launcher] c:\program files\sony\reader\data\bin\launcher\Reader Library Launcher.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{871df2be-41d2-4334-ac33-839af16fc8fe}\Icon3E5562ED7.ico

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: HideFastUserSwitching = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL

DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://scv-ssl1.courts.state.va.us/CACHE/stc/1/binaries/vpnweb.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\shane's\appdata\roaming\mozilla\firefox\profiles\2sfddssi.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 51151

FF - prefs.js: network.proxy.type - 0

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - plugin: c:\program files\sony\reader\data\bin\npebldetectmoz.dll

FF - plugin: c:\program files\tabletplugins\npwacom.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor

FF - Ext: Flash and Video Download: {bee6eb20-01e0-ebd1-da83-080329fb9a3a} - %profile%\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}

FF - Ext: Mozilla Archive Format: {7f57cf46-4467-4c2d-adfa-0cba7c507e54} - %profile%\extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-5-31 386840]

R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-7-13 164840]

R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-7-13 64304]

R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [2010-7-13 54776]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [2011-1-25 110304]

R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\adobe\elements 9 organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_25c3c9ef676ad202\AEstSrv.exe [2010-3-26 81920]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-4-16 363344]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-7-13 271480]

R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-7-13 271480]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-7-13 271480]

R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-7-13 271480]

R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-7-13 171168]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-7-13 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-7-13 141792]

R2 MOBKbackup;McAfee Online Backup;c:\program files\mcafee online backup\MOBKbackup.exe [2010-4-13 229688]

R2 TabletServiceWacom;TabletServiceWacom;c:\program files\tablet\wacom\Wacom_Tablet.exe [2011-3-27 4807536]

R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2010-12-6 597752]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-7-13 55840]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-4-29 143968]

R3 kwkpcusb;Kyocera CDMA Wireless Modem Driver for KPC;c:\windows\system32\drivers\kwusbnt.sys [2007-2-8 101280]

R3 kwndis;Kyocera Wireless NDIS Driver;c:\windows\system32\drivers\kwndis.sys [2007-7-25 116224]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-4-16 20952]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-7-13 152960]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-7-13 52104]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-7-13 313288]

R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]

R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdg.sys [2010-3-26 58528]

R3 O2SDGRDR;O2SDGRDR;c:\windows\system32\drivers\o2sdg.sys [2010-3-26 41504]

R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [2007-3-5 7424]

R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [2008-5-28 235840]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-3-26 167936]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-5 136176]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2010-4-29 134144]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-5 136176]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-7-13 84264]

S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15 6114816]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]

S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2011-3-27 10752]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-12 1343400]

.

=============== Created Last 30 ================

.

2011-05-06 15:30:42 0 ---ha-w- c:\users\shane's\appdata\local\BIT5C73.tmp

2011-05-06 15:28:42 0 ---ha-w- c:\users\shane's\appdata\local\BIT88FD.tmp

2011-04-17 13:41:26 -------- d-----w- c:\program files\CCleaner

2011-04-17 05:17:16 -------- d-----w- c:\users\shane's\appdata\roaming\SUPERAntiSpyware.com

2011-04-17 05:17:16 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com

2011-04-17 05:17:10 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-04-17 02:25:49 -------- d-----w- c:\users\shane's\appdata\roaming\Malwarebytes

2011-04-17 02:25:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-04-17 02:25:44 -------- d-----w- c:\progra~2\Malwarebytes

2011-04-17 02:25:41 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-17 02:25:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-04-17 01:33:42 114688 --sha-w- c:\users\shane's\appdata\local\tnc.exe

2011-04-17 01:32:52 114688 --sha-w- c:\users\shane's\appdata\local\oiv.exe

2011-04-16 19:43:12 -------- d-----w- c:\users\shane's\appdata\local\Panther

2011-04-16 19:43:07 114688 --sha-w- c:\users\shane's\appdata\local\iou.exe

2011-04-15 19:43:12 -------- d-----w- c:\program files\Microsoft IntelliPoint

2011-04-15 19:41:09 -------- d-----w- c:\program files\Microsoft IntelliType Pro

2011-04-15 02:29:18 2331136 ----a-w- c:\windows\system32\win32k.sys

2011-04-15 02:29:06 191488 ----a-w- c:\windows\system32\FXSCOVER.exe

2011-04-15 02:28:58 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-04-15 02:28:48 740864 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-15 02:28:38 1137664 ----a-w- c:\windows\system32\mfc42.dll

2011-04-15 02:28:37 1164288 ----a-w- c:\windows\system32\mfc42u.dll

2011-04-15 02:28:21 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-04-15 02:28:21 69632 ----a-w- c:\windows\system32\drivers\bowser.sys

2011-04-15 02:28:21 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-04-15 02:28:21 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-10 19:00:17 -------- d-----w- c:\users\shane's\FrostWire

2011-04-10 19:00:10 -------- d-----w- c:\users\shane's\appdata\roaming\FrostWire

2011-04-10 18:12:51 -------- d-----w- c:\program files\iTunes

2011-04-10 18:12:51 -------- d-----w- c:\program files\iPod

.

==================== Find3M ====================

.

2011-04-14 21:43:19 952 --sha-w- c:\progra~2\KGyGaAvL.sys

2011-03-12 11:31:58 442880 ----a-w- c:\windows\system32\XpsPrint.dll

2011-03-11 05:39:35 1686016 ----a-w- c:\windows\system32\esent.dll

2011-03-11 05:37:34 74240 ----a-w- c:\windows\system32\fsutil.exe

2011-03-03 05:29:23 132608 ----a-w- c:\windows\system32\dnsrslvr.dll

2011-03-03 05:27:30 28672 ----a-w- c:\windows\system32\dnscacheugc.exe

2011-02-26 05:33:07 2614784 ----a-w- c:\windows\explorer.exe

2011-02-24 05:32:44 981504 ----a-w- c:\windows\system32\wininet.dll

2011-02-24 05:30:16 44544 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-24 04:23:48 386048 ----a-w- c:\windows\system32\html.iec

2011-02-24 03:50:26 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-02-19 05:33:11 802304 ----a-w- c:\windows\system32\FntCache.dll

2011-02-19 05:32:48 1074176 ----a-w- c:\windows\system32\DWrite.dll

2011-02-19 05:32:35 739840 ----a-w- c:\windows\system32\d2d1.dll

2011-02-19 05:32:08 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-02-19 03:37:02 294912 ----a-w- c:\windows\system32\atmfd.dll

2011-02-18 20:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll

2011-02-18 05:36:26 428032 ----a-w- c:\windows\system32\vbscript.dll

2011-02-18 05:33:29 31232 ----a-w- c:\windows\system32\prevhost.exe

2006-05-02 23:00:00 163328 --sh--r- c:\windows\system32\flvDX.dll

2007-02-20 23:00:00 31232 --sh--r- c:\windows\system32\msfDX.dll

2008-03-15 23:00:00 216064 --sh--r- c:\windows\system32\nbDX.dll

.

============= FINISH: 16:04:52.59 ===============

Defogger wouldn't seem to do anything. I included the log it created in my attachment.

HELP!

Attach.zip

Link to post
Share on other sites

Thanks for your reply.

Here are the logs you requested.

For some reason even though I followed the steps to disable McAfee, it wouldn't do it apparently.

Combofix:

ComboFix 11-05-11.04 - Shane's 05/12/2011 17:05:17.1.2 - x86

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3033.1978 [GMT -4:00]

Running from: c:\users\Shane's\Desktop\cleaning tools\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Shane's\AppData\Local\iou.exe

c:\users\Shane's\AppData\Local\oiv.exe

c:\users\Shane's\AppData\Local\tnc.exe

c:\users\Shane's\AppData\Roaming\Microsoft\Windows\Templates\l2b7v5x656t76ehnh00

.

.

((((((((((((((((((((((((( Files Created from 2011-04-12 to 2011-05-12 )))))))))))))))))))))))))))))))

.

.

2011-05-12 21:16 . 2011-05-12 21:16 -------- d-----w- c:\users\Shane's\AppData\Local\temp

2011-05-12 21:16 . 2011-05-12 21:16 -------- d-----w- c:\users\TEMP.SHANE-PC.002\AppData\Local\temp

2011-05-12 21:16 . 2011-05-12 21:16 -------- d-----w- c:\users\FixthisSh!t\AppData\Local\temp

2011-05-12 21:16 . 2011-05-12 21:16 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-05-12 21:16 . 2011-05-12 21:16 -------- d-----w- c:\users\CompAdmin\AppData\Local\temp

2011-05-12 12:44 . 2011-03-29 03:07 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys

2011-05-12 12:44 . 2011-03-29 03:06 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2011-05-12 12:44 . 2011-03-29 03:06 284160 ----a-w- c:\windows\system32\drivers\usbport.sys

2011-05-12 12:44 . 2011-03-29 03:06 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys

2011-05-12 12:44 . 2011-03-29 03:06 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys

2011-05-12 12:44 . 2011-03-29 03:06 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2011-05-12 12:44 . 2011-03-29 03:06 5888 ----a-w- c:\windows\system32\drivers\usbd.sys

2011-05-12 12:44 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-05-12 12:44 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-05-11 11:12 . 2011-05-11 11:12 -------- d-----w- c:\program files\Common Files\Java

2011-05-11 04:12 . 2011-05-11 04:12 -------- d-----w- c:\programdata\ALM

2011-05-11 03:00 . 2011-04-14 18:01 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-05-11 00:54 . 2011-05-11 03:40 -------- d-----w- c:\users\Shane's\AppData\Roaming\Download Manager

2011-05-06 15:30 . 2011-05-06 15:30 0 ---ha-w- c:\users\Shane's\AppData\Local\BIT5C73.tmp

2011-05-06 15:28 . 2011-05-06 15:28 0 ---ha-w- c:\users\Shane's\AppData\Local\BIT88FD.tmp

2011-04-17 13:41 . 2011-04-17 13:41 -------- d-----w- c:\program files\CCleaner

2011-04-17 05:17 . 2011-04-17 05:17 -------- d-----w- c:\users\Shane's\AppData\Roaming\SUPERAntiSpyware.com

2011-04-17 05:17 . 2011-04-17 05:17 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-04-17 05:17 . 2011-04-17 05:17 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-04-17 02:25 . 2011-04-17 02:25 -------- d-----w- c:\users\Shane's\AppData\Roaming\Malwarebytes

2011-04-17 02:25 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-04-17 02:25 . 2011-04-17 02:25 -------- d-----w- c:\programdata\Malwarebytes

2011-04-17 02:25 . 2011-04-17 02:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-04-17 02:25 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-16 19:43 . 2011-04-16 19:43 -------- d-----w- c:\users\Shane's\AppData\Local\Panther

2011-04-15 19:43 . 2011-04-15 19:43 -------- d-----w- c:\program files\Microsoft IntelliPoint

2011-04-15 19:41 . 2011-04-15 19:41 -------- d-----w- c:\program files\Microsoft IntelliType Pro

2011-04-15 02:29 . 2011-03-03 03:31 2331136 ----a-w- c:\windows\system32\win32k.sys

2011-04-15 02:29 . 2011-02-12 05:30 191488 ----a-w- c:\windows\system32\FXSCOVER.exe

2011-04-15 02:28 . 2011-02-24 05:32 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-04-15 02:28 . 2011-03-08 05:38 740864 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-15 02:28 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\system32\mfc42.dll

2011-04-15 02:28 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\system32\mfc42u.dll

2011-04-15 02:28 . 2011-02-23 05:05 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-04-15 02:28 . 2011-02-23 05:05 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-04-15 02:28 . 2011-02-23 05:05 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-15 02:28 . 2011-02-23 05:05 69632 ----a-w- c:\windows\system32\drivers\bowser.sys

2011-04-14 07:39 . 2011-04-14 07:39 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-14 21:43 . 2011-03-29 20:17 952 --sha-w- c:\programdata\KGyGaAvL.sys

2011-04-14 18:01 . 2010-07-14 03:30 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-04-14 18:01 . 2010-07-14 03:29 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-04-14 18:01 . 2010-07-14 03:29 64584 ----a-w- c:\windows\system32\drivers\mfenlfk.sys

2011-04-14 18:01 . 2010-07-14 03:29 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-04-14 18:01 . 2010-07-14 03:29 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-04-14 18:01 . 2010-07-14 03:29 165032 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2011-04-14 18:01 . 2010-07-14 03:29 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-04-14 18:01 . 2010-06-01 01:32 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-04-14 18:01 . 2010-06-01 01:32 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-04-13 12:23 . 2011-02-25 16:40 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2011-04-13 12:23 . 2011-02-20 02:47 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2011-03-18 20:40 . 2011-03-18 20:40 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-6\markup.dll

2011-03-18 20:39 . 2011-02-20 01:46 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2011-03-16 21:09 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-03-15 20:36 . 2011-03-15 20:36 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-5\Microsoft.MediaCenter.Sports.UI.dll

2011-03-10 03:58 . 2011-03-10 03:58 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-7\markup.dll

2011-02-28 22:01 . 2011-02-28 22:01 947472 ----a-w- c:\windows\system32\msjava.dll

2011-02-25 16:03 . 2011-02-25 16:03 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2011-02-25 15:00 . 2011-02-25 15:00 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-5\markup.dll

2011-02-20 04:49 . 2011-02-20 04:49 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-4\markup.dll

2011-02-20 02:47 . 2011-02-20 02:47 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll

2011-02-20 01:46 . 2011-02-20 01:46 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-02-19 05:33 . 2011-03-10 04:06 802304 ----a-w- c:\windows\system32\FntCache.dll

2011-02-19 05:32 . 2011-03-10 04:06 1074176 ----a-w- c:\windows\system32\DWrite.dll

2011-02-19 05:32 . 2011-03-10 04:06 739840 ----a-w- c:\windows\system32\d2d1.dll

2011-02-18 20:36 . 2011-02-18 20:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2011-02-18 20:36 . 2011-02-18 20:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll

2011-04-14 18:01 . 2010-07-14 03:30 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

2006-05-02 23:00 163328 --sh--r- c:\windows\System32\flvDX.dll

2007-02-20 23:00 31232 --sh--r- c:\windows\System32\msfDX.dll

2008-03-15 23:00 216064 --sh--r- c:\windows\System32\nbDX.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]

@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"

[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]

2010-04-14 01:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]

@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"

[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]

2010-04-14 01:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]

@="{b4caf489-1eec-c617-49ad-8d7088598c06}"

[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]

2010-04-14 01:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-03-16 2423752]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-29 217088]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-11-06 495708]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]

"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"OEM13Mon.exe"="c:\windows\OEM13Mon.exe" [2008-01-07 36864]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1195408]

"Reader Library Launcher"="c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-05-10 906656]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 1778064]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 1797488]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

VPN Client.lnk - c:\windows\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico [2011-1-24 6144]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"HideFastUserSwitching"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-06 136176]

R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]

R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-01-06 44416]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-06 136176]

R3 kwkpcusb;Kyocera CDMA Wireless Modem Driver for KPC;c:\windows\system32\DRIVERS\kwusbnt.sys [2007-02-09 101280]

R3 kwndis;Kyocera Wireless NDIS Driver;c:\windows\system32\DRIVERS\kwndis.sys [2007-07-25 116224]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-04-14 84488]

R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-11-02 10752]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-12 1343400]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-04-14 165032]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-04-14 64584]

S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [2010-04-14 54776]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [2011-01-26 110304]

S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_25c3c9ef676ad202\aestsrv.exe [2009-03-02 81920]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 188136]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-04-14 141792]

S2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [2010-04-14 229688]

S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2010-11-15 4807536]

S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-12-06 597752]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-04-14 56064]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 143968]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-20 20952]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-04-14 314088]

S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-07-13 4231168]

S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdg.sys [2009-05-22 58528]

S3 O2SDGRDR;O2SDGRDR;c:\windows\system32\DRIVERS\o2sdg.sys [2009-05-07 41504]

S3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\DRIVERS\OEM13Vfx.sys [2007-03-05 7424]

S3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\DRIVERS\OEM13Vid.sys [2008-05-28 235840]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-17 167936]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-06 00:35]

.

2011-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-06 00:35]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.ask.com?o=14196&l=dis

uInternet Settings,ProxyOverride = *.local

uInternet Settings,ProxyServer = http=127.0.0.1:51151

IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000

DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://scv-ssl1.courts.state.va.us/CACHE/stc/1/binaries/vpnweb.cab

FF - ProfilePath - c:\users\Shane's\AppData\Roaming\Mozilla\Firefox\Profiles\2sfddssi.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 51151

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor

FF - Ext: Adobe Acrobat - Create PDF: web2pdfextension@web2pdf.adobedotcom - c:\program files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

FF - Ext: Flash and Video Download: {bee6eb20-01e0-ebd1-da83-080329fb9a3a} - %profile%\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}

FF - Ext: Mozilla Archive Format: {7f57cf46-4467-4c2d-adfa-0cba7c507e54} - %profile%\extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-05-12 17:18:50

ComboFix-quarantined-files.txt 2011-05-12 21:18

.

Pre-Run: 251,999,612,928 bytes free

Post-Run: 251,627,208,704 bytes free

.

- - End Of File - - 4BE4585C37743B86F25D39BCCFC094E0

DDS

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Shane's at 17:19:38.24 on Thu 05/12/2011

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3033.1792 [GMT -4:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_25c3c9ef676ad202\STacSV.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_25c3c9ef676ad202\aestsrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

C:\Program Files\McAfee Online Backup\MOBKbackup.exe

C:\Program Files\McAfee Online Backup\MOBKbackup.exe

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\taskhost.exe

C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\McAfee Online Backup\MOBKbackup.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\DellTPad\HidFind.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\explorer.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Shane's\Desktop\cleaning tools\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.ask.com?o=14196&l=dis

uInternet Settings,ProxyOverride = *.local

uInternet Settings,ProxyServer = http=127.0.0.1:51151

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110510231333.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2

mRun: [OEM13Mon.exe] c:\windows\OEM13Mon.exe

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [Reader Library Launcher] c:\program files\sony\reader\data\bin\launcher\Reader Library Launcher.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin

mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{871df2be-41d2-4334-ac33-839af16fc8fe}\Icon3E5562ED7.ico

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: HideFastUserSwitching = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab

DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://scv-ssl1.courts.state.va.us/CACHE/stc/1/binaries/vpnweb.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\shane's\appdata\roaming\mozilla\firefox\profiles\2sfddssi.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 51151

FF - prefs.js: network.proxy.type - 0

FF - component: c:\program files\adobe\acrobat 10.0\acrobat\browser\wcfirefoxextn\components\WCFirefoxExtn.dll

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - plugin: c:\program files\sony\reader\data\bin\npebldetectmoz.dll

FF - plugin: c:\program files\tabletplugins\npwacom.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor

FF - Ext: Adobe Acrobat - Create PDF: web2pdfextension@web2pdf.adobedotcom - c:\program files\adobe\acrobat 10.0\acrobat\browser\WCFirefoxExtn

FF - Ext: Flash and Video Download: {bee6eb20-01e0-ebd1-da83-080329fb9a3a} - %profile%\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}

FF - Ext: Mozilla Archive Format: {7f57cf46-4467-4c2d-adfa-0cba7c507e54} - %profile%\extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-5-31 387480]

R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-7-13 165032]

R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-7-13 64584]

R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [2010-7-13 54776]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [2011-1-25 110304]

R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\adobe\elements 9 organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_25c3c9ef676ad202\AEstSrv.exe [2010-3-26 81920]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-4-16 363344]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-7-13 271480]

R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-7-13 271480]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-7-13 271480]

R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-7-13 271480]

R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-7-13 171168]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-7-13 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-7-13 141792]

R2 MOBKbackup;McAfee Online Backup;c:\program files\mcafee online backup\MOBKbackup.exe [2010-4-13 229688]

R2 TabletServiceWacom;TabletServiceWacom;c:\program files\tablet\wacom\Wacom_Tablet.exe [2011-3-27 4807536]

R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2010-12-6 597752]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-5-10 56064]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-4-29 143968]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-4-16 20952]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-7-13 153280]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-7-13 314088]

R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]

R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdg.sys [2010-3-26 58528]

R3 O2SDGRDR;O2SDGRDR;c:\windows\system32\drivers\o2sdg.sys [2010-3-26 41504]

R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [2007-3-5 7424]

R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [2008-5-28 235840]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-3-26 167936]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-5 136176]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2010-4-29 134144]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-5 136176]

S3 kwkpcusb;Kyocera CDMA Wireless Modem Driver for KPC;c:\windows\system32\drivers\kwusbnt.sys [2007-2-8 101280]

S3 kwndis;Kyocera Wireless NDIS Driver;c:\windows\system32\drivers\kwndis.sys [2007-7-25 116224]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-7-13 52320]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-7-13 84488]

S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15 6114816]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]

S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2011-3-27 10752]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-12 1343400]

.

=============== Created Last 30 ================

.

2011-05-12 21:18:58 -------- d-sh--w- C:\$RECYCLE.BIN

2011-05-12 21:18:52 -------- d-----w- c:\users\shane's\appdata\local\temp

2011-05-12 21:03:38 98816 ----a-w- c:\windows\sed.exe

2011-05-12 21:03:38 89088 ----a-w- c:\windows\MBR.exe

2011-05-12 21:03:38 256512 ----a-w- c:\windows\PEV.exe

2011-05-12 21:03:38 161792 ----a-w- c:\windows\SWREG.exe

2011-05-12 12:44:07 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2011-05-12 12:44:07 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys

2011-05-12 12:44:07 284160 ----a-w- c:\windows\system32\drivers\usbport.sys

2011-05-12 12:44:07 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys

2011-05-12 12:44:06 5888 ----a-w- c:\windows\system32\drivers\usbd.sys

2011-05-12 12:44:06 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2011-05-12 12:44:06 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys

2011-05-12 12:44:03 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-05-12 12:44:03 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-05-11 04:12:05 -------- d-----w- c:\progra~2\ALM

2011-05-11 03:00:52 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-05-06 15:30:42 0 ---ha-w- c:\users\shane's\appdata\local\BIT5C73.tmp

2011-05-06 15:28:42 0 ---ha-w- c:\users\shane's\appdata\local\BIT88FD.tmp

2011-04-17 13:41:26 -------- d-----w- c:\program files\CCleaner

2011-04-17 05:17:16 -------- d-----w- c:\users\shane's\appdata\roaming\SUPERAntiSpyware.com

2011-04-17 05:17:16 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com

2011-04-17 05:17:10 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-04-17 02:25:49 -------- d-----w- c:\users\shane's\appdata\roaming\Malwarebytes

2011-04-17 02:25:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-04-17 02:25:44 -------- d-----w- c:\progra~2\Malwarebytes

2011-04-17 02:25:41 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-17 02:25:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-04-16 19:43:12 -------- d-----w- c:\users\shane's\appdata\local\Panther

2011-04-15 19:43:12 -------- d-----w- c:\program files\Microsoft IntelliPoint

2011-04-15 19:41:09 -------- d-----w- c:\program files\Microsoft IntelliType Pro

2011-04-15 02:29:18 2331136 ----a-w- c:\windows\system32\win32k.sys

2011-04-15 02:29:06 191488 ----a-w- c:\windows\system32\FXSCOVER.exe

2011-04-15 02:28:58 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-04-15 02:28:48 740864 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-15 02:28:38 1137664 ----a-w- c:\windows\system32\mfc42.dll

2011-04-15 02:28:37 1164288 ----a-w- c:\windows\system32\mfc42u.dll

2011-04-15 02:28:21 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-04-15 02:28:21 69632 ----a-w- c:\windows\system32\drivers\bowser.sys

2011-04-15 02:28:21 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-04-15 02:28:21 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-14 07:39:02 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

.

==================== Find3M ====================

.

2011-04-14 21:43:19 952 --sha-w- c:\progra~2\KGyGaAvL.sys

2011-03-12 11:31:58 442880 ----a-w- c:\windows\system32\XpsPrint.dll

2011-03-11 05:39:35 1686016 ----a-w- c:\windows\system32\esent.dll

2011-03-11 05:37:34 74240 ----a-w- c:\windows\system32\fsutil.exe

2011-03-03 05:29:23 132608 ----a-w- c:\windows\system32\dnsrslvr.dll

2011-03-03 05:27:30 28672 ----a-w- c:\windows\system32\dnscacheugc.exe

2011-02-28 22:01:40 947472 ----a-w- c:\windows\system32\msjava.dll

2011-02-26 05:33:07 2614784 ----a-w- c:\windows\explorer.exe

2011-02-24 05:32:44 981504 ----a-w- c:\windows\system32\wininet.dll

2011-02-24 05:30:16 44544 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-24 04:23:48 386048 ----a-w- c:\windows\system32\html.iec

2011-02-24 03:50:26 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-02-19 05:33:11 802304 ----a-w- c:\windows\system32\FntCache.dll

2011-02-19 05:32:48 1074176 ----a-w- c:\windows\system32\DWrite.dll

2011-02-19 05:32:35 739840 ----a-w- c:\windows\system32\d2d1.dll

2011-02-19 05:32:08 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-02-19 03:37:02 294912 ----a-w- c:\windows\system32\atmfd.dll

2011-02-18 20:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll

2011-02-18 05:36:26 428032 ----a-w- c:\windows\system32\vbscript.dll

2011-02-18 05:33:29 31232 ----a-w- c:\windows\system32\prevhost.exe

2006-05-02 23:00:00 163328 --sh--r- c:\windows\system32\flvDX.dll

2007-02-20 23:00:00 31232 --sh--r- c:\windows\system32\msfDX.dll

2008-03-15 23:00:00 216064 --sh--r- c:\windows\system32\nbDX.dll

.

============= FINISH: 17:20:06.48 ===============

The attach file is in the attachment.

Attach2.txt

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

ESET log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

Security Check log:

Results of screen317's Security Check version 0.99.11

Windows 7 (UAC is enabled)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

McAfee Total Protection

Norton Internet Security

McAfee Security Scan Plus

McAfee Online Backup

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

CCleaner

Java 6 Update 24

Out of date Java installed!

Adobe Flash Player 10.2.159.1

Adobe Reader 9.4.4

Out of date Adobe Reader installed!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

``````````End of Log````````````

Updating is working now for both Windows and McAfee. Thank you for your help!

Link to post
Share on other sites

  • Staff

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

Java

Link to post
Share on other sites

  • 2 weeks later...

Things are updating now, but Malwarebytes keeps throwing up random alerts saying it blocked an IP address. I scan with both Malwarebytes and McAfee and it says that it is clean. Here is the protection log from MB:

00:17:24 Shane's IP-BLOCK 216.155.130.250 (Type: outgoing, Port: 54791, Process: firefox.exe)

00:17:24 Shane's IP-BLOCK 216.155.130.252 (Type: outgoing, Port: 54792, Process: firefox.exe)

00:17:24 Shane's IP-BLOCK 216.155.130.245 (Type: outgoing, Port: 54793, Process: firefox.exe)

09:18:32 Shane's MESSAGE Protection started successfully

09:18:36 Shane's MESSAGE IP Protection started successfully

09:44:56 Shane's IP-BLOCK 221.192.199.49 (Type: outgoing, Port: 137)

09:44:56 Shane's IP-BLOCK 221.192.199.49 (Type: outgoing, Port: 137)

09:44:56 Shane's IP-BLOCK 221.192.199.49 (Type: outgoing, Port: 137)

09:49:28 Shane's IP-BLOCK 221.192.199.43 (Type: outgoing, Port: 137)

09:49:28 Shane's IP-BLOCK 221.192.199.43 (Type: outgoing, Port: 137)

09:49:28 Shane's IP-BLOCK 221.192.199.43 (Type: outgoing, Port: 137)

11:32:31 Shane's IP-BLOCK 221.192.199.43 (Type: outgoing, Port: 137)

11:32:31 Shane's IP-BLOCK 221.192.199.43 (Type: outgoing, Port: 137)

11:32:31 Shane's IP-BLOCK 221.192.199.43 (Type: outgoing, Port: 137)

11:43:45 Shane's IP-BLOCK 221.192.199.43 (Type: outgoing, Port: 137)

11:43:45 Shane's IP-BLOCK 221.192.199.43 (Type: outgoing, Port: 137)

11:43:45 Shane's IP-BLOCK 221.192.199.43 (Type: outgoing, Port: 137)

11:45:53 Shane's IP-BLOCK 221.192.199.51 (Type: outgoing, Port: 137)

11:45:53 Shane's IP-BLOCK 221.192.199.51 (Type: outgoing, Port: 137)

11:45:53 Shane's IP-BLOCK 221.192.199.51 (Type: outgoing, Port: 137)

12:08:27 Shane's IP-BLOCK 221.192.199.43 (Type: outgoing, Port: 137)

12:08:27 Shane's IP-BLOCK 221.192.199.43 (Type: outgoing, Port: 137)

12:08:27 Shane's IP-BLOCK 221.192.199.43 (Type: outgoing, Port: 137)

12:18:03 Shane's IP-BLOCK 221.192.199.43 (Type: outgoing, Port: 137)

12:18:03 Shane's IP-BLOCK 221.192.199.43 (Type: outgoing, Port: 137)

12:18:03 Shane's IP-BLOCK 221.192.199.43 (Type: outgoing, Port: 137)

12:33:24 Shane's IP-BLOCK 221.192.199.51 (Type: outgoing, Port: 137)

12:33:24 Shane's IP-BLOCK 221.192.199.51 (Type: outgoing, Port: 137)

12:33:24 Shane's IP-BLOCK 221.192.199.51 (Type: outgoing, Port: 137)

12:42:36 Shane's IP-BLOCK 221.192.199.43 (Type: outgoing, Port: 137)

12:42:36 Shane's IP-BLOCK 221.192.199.43 (Type: outgoing, Port: 137)

12:42:36 Shane's IP-BLOCK 221.192.199.43 (Type: outgoing, Port: 137)

12:49:09 Shane's IP-BLOCK 221.192.199.51 (Type: outgoing, Port: 137)

12:49:09 Shane's IP-BLOCK 221.192.199.51 (Type: outgoing, Port: 137)

12:49:17 Shane's IP-BLOCK 221.192.199.51 (Type: outgoing, Port: 137)

12:53:01 Shane's IP-BLOCK 221.192.199.43 (Type: outgoing, Port: 137)

12:53:01 Shane's IP-BLOCK 221.192.199.43 (Type: outgoing, Port: 137)

12:53:01 Shane's IP-BLOCK 221.192.199.43 (Type: outgoing, Port: 137)

13:15:18 Shane's IP-BLOCK 221.192.199.43 (Type: outgoing, Port: 137)

13:15:18 Shane's IP-BLOCK 221.192.199.43 (Type: outgoing, Port: 137)

13:15:18 Shane's IP-BLOCK 221.192.199.43 (Type: outgoing, Port: 137)

13:21:10 Shane's IP-BLOCK 221.192.199.51 (Type: outgoing, Port: 137)

13:21:10 Shane's IP-BLOCK 221.192.199.51 (Type: outgoing, Port: 137)

13:21:18 Shane's IP-BLOCK 221.192.199.51 (Type: outgoing, Port: 137)

13:25:02 Shane's IP-BLOCK 221.192.199.43 (Type: outgoing, Port: 137)

13:25:02 Shane's IP-BLOCK 221.192.199.43 (Type: outgoing, Port: 137)

13:25:02 Shane's IP-BLOCK 221.192.199.43 (Type: outgoing, Port: 137)

13:27:51 Shane's IP-BLOCK 221.192.199.43 (Type: outgoing, Port: 49933, Process: firefox.exe)

13:44:47 Shane's MESSAGE Protection started successfully

13:44:52 Shane's MESSAGE IP Protection started successfully

14:07:09 Shane's IP-BLOCK 221.192.199.51 (Type: outgoing, Port: 137)

14:07:09 Shane's IP-BLOCK 221.192.199.51 (Type: outgoing, Port: 137)

14:07:17 Shane's IP-BLOCK 221.192.199.51 (Type: outgoing, Port: 137)

It does this several times a day.

Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.