Jump to content

Recommended Posts

Hi there,

I've recently discovered an issue on my Wondows 7 laptop whereby links within any search engine are re-router to random sites. I downloaded and ran Malwarebytes and it discovered and removed Adware.AdRotator from my PC. However, it has returned. I have also used Microsoft Malicious Software Removal Tool, PC Tools Spy Doctor and Adware, all of which discovered and removed the problem. It has returned over and over again - the little mongrel! If I run a scan on any of these programs again, nothing is found.

Please find relevant logs attached; DDS below, original Malwarebytes log, ark.txt and attach.txt attached.

Thank you in anticipation of your help.

DDS LOG

DDS (Ver_11-05-19.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24

Run by Daniel at 20:16:27 on 2011-05-21

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.3882.2459 [GMT 10:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\nvvsvc.exe

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\WLANExt.exe

C:\windows\system32\conhost.exe

C:\windows\system32\taskeng.exe

C:\windows\system32\rundll32.exe

C:\windows\SysWOW64\rundll32.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

C:\windows\system32\nvvsvc.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\windows\system32\mfevtps.exe

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\windows\system32\rundll32.exe

C:\windows\SysWOW64\rundll32.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\windows\system32\svchost.exe -k bthsvcs

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\windows\System32\rundll32.exe

C:\windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Elantech\ETDCtrl.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe

C:\Program Files (x86)\McAfee Online Backup\MOBKstat.exe

C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

C:\windows\SysWOW64\RunDll32.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files\Elantech\ETDCtrlHelper.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Windows\Samsung\PanelMgr\SSMMgr.exe

C:\Program Files (x86)\Telstra\Mobile Broadband Manager\TelstraUCM.exe

C:\Windows\Samsung\PanelMgr\caller64.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Mindjet\MindManager 9\MmReminderService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\system32\taskeng.exe

C:\windows\system32\taskeng.exe

C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe

C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\srspremiumpanel_64.exe

C:\windows\system32\igfxext.exe

C:\windows\system32\igfxsrvc.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

D:\Program Files (x86)\Freecorder\FLVSrvc.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\windows\system32\igfxpers.exe

C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe

C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe

C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe

C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe

C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe

c:\PROGRA~1\mcafee.com\agent\McUpdate.exe

c:\PROGRA~1\mcafee\msc\mcupdmgr.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\Users\Daniel\Downloads\dds.scr

C:\windows\SysWOW64\WSCRIPT.exe

C:\windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://samsung.msn.com

uDefault_Page_URL = hxxp://samsung.msn.com

mStart Page = hxxp://samsung.msn.com

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll

uURLSearchHooks: H - No File

mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

BHO: CmjBrowserHelperObject Object: {6fe6a929-59d1-4763-91ad-29b61cffb35b} - C:\Program Files (x86)\Mindjet\MindManager 9\Mm8InternetExplorer.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110512224301.dll

BHO: W2PBrowser Class: {aa609d72-8482-4076-8991-8cdae5b93bcb} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll

TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

uRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler

mRun: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini

mRun: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun

mRun: [bigPondWirelessBroadbandCM] "C:\Program Files (x86)\Telstra\Mobile Broadband Manager\TelstraUCM.exe" -tsr

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [MMReminderService] C:\Program Files (x86)\Mindjet\MindManager 9\MMReminderService.exe

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [messenger.exe] C:\Program Files (x86)\Common Files\Microsoft Shared\Web Components\messenger.exe

mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun: [Freecorder FLV Service] "d:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\Users\Daniel\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Online Backup\MOBKstat.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 9\Mm8InternetExplorer.dll

IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

AppInit_DLLs: C:\windows\SysWOW64\nvinit.dll

BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL

BHO-X64: McAfee Phishing Filter - No File

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110512224300.dll

BHO-X64: scriptproxy - No File

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll

BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll

mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

mRun-x64: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe

mRun-x64: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

AppInit_DLLs-X64: C:\windows\system32\nvinitx.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\gw7evncv.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: keyword.URL - hxxp://au.search.yahoo.com/search?fr=mcafee&p=

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\npCIDetect14.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Users\Daniel\AppData\Local\ABR\Plug-In\bin\npAUSkeyPlugin.dll

FF - plugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\gw7evncv.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\windows\system32\drivers\mfehidk.sys --> C:\windows\system32\drivers\mfehidk.sys [?]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\system32\drivers\mfewfpk.sys --> C:\windows\system32\drivers\mfewfpk.sys [?]

R0 nvpciflt;nvpciflt;C:\windows\system32\DRIVERS\nvpciflt.sys --> C:\windows\system32\DRIVERS\nvpciflt.sys [?]

R1 mfenlfk;McAfee NDIS Light Filter;C:\windows\system32\DRIVERS\mfenlfk.sys --> C:\windows\system32\DRIVERS\mfenlfk.sys [?]

R1 MOBKFilter;MOBKFilter;C:\windows\system32\DRIVERS\MOBK.sys --> C:\windows\system32\DRIVERS\MOBK.sys [?]

R3 btwampfl;Bluetooth AMP USB Filter;C:\windows\system32\drivers\btwampfl.sys --> C:\windows\system32\drivers\btwampfl.sys [?]

R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?]

R3 cfwids;McAfee Inc. cfwids;C:\windows\system32\drivers\cfwids.sys --> C:\windows\system32\drivers\cfwids.sys [?]

R3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys --> C:\windows\system32\DRIVERS\ETD.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\system32\drivers\mfeavfk.sys --> C:\windows\system32\drivers\mfeavfk.sys [?]

R3 mfefirek;McAfee Inc. mfefirek;C:\windows\system32\drivers\mfefirek.sys --> C:\windows\system32\drivers\mfefirek.sys [?]

S3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]

S3 massfilter;ZTE Mass Storage Filter Driver;C:\windows\system32\drivers\massfilter.sys --> C:\windows\system32\drivers\massfilter.sys [?]

S3 mferkdet;McAfee Inc. mferkdet;C:\windows\system32\drivers\mferkdet.sys --> C:\windows\system32\drivers\mferkdet.sys [?]

S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]

.

=============== Created Last 30 ================

.

2011-05-20 10:11:07 404640 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-05-12 13:05:37 388096 ----a-r- C:\Users\Daniel\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-05-12 13:05:36 -------- d-----w- C:\Program Files (x86)\Trend Micro

2011-05-12 12:52:51 -------- d-----w- C:\Users\Daniel\AppData\Local\Sunbelt Software

2011-05-12 12:44:04 49752 ----a-w- C:\windows\System32\drivers\SBREDrv.sys

2011-05-12 12:43:01 24376 ----a-w- C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll

2011-05-12 12:09:21 -------- d-----w- C:\Program Files (x86)\Lavasoft

2011-05-11 06:00:46 5562240 ----a-w- C:\windows\System32\ntoskrnl.exe

2011-05-11 06:00:44 3967872 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe

2011-05-11 06:00:44 3912576 ----a-w- C:\windows\SysWow64\ntoskrnl.exe

2011-05-11 06:00:35 52736 ----a-w- C:\windows\System32\drivers\usbehci.sys

2011-05-11 06:00:35 343040 ----a-w- C:\windows\System32\drivers\usbhub.sys

2011-05-11 06:00:35 325120 ----a-w- C:\windows\System32\drivers\usbport.sys

2011-05-11 06:00:34 98816 ----a-w- C:\windows\System32\drivers\usbccgp.sys

2011-05-11 06:00:34 7936 ----a-w- C:\windows\System32\drivers\usbd.sys

2011-05-11 06:00:34 30720 ----a-w- C:\windows\System32\drivers\usbuhci.sys

2011-05-11 06:00:34 25600 ----a-w- C:\windows\System32\drivers\usbohci.sys

2011-05-06 10:47:50 -------- d-----w- C:\Program Files (x86)\PC Tools Security

2011-05-05 11:24:01 -------- d-----w- C:\windows\System32\MpEngineStore

2011-05-05 11:13:41 -------- d-----w- C:\Users\Daniel\AppData\Roaming\Malwarebytes

2011-05-05 11:13:33 38224 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-05-05 11:13:32 -------- d-----w- C:\ProgramData\Malwarebytes

2011-05-05 11:13:29 24152 ----a-w- C:\windows\System32\drivers\mbam.sys

2011-05-05 11:13:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-04-29 00:55:16 -------- d-----w- C:\Users\Daniel\AppData\Roaming\UDC Profiles

2011-04-27 09:46:14 2871808 ----a-w- C:\windows\explorer.exe

2011-04-27 09:46:14 2616320 ----a-w- C:\windows\SysWow64\explorer.exe

2011-04-27 09:46:11 870912 ----a-w- C:\windows\SysWow64\XpsPrint.dll

2011-04-27 09:46:11 1465344 ----a-w- C:\windows\System32\XpsPrint.dll

2011-04-27 09:45:25 2565632 ----a-w- C:\windows\System32\esent.dll

2011-04-27 09:45:24 96768 ----a-w- C:\windows\System32\fsutil.exe

2011-04-27 09:45:24 1699328 ----a-w- C:\windows\SysWow64\esent.dll

2011-04-27 09:45:24 1659776 ----a-w- C:\windows\System32\drivers\ntfs.sys

2011-04-27 09:45:23 74240 ----a-w- C:\windows\SysWow64\fsutil.exe

2011-04-27 09:45:23 410496 ----a-w- C:\windows\System32\drivers\iaStorV.sys

2011-04-27 09:45:23 27008 ----a-w- C:\windows\System32\drivers\amdxata.sys

2011-04-27 09:45:23 189824 ----a-w- C:\windows\System32\drivers\storport.sys

2011-04-27 09:45:23 166272 ----a-w- C:\windows\System32\drivers\nvstor.sys

2011-04-27 09:45:23 148352 ----a-w- C:\windows\System32\drivers\nvraid.sys

2011-04-27 09:45:23 107904 ----a-w- C:\windows\System32\drivers\amdsata.sys

2011-04-27 09:44:51 31232 ----a-w- C:\windows\SysWow64\prevhost.exe

2011-04-27 09:44:51 31232 ----a-w- C:\windows\System32\prevhost.exe

2011-04-24 12:35:23 -------- d-----w- C:\Users\Daniel\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

2011-04-24 03:08:23 -------- d-----w- C:\Users\Daniel\AppData\Local\PackageAware

2011-04-22 13:00:50 -------- d-----w- C:\Users\Daniel\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

.

==================== Find3M ====================

.

2011-04-15 13:38:25 54444 ----a-w- C:\windows\SysWow64\opexsahbsut.exe

2011-04-15 13:28:47 106496 --sha-r- C:\windows\SysWow64\resutilsz.dll

2011-04-06 07:22:29 72080 ----a-w- C:\Users\Daniel\g2mdlhlpx.exe

2011-03-23 07:24:47 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll

2011-03-13 01:45:12 158832 ----a-w- C:\windows\System32\mfevtps.exe

2011-03-13 01:20:10 9984 ----a-w- C:\windows\System32\drivers\mfeclnk.sys

2011-03-13 01:20:10 98728 ----a-w- C:\windows\System32\drivers\mferkdet.sys

2011-03-13 01:20:10 75672 ----a-w- C:\windows\System32\drivers\mfenlfk.sys

2011-03-13 01:20:10 65128 ----a-w- C:\windows\System32\drivers\cfwids.sys

2011-03-13 01:20:10 639216 ----a-w- C:\windows\System32\drivers\mfehidk.sys

2011-03-13 01:20:10 481376 ----a-w- C:\windows\System32\drivers\mfefirek.sys

2011-03-13 01:20:10 281928 ----a-w- C:\windows\System32\drivers\mfewfpk.sys

2011-03-13 01:20:10 227856 ----a-w- C:\windows\System32\drivers\mfeavfk.sys

2011-03-13 01:20:10 156792 ----a-w- C:\windows\System32\drivers\mfeapfk.sys

2011-03-11 06:34:51 1359872 ----a-w- C:\windows\System32\mfc42u.dll

2011-03-11 06:34:50 1395712 ----a-w- C:\windows\System32\mfc42.dll

2011-03-11 05:33:59 1164288 ----a-w- C:\windows\SysWow64\mfc42u.dll

2011-03-11 05:33:59 1137664 ----a-w- C:\windows\SysWow64\mfc42.dll

2011-03-09 04:22:18 152576 ----a-w- C:\windows\SysWow64\msclmd.dll

2011-03-09 04:22:17 175616 ----a-w- C:\windows\System32\msclmd.dll

2011-03-08 06:29:32 976896 ----a-w- C:\windows\System32\inetcomm.dll

2011-03-08 05:28:29 741376 ----a-w- C:\windows\SysWow64\inetcomm.dll

2011-03-04 06:19:28 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll

2011-03-04 06:19:27 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll

2011-03-03 06:24:16 183296 ----a-w- C:\windows\System32\dnsrslvr.dll

2011-03-03 06:21:57 30208 ----a-w- C:\windows\System32\dnscacheugc.exe

2011-03-03 05:36:16 28672 ----a-w- C:\windows\SysWow64\dnscacheugc.exe

2011-03-03 03:52:08 3135488 ----a-w- C:\windows\System32\win32k.sys

2011-02-24 06:15:44 476160 ----a-w- C:\windows\System32\XpsGdiConverter.dll

2011-02-24 05:38:54 288256 ----a-w- C:\windows\SysWow64\XpsGdiConverter.dll

2011-02-23 04:56:31 158208 ----a-w- C:\windows\System32\drivers\mrxsmb.sys

2011-02-23 04:56:27 467456 ----a-w- C:\windows\System32\drivers\srv.sys

2011-02-23 04:56:03 411648 ----a-w- C:\windows\System32\drivers\srv2.sys

2011-02-23 04:55:47 167936 ----a-w- C:\windows\System32\drivers\srvnet.sys

2011-02-23 04:55:12 287744 ----a-w- C:\windows\System32\drivers\mrxsmb10.sys

2011-02-23 04:55:12 128000 ----a-w- C:\windows\System32\drivers\mrxsmb20.sys

2011-02-23 04:55:04 90624 ----a-w- C:\windows\System32\drivers\bowser.sys

.

============= FINISH: 20:18:19.50 ===============

attach.zip

Original Malawarebytes Log.txt

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

In the future, please post all logs directly into your reply instead of attaching them. With that said, please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Hi Chris,

Thanks for your reply. please find relevant logs as requested below.

Cheers

Dan

MBAM Log

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6670

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

25/05/2011 6:14:37 PM

mbam-log-2011-05-25 (18-14-37).txt

Scan type: Quick scan

Objects scanned: 175612

Time elapsed: 6 minute(s), 12 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

ComboFix Log

ComboFix 11-05-24.02 - Daniel 25/05/2011 18:23:17.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.3882.2414 [GMT 10:00]

Running from: c:\users\Daniel\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Daniel\g2mdlhlpx.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-04-25 to 2011-05-25 )))))))))))))))))))))))))))))))

.

.

2011-05-25 09:08 . 2011-05-25 09:08 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2011-05-25 09:08 . 2011-05-25 09:08 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-05-25 08:15 . 2011-05-25 08:19 -------- d-----w- C:\32788R22FWJFW

2011-05-24 08:27 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe

2011-05-24 08:27 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe

2011-05-20 10:11 . 2011-05-20 10:11 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-05-12 13:05 . 2011-05-12 13:05 388096 ----a-r- c:\users\Daniel\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-05-12 13:05 . 2011-05-12 13:05 -------- d-----w- c:\program files (x86)\Trend Micro

2011-05-12 12:52 . 2011-05-12 12:52 -------- d-----w- c:\users\Daniel\AppData\Local\Sunbelt Software

2011-05-12 12:44 . 2011-05-12 12:44 49752 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-05-12 12:43 . 2011-03-13 01:42 24376 ----a-w- c:\program files (x86)\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll

2011-05-12 12:09 . 2011-05-12 12:09 -------- d-----w- c:\program files (x86)\Lavasoft

2011-05-12 12:09 . 2011-05-20 11:42 -------- d-----w- c:\programdata\Lavasoft

2011-05-11 06:00 . 2011-04-09 07:02 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-05-11 06:00 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2011-05-11 06:00 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2011-05-11 06:00 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys

2011-05-11 06:00 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys

2011-05-11 06:00 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys

2011-05-11 06:00 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2011-05-11 06:00 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys

2011-05-11 06:00 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2011-05-11 06:00 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys

2011-05-06 10:47 . 2011-05-20 11:52 -------- d-----w- c:\program files (x86)\PC Tools Security

2011-05-06 10:36 . 2011-05-06 10:36 -------- d-----w- c:\program files\Google

2011-05-06 10:36 . 2011-05-06 10:36 -------- d-----w- c:\programdata\Google Updater

2011-05-05 11:24 . 2011-05-11 06:50 -------- d-----w- c:\windows\system32\MpEngineStore

2011-05-05 11:13 . 2011-05-05 11:13 -------- d-----w- c:\users\Daniel\AppData\Roaming\Malwarebytes

2011-05-05 11:13 . 2010-12-20 08:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-05-05 11:13 . 2011-05-05 11:13 -------- d-----w- c:\programdata\Malwarebytes

2011-05-05 11:13 . 2011-05-05 11:13 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-05-05 11:13 . 2010-12-20 08:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-29 00:55 . 2011-04-29 00:55 -------- d-----w- c:\users\Daniel\AppData\Roaming\UDC Profiles

2011-04-27 09:46 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe

2011-04-27 09:46 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\SysWow64\explorer.exe

2011-04-27 09:46 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll

2011-04-27 09:46 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll

2011-04-27 09:45 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll

2011-04-27 09:45 . 2011-03-11 06:41 1659776 ----a-w- c:\windows\system32\drivers\ntfs.sys

2011-04-27 09:45 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe

2011-04-27 09:45 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll

2011-04-27 09:45 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys

2011-04-27 09:45 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys

2011-04-27 09:45 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys

2011-04-27 09:45 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys

2011-04-27 09:45 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys

2011-04-27 09:45 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys

2011-04-27 09:45 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe

2011-04-27 09:44 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe

2011-04-27 09:44 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-19 11:56 . 2011-04-19 11:56 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin

2011-04-15 13:38 . 2011-04-15 13:28 54444 ----a-w- c:\windows\SysWow64\opexsahbsut.exe

2011-03-23 07:24 . 2011-03-23 07:24 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-03-15 12:12 . 2011-03-15 12:12 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2011-03-15 12:12 . 2011-03-15 12:12 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2011-03-15 12:12 . 2011-03-15 12:12 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2011-03-15 12:12 . 2011-03-15 12:12 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2011-03-15 12:12 . 2011-03-15 12:12 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll

2011-03-15 12:12 . 2011-03-15 12:12 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2011-03-15 12:12 . 2011-03-15 12:12 1126912 ----a-w- c:\windows\SysWow64\wininet.dll

2011-03-15 12:12 . 2011-03-15 12:12 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2011-03-15 12:12 . 2011-03-15 12:12 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2011-03-15 12:12 . 2011-03-15 12:12 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2011-03-15 12:12 . 2011-03-15 12:12 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2011-03-15 12:12 . 2011-03-15 12:12 367104 ----a-w- c:\windows\SysWow64\html.iec

2011-03-15 12:12 . 2011-03-15 12:12 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2011-03-15 12:12 . 2011-03-15 12:12 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2011-03-15 12:12 . 2011-03-15 12:12 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2011-03-15 12:12 . 2011-03-15 12:12 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2011-03-15 12:12 . 2011-03-15 12:12 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-03-15 12:12 . 2011-03-15 12:12 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2011-03-15 12:12 . 2011-03-15 12:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2011-03-15 12:12 . 2011-03-15 12:12 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2011-03-15 12:12 . 2011-03-15 12:12 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2011-03-15 12:12 . 2011-03-15 12:12 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2011-03-15 12:12 . 2011-03-15 12:12 222208 ----a-w- c:\windows\system32\msls31.dll

2011-03-15 12:12 . 2011-03-15 12:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-03-15 12:12 . 2011-03-15 12:12 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2011-03-15 12:12 . 2011-03-15 12:12 1389056 ----a-w- c:\windows\system32\wininet.dll

2011-03-15 12:12 . 2011-03-15 12:12 12288 ----a-w- c:\windows\system32\mshta.exe

2011-03-15 12:12 . 2011-03-15 12:12 114176 ----a-w- c:\windows\system32\admparse.dll

2011-03-15 12:12 . 2011-03-15 12:12 49664 ----a-w- c:\windows\system32\imgutil.dll

2011-03-15 12:12 . 2011-03-15 12:12 2303488 ----a-w- c:\windows\system32\jscript9.dll

2011-03-15 12:12 . 2011-03-15 12:12 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-03-15 12:12 . 2011-03-15 12:12 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-03-15 12:12 . 2011-03-15 12:12 85504 ----a-w- c:\windows\system32\iesetup.dll

2011-03-15 12:12 . 2011-03-15 12:12 76800 ----a-w- c:\windows\system32\tdc.ocx

2011-03-15 12:12 . 2011-03-15 12:12 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-03-15 12:12 . 2011-03-15 12:12 448512 ----a-w- c:\windows\system32\html.iec

2011-03-15 12:12 . 2011-03-15 12:12 30720 ----a-w- c:\windows\system32\licmgr10.dll

2011-03-15 12:12 . 2011-03-15 12:12 165888 ----a-w- c:\windows\system32\iexpress.exe

2011-03-15 12:12 . 2011-03-15 12:12 160256 ----a-w- c:\windows\system32\wextract.exe

2011-03-15 12:12 . 2011-03-15 12:12 1492992 ----a-w- c:\windows\system32\inetcpl.cpl

2011-03-15 12:12 . 2011-03-15 12:12 111616 ----a-w- c:\windows\system32\iesysprep.dll

2011-03-15 12:12 . 2011-03-15 12:12 603648 ----a-w- c:\windows\system32\vbscript.dll

2011-03-13 01:45 . 2011-01-14 06:07 158832 ----a-w- c:\windows\system32\mfevtps.exe

2011-03-13 01:20 . 2011-01-14 06:45 9984 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-03-13 01:20 . 2011-01-14 06:45 98728 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-03-13 01:20 . 2011-01-14 06:45 75672 ----a-w- c:\windows\system32\drivers\mfenlfk.sys

2011-03-13 01:20 . 2011-01-14 06:45 65128 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-03-13 01:20 . 2011-01-14 06:45 481376 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-03-13 01:20 . 2011-01-14 06:45 281928 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2011-03-13 01:20 . 2011-01-14 06:45 227856 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-03-13 01:20 . 2010-10-13 11:28 639216 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-03-13 01:20 . 2010-10-13 11:28 156792 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-03-11 06:34 . 2011-04-15 08:16 1359872 ----a-w- c:\windows\system32\mfc42u.dll

2011-03-11 06:34 . 2011-04-15 08:16 1395712 ----a-w- c:\windows\system32\mfc42.dll

2011-03-11 05:33 . 2011-04-15 08:16 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll

2011-03-11 05:33 . 2011-04-15 08:16 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll

2011-03-09 04:22 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2011-03-09 04:22 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2011-03-08 06:29 . 2011-04-15 08:16 976896 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-08 05:28 . 2011-04-15 08:16 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll

2011-03-04 06:19 . 2011-04-27 09:46 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2011-03-04 06:19 . 2011-04-27 09:46 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2011-03-03 06:24 . 2011-04-15 08:16 183296 ----a-w- c:\windows\system32\dnsrslvr.dll

2011-03-03 06:21 . 2011-04-15 08:16 30208 ----a-w- c:\windows\system32\dnscacheugc.exe

2011-03-03 05:36 . 2011-04-15 08:16 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe

2011-03-03 03:52 . 2011-04-15 08:16 3135488 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]

.

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2010-12-09 03:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

2010-12-09 03:51 3911776 ----a-w- c:\program files (x86)\uTorrentBar\tbuTor.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]

.

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2010-07-23 222496]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2007-04-15 259624]

"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-06-08 618496]

"BigPondWirelessBroadbandCM"="c:\program files (x86)\Telstra\Mobile Broadband Manager\TelstraUCM.exe" [2010-05-14 4352408]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

"MMReminderService"="c:\program files (x86)\Mindjet\MindManager 9\MMReminderService.exe" [2011-02-10 38240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]

"Freecorder FLV Service"="d:\program files (x86)\Freecorder\FLVSrvc.exe" [2011-03-24 167936]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-05-02 1658440]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]

.

c:\users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-21 1132320]

Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]

McAfee Online Backup Status.lnk - c:\program files (x86)\McAfee Online Backup\MOBKstat.exe [2010-4-13 4178744]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [x]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]

S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [x]

S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2010-07-23 296808]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-03-13 208272]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]

S2 MOBKbackup;McAfee Online Backup;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-04-13 231224]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-01-16 2009704]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-02-03 2320920]

S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-25 c:\windows\Tasks\Google Software Updater.job

- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-06 10:36]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]

@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"

[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]

2010-04-13 09:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]

@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"

[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]

2010-04-13 09:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]

@="{b4caf489-1eec-c617-49ad-8d7088598c06}"

[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]

2010-04-13 09:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-08-11 11369576]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 2328944]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://samsung.msn.com

mStart Page = hxxp://samsung.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {{328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - c:\program files\Samsung AnyWeb Print\W2PBrowser.dll

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\McAfee\MSC\McSnIePl.dll

FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\gw7evncv.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: keyword.URL - hxxp://au.search.yahoo.com/search?fr=mcafee&p=

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-05-25 19:43:05

ComboFix-quarantined-files.txt 2011-05-25 09:42

.

Pre-Run: 80,978,374,656 bytes free

Post-Run: 81,843,707,904 bytes free

.

- - End Of File - - 1828CC120D0F2964F71293A1FD3D676A

Link to post
Share on other sites

  • Staff

Hi,

Please see:

HijackThis Forum Policy

We will not be party to obvious use of key gens, cracks, warez or other illegal means of downloading software, music, videos ect. This means no P2P evidence will be supported. Logs that show these in them, will given the option to remove the P2P items. Keygens, cracks, warez and similar will have the thread closed period. It's theft and against the law.

This goes for uTorrent and anything else you have installed.

Link to post
Share on other sites

G'day Chris,

Point taken re: utorrent etc.

I have uninstalled it plus a couple of other programs that may (or may not) form part of the terms and conditions of the site.

In my opinion there is nothing else that is even remotely dodgy on this pc. If there is, I would be very surprised.

Could you please advise my next step.

Thank you again.

Dan

Link to post
Share on other sites

Hi again,

DDS Log

.

DDS (Ver_11-05-19.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24

Run by Daniel at 22:56:32 on 2011-05-29

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.3882.2296 [GMT 10:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\nvvsvc.exe

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\WLANExt.exe

C:\windows\system32\conhost.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

C:\windows\system32\nvvsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\windows\system32\mfevtps.exe

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

C:\windows\system32\rundll32.exe

C:\windows\SysWOW64\rundll32.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\windows\system32\svchost.exe -k bthsvcs

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\windows\System32\rundll32.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Elantech\ETDCtrl.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe

C:\windows\system32\SearchIndexer.exe

C:\Windows\Samsung\PanelMgr\SSMMgr.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\Samsung\PanelMgr\caller64.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

C:\Program Files\Elantech\ETDCtrlHelper.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\windows\SysWOW64\RunDll32.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\taskeng.exe

C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe

C:\windows\system32\taskeng.exe

C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\srspremiumpanel_64.exe

C:\windows\system32\igfxext.exe

C:\windows\system32\igfxsrvc.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe

C:\windows\system32\igfxpers.exe

C:\Users\Daniel\Downloads\Defogger.exe

C:\windows\system32\conhost.exe

C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe

C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe

C:\windows\system32\sppsvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe

C:\windows\servicing\TrustedInstaller.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe

C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe

C:\windows\system32\SearchFilterHost.exe

C:\Users\Daniel\Downloads\dds.scr

C:\windows\SysWOW64\WSCRIPT.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://samsung.msn.com

mStart Page = hxxp://samsung.msn.com

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110512224301.dll

BHO: W2PBrowser Class: {aa609d72-8482-4076-8991-8cdae5b93bcb} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

uRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler

mRun: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini

mRun: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll

BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL

BHO-X64: McAfee Phishing Filter - No File

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110512224300.dll

BHO-X64: scriptproxy - No File

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll

BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll

mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

mRun-x64: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe

mRun-x64: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

AppInit_DLLs-X64: C:\Windows\System32\nvinitx.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\gw7evncv.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: keyword.URL - hxxp://au.search.yahoo.com/search?fr=mcafee&p=

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\npCIDetect14.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Users\Daniel\AppData\Local\ABR\Plug-In\bin\npAUSkeyPlugin.dll

FF - plugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\gw7evncv.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\windows\system32\drivers\mfehidk.sys --> C:\windows\system32\drivers\mfehidk.sys [?]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\system32\drivers\mfewfpk.sys --> C:\windows\system32\drivers\mfewfpk.sys [?]

R0 nvpciflt;nvpciflt;C:\windows\system32\DRIVERS\nvpciflt.sys --> C:\windows\system32\DRIVERS\nvpciflt.sys [?]

R1 mfenlfk;McAfee NDIS Light Filter;C:\windows\system32\DRIVERS\mfenlfk.sys --> C:\windows\system32\DRIVERS\mfenlfk.sys [?]

R1 MOBKFilter;MOBKFilter;C:\windows\system32\DRIVERS\MOBK.sys --> C:\windows\system32\DRIVERS\MOBK.sys [?]

R1 SABI;SAMSUNG Kernel Driver For Windows 7;\??\C:\windows\system32\Drivers\SABI.sys --> C:\windows\system32\Drivers\SABI.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2010-7-23 296808]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-5-5 363344]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2011-5-12 249936]

R2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2011-5-12 249936]

R2 McNaiAnn;McAfee VirusScan Announcer;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2011-5-12 249936]

R2 McProxy;McAfee Proxy Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2011-5-12 249936]

R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-1-14 197960]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-1-14 208272]

R2 mfevtp;McAfee Validation Trust Protection Service;"C:\windows\system32\mfevtps.exe" --> C:\windows\system32\mfevtps.exe [?]

R2 MOBKbackup;McAfee Online Backup;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-9-10 2009704]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-9-10 2320920]

R3 btwampfl;Bluetooth AMP USB Filter;C:\windows\system32\drivers\btwampfl.sys --> C:\windows\system32\drivers\btwampfl.sys [?]

R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?]

R3 cfwids;McAfee Inc. cfwids;C:\windows\system32\drivers\cfwids.sys --> C:\windows\system32\drivers\cfwids.sys [?]

R3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys --> C:\windows\system32\DRIVERS\ETD.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\system32\drivers\mfeavfk.sys --> C:\windows\system32\drivers\mfeavfk.sys [?]

R3 mfefirek;McAfee Inc. mfefirek;C:\windows\system32\drivers\mfefirek.sys --> C:\windows\system32\drivers\mfefirek.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\system32\DRIVERS\yk62x64.sys --> C:\windows\system32\DRIVERS\yk62x64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]

S3 massfilter;ZTE Mass Storage Filter Driver;C:\windows\system32\drivers\massfilter.sys --> C:\windows\system32\drivers\massfilter.sys [?]

S3 mferkdet;McAfee Inc. mferkdet;C:\windows\system32\drivers\mferkdet.sys --> C:\windows\system32\drivers\mferkdet.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]

S3 Samsung UPD Service;Samsung UPD Service;"C:\windows\System32\SUPDSvc.exe" --> C:\windows\System32\SUPDSvc.exe [?]

S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]

S3 ZTEusbnet;ZTE USB-NDIS miniport;C:\windows\system32\DRIVERS\ZTEusbnet.sys --> C:\windows\system32\DRIVERS\ZTEusbnet.sys [?]

.

=============== Created Last 30 ================

.

2011-05-26 12:12:28 -------- d-sh--w- C:\$RECYCLE.BIN

2011-05-26 10:41:19 -------- d-----w- C:\windows\pss

2011-05-25 08:19:33 98816 ----a-w- C:\windows\sed.exe

2011-05-25 08:19:33 89088 ----a-w- C:\windows\MBR.exe

2011-05-25 08:19:33 256512 ----a-w- C:\windows\PEV.exe

2011-05-25 08:19:33 161792 ----a-w- C:\windows\SWREG.exe

2011-05-25 08:19:09 27520 ----a-w- C:\windows\System32\drivers\Diskdump.sys

2011-05-24 08:27:19 142336 ----a-w- C:\windows\System32\poqexec.exe

2011-05-24 08:27:18 123904 ----a-w- C:\windows\SysWow64\poqexec.exe

2011-05-20 10:11:07 404640 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-05-12 13:05:37 388096 ----a-r- C:\Users\Daniel\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-05-12 13:05:36 -------- d-----w- C:\Program Files (x86)\Trend Micro

2011-05-12 12:52:51 -------- d-----w- C:\Users\Daniel\AppData\Local\Sunbelt Software

2011-05-12 12:44:04 49752 ----a-w- C:\windows\System32\drivers\SBREDrv.sys

2011-05-12 12:43:01 24376 ----a-w- C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll

2011-05-12 12:09:21 -------- d-----w- C:\Program Files (x86)\Lavasoft

2011-05-11 06:00:46 5562240 ----a-w- C:\windows\System32\ntoskrnl.exe

2011-05-11 06:00:44 3967872 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe

2011-05-11 06:00:44 3912576 ----a-w- C:\windows\SysWow64\ntoskrnl.exe

2011-05-11 06:00:35 52736 ----a-w- C:\windows\System32\drivers\usbehci.sys

2011-05-11 06:00:35 343040 ----a-w- C:\windows\System32\drivers\usbhub.sys

2011-05-11 06:00:35 325120 ----a-w- C:\windows\System32\drivers\usbport.sys

2011-05-11 06:00:34 98816 ----a-w- C:\windows\System32\drivers\usbccgp.sys

2011-05-11 06:00:34 7936 ----a-w- C:\windows\System32\drivers\usbd.sys

2011-05-11 06:00:34 30720 ----a-w- C:\windows\System32\drivers\usbuhci.sys

2011-05-11 06:00:34 25600 ----a-w- C:\windows\System32\drivers\usbohci.sys

2011-05-06 10:47:50 -------- d-----w- C:\Program Files (x86)\PC Tools Security

2011-05-05 11:24:01 -------- d-----w- C:\windows\System32\MpEngineStore

2011-05-05 11:13:41 -------- d-----w- C:\Users\Daniel\AppData\Roaming\Malwarebytes

2011-05-05 11:13:33 38224 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-05-05 11:13:32 -------- d-----w- C:\ProgramData\Malwarebytes

2011-05-05 11:13:29 24152 ----a-w- C:\windows\System32\drivers\mbam.sys

2011-05-05 11:13:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

.

==================== Find3M ====================

.

2011-04-15 13:38:25 54444 ----a-w- C:\windows\SysWow64\opexsahbsut.exe

2011-04-15 13:28:47 106496 --sha-r- C:\windows\SysWow64\resutilsz.dll

2011-03-23 07:24:47 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll

2011-03-13 01:45:12 158832 ----a-w- C:\windows\System32\mfevtps.exe

2011-03-13 01:20:10 9984 ----a-w- C:\windows\System32\drivers\mfeclnk.sys

2011-03-13 01:20:10 98728 ----a-w- C:\windows\System32\drivers\mferkdet.sys

2011-03-13 01:20:10 75672 ----a-w- C:\windows\System32\drivers\mfenlfk.sys

2011-03-13 01:20:10 65128 ----a-w- C:\windows\System32\drivers\cfwids.sys

2011-03-13 01:20:10 639216 ----a-w- C:\windows\System32\drivers\mfehidk.sys

2011-03-13 01:20:10 481376 ----a-w- C:\windows\System32\drivers\mfefirek.sys

2011-03-13 01:20:10 281928 ----a-w- C:\windows\System32\drivers\mfewfpk.sys

2011-03-13 01:20:10 227856 ----a-w- C:\windows\System32\drivers\mfeavfk.sys

2011-03-13 01:20:10 156792 ----a-w- C:\windows\System32\drivers\mfeapfk.sys

2011-03-12 12:08:49 1465344 ----a-w- C:\windows\System32\XpsPrint.dll

2011-03-12 11:23:45 870912 ----a-w- C:\windows\SysWow64\XpsPrint.dll

2011-03-11 06:41:37 189824 ----a-w- C:\windows\System32\drivers\storport.sys

2011-03-11 06:41:34 166272 ----a-w- C:\windows\System32\drivers\nvstor.sys

2011-03-11 06:41:34 1659776 ----a-w- C:\windows\System32\drivers\ntfs.sys

2011-03-11 06:41:34 148352 ----a-w- C:\windows\System32\drivers\nvraid.sys

2011-03-11 06:41:26 410496 ----a-w- C:\windows\System32\drivers\iaStorV.sys

2011-03-11 06:41:12 27008 ----a-w- C:\windows\System32\drivers\amdxata.sys

2011-03-11 06:41:12 107904 ----a-w- C:\windows\System32\drivers\amdsata.sys

2011-03-11 06:34:51 1359872 ----a-w- C:\windows\System32\mfc42u.dll

2011-03-11 06:34:50 1395712 ----a-w- C:\windows\System32\mfc42.dll

2011-03-11 06:33:29 2565632 ----a-w- C:\windows\System32\esent.dll

2011-03-11 06:30:28 96768 ----a-w- C:\windows\System32\fsutil.exe

2011-03-11 05:33:59 1164288 ----a-w- C:\windows\SysWow64\mfc42u.dll

2011-03-11 05:33:59 1137664 ----a-w- C:\windows\SysWow64\mfc42.dll

2011-03-11 05:33:09 1699328 ----a-w- C:\windows\SysWow64\esent.dll

2011-03-11 05:31:07 74240 ----a-w- C:\windows\SysWow64\fsutil.exe

2011-03-09 04:22:18 152576 ----a-w- C:\windows\SysWow64\msclmd.dll

2011-03-09 04:22:17 175616 ----a-w- C:\windows\System32\msclmd.dll

2011-03-08 06:29:32 976896 ----a-w- C:\windows\System32\inetcomm.dll

2011-03-08 05:28:29 741376 ----a-w- C:\windows\SysWow64\inetcomm.dll

2011-03-04 06:19:28 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll

2011-03-04 06:19:27 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll

2011-03-03 06:24:16 183296 ----a-w- C:\windows\System32\dnsrslvr.dll

2011-03-03 06:21:57 30208 ----a-w- C:\windows\System32\dnscacheugc.exe

2011-03-03 05:36:16 28672 ----a-w- C:\windows\SysWow64\dnscacheugc.exe

2011-03-03 03:52:08 3135488 ----a-w- C:\windows\System32\win32k.sys

.

============= FINISH: 22:57:56.65 ===============

MBAM Log

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6713

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

29/05/2011 10:34:51 PM

mbam-log-2011-05-29 (22-34-51).txt

Scan type: Quick scan

Objects scanned: 172873

Time elapsed: 3 minute(s), 13 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Cheers

Dan

Link to post
Share on other sites

Hi,

I haven't experienced any problems in the last couple of days, although I'm not getting ahead of myself :)

Combofix Log

ComboFix 11-05-31.01 - Daniel 01/06/2011 10:24:06.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.3882.2805 [GMT 10:00]

Running from: c:\users\Daniel\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2011-05-01 to 2011-06-01 )))))))))))))))))))))))))))))))

.

.

2011-06-01 01:10 . 2011-06-01 01:10 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2011-06-01 01:10 . 2011-06-01 01:10 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-05-25 08:19 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2011-05-24 08:27 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe

2011-05-24 08:27 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe

2011-05-20 10:11 . 2011-05-20 10:11 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-05-12 13:05 . 2011-05-12 13:05 388096 ----a-r- c:\users\Daniel\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-05-12 13:05 . 2011-05-12 13:05 -------- d-----w- c:\program files (x86)\Trend Micro

2011-05-12 12:52 . 2011-05-12 12:52 -------- d-----w- c:\users\Daniel\AppData\Local\Sunbelt Software

2011-05-12 12:44 . 2011-05-12 12:44 49752 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-05-12 12:43 . 2011-03-13 01:42 24376 ----a-w- c:\program files (x86)\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll

2011-05-12 12:09 . 2011-05-12 12:09 -------- d-----w- c:\program files (x86)\Lavasoft

2011-05-12 12:09 . 2011-05-20 11:42 -------- d-----w- c:\programdata\Lavasoft

2011-05-11 06:00 . 2011-04-09 07:02 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-05-11 06:00 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2011-05-11 06:00 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2011-05-11 06:00 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys

2011-05-11 06:00 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys

2011-05-11 06:00 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys

2011-05-11 06:00 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2011-05-11 06:00 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys

2011-05-11 06:00 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2011-05-11 06:00 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys

2011-05-06 10:47 . 2011-05-20 11:52 -------- d-----w- c:\program files (x86)\PC Tools Security

2011-05-06 10:36 . 2011-05-06 10:36 -------- d-----w- c:\program files\Google

2011-05-06 10:36 . 2011-05-06 10:36 -------- d-----w- c:\programdata\Google Updater

2011-05-05 11:24 . 2011-05-11 06:50 -------- d-----w- c:\windows\system32\MpEngineStore

2011-05-05 11:13 . 2011-05-05 11:13 -------- d-----w- c:\users\Daniel\AppData\Roaming\Malwarebytes

2011-05-05 11:13 . 2010-12-20 08:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-05-05 11:13 . 2011-05-05 11:13 -------- d-----w- c:\programdata\Malwarebytes

2011-05-05 11:13 . 2011-05-05 11:13 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-05-05 11:13 . 2010-12-20 08:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-19 11:56 . 2011-04-19 11:56 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin

2011-04-15 13:38 . 2011-04-15 13:28 54444 ----a-w- c:\windows\SysWow64\opexsahbsut.exe

2011-03-23 07:24 . 2011-03-23 07:24 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-03-15 12:12 . 2011-03-15 12:12 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2011-03-15 12:12 . 2011-03-15 12:12 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2011-03-15 12:12 . 2011-03-15 12:12 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2011-03-15 12:12 . 2011-03-15 12:12 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2011-03-15 12:12 . 2011-03-15 12:12 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll

2011-03-15 12:12 . 2011-03-15 12:12 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2011-03-15 12:12 . 2011-03-15 12:12 1126912 ----a-w- c:\windows\SysWow64\wininet.dll

2011-03-15 12:12 . 2011-03-15 12:12 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2011-03-15 12:12 . 2011-03-15 12:12 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2011-03-15 12:12 . 2011-03-15 12:12 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2011-03-15 12:12 . 2011-03-15 12:12 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2011-03-15 12:12 . 2011-03-15 12:12 367104 ----a-w- c:\windows\SysWow64\html.iec

2011-03-15 12:12 . 2011-03-15 12:12 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2011-03-15 12:12 . 2011-03-15 12:12 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2011-03-15 12:12 . 2011-03-15 12:12 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2011-03-15 12:12 . 2011-03-15 12:12 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2011-03-15 12:12 . 2011-03-15 12:12 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-03-15 12:12 . 2011-03-15 12:12 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2011-03-15 12:12 . 2011-03-15 12:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2011-03-15 12:12 . 2011-03-15 12:12 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2011-03-15 12:12 . 2011-03-15 12:12 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2011-03-15 12:12 . 2011-03-15 12:12 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2011-03-15 12:12 . 2011-03-15 12:12 222208 ----a-w- c:\windows\system32\msls31.dll

2011-03-15 12:12 . 2011-03-15 12:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-03-15 12:12 . 2011-03-15 12:12 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2011-03-15 12:12 . 2011-03-15 12:12 1389056 ----a-w- c:\windows\system32\wininet.dll

2011-03-15 12:12 . 2011-03-15 12:12 12288 ----a-w- c:\windows\system32\mshta.exe

2011-03-15 12:12 . 2011-03-15 12:12 114176 ----a-w- c:\windows\system32\admparse.dll

2011-03-15 12:12 . 2011-03-15 12:12 49664 ----a-w- c:\windows\system32\imgutil.dll

2011-03-15 12:12 . 2011-03-15 12:12 2303488 ----a-w- c:\windows\system32\jscript9.dll

2011-03-15 12:12 . 2011-03-15 12:12 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-03-15 12:12 . 2011-03-15 12:12 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-03-15 12:12 . 2011-03-15 12:12 85504 ----a-w- c:\windows\system32\iesetup.dll

2011-03-15 12:12 . 2011-03-15 12:12 76800 ----a-w- c:\windows\system32\tdc.ocx

2011-03-15 12:12 . 2011-03-15 12:12 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-03-15 12:12 . 2011-03-15 12:12 448512 ----a-w- c:\windows\system32\html.iec

2011-03-15 12:12 . 2011-03-15 12:12 30720 ----a-w- c:\windows\system32\licmgr10.dll

2011-03-15 12:12 . 2011-03-15 12:12 165888 ----a-w- c:\windows\system32\iexpress.exe

2011-03-15 12:12 . 2011-03-15 12:12 160256 ----a-w- c:\windows\system32\wextract.exe

2011-03-15 12:12 . 2011-03-15 12:12 1492992 ----a-w- c:\windows\system32\inetcpl.cpl

2011-03-15 12:12 . 2011-03-15 12:12 111616 ----a-w- c:\windows\system32\iesysprep.dll

2011-03-15 12:12 . 2011-03-15 12:12 603648 ----a-w- c:\windows\system32\vbscript.dll

2011-03-13 01:45 . 2011-01-14 06:07 158832 ----a-w- c:\windows\system32\mfevtps.exe

2011-03-13 01:20 . 2011-01-14 06:45 9984 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-03-13 01:20 . 2011-01-14 06:45 98728 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-03-13 01:20 . 2011-01-14 06:45 75672 ----a-w- c:\windows\system32\drivers\mfenlfk.sys

2011-03-13 01:20 . 2011-01-14 06:45 65128 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-03-13 01:20 . 2011-01-14 06:45 481376 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-03-13 01:20 . 2011-01-14 06:45 281928 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2011-03-13 01:20 . 2011-01-14 06:45 227856 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-03-13 01:20 . 2010-10-13 11:28 639216 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-03-13 01:20 . 2010-10-13 11:28 156792 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-03-12 12:08 . 2011-04-27 09:46 1465344 ----a-w- c:\windows\system32\XpsPrint.dll

2011-03-12 11:23 . 2011-04-27 09:46 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll

2011-03-11 06:41 . 2011-04-27 09:45 189824 ----a-w- c:\windows\system32\drivers\storport.sys

2011-03-11 06:41 . 2011-04-27 09:45 1659776 ----a-w- c:\windows\system32\drivers\ntfs.sys

2011-03-11 06:41 . 2011-04-27 09:45 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys

2011-03-11 06:41 . 2011-04-27 09:45 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys

2011-03-11 06:41 . 2011-04-27 09:45 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys

2011-03-11 06:41 . 2011-04-27 09:45 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys

2011-03-11 06:41 . 2011-04-27 09:45 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys

2011-03-11 06:34 . 2011-04-15 08:16 1359872 ----a-w- c:\windows\system32\mfc42u.dll

2011-03-11 06:34 . 2011-04-15 08:16 1395712 ----a-w- c:\windows\system32\mfc42.dll

2011-03-11 06:33 . 2011-04-27 09:45 2565632 ----a-w- c:\windows\system32\esent.dll

2011-03-11 06:30 . 2011-04-27 09:45 96768 ----a-w- c:\windows\system32\fsutil.exe

2011-03-11 05:33 . 2011-04-15 08:16 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll

2011-03-11 05:33 . 2011-04-15 08:16 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll

2011-03-11 05:33 . 2011-04-27 09:45 1699328 ----a-w- c:\windows\SysWow64\esent.dll

2011-03-11 05:31 . 2011-04-27 09:45 74240 ----a-w- c:\windows\SysWow64\fsutil.exe

2011-03-09 04:22 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2011-03-09 04:22 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2011-03-08 06:29 . 2011-04-15 08:16 976896 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-08 05:28 . 2011-04-15 08:16 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll

2011-03-04 06:19 . 2011-04-27 09:46 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2011-03-04 06:19 . 2011-04-27 09:46 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2011-03-03 06:24 . 2011-04-15 08:16 183296 ----a-w- c:\windows\system32\dnsrslvr.dll

2011-03-03 06:21 . 2011-04-15 08:16 30208 ----a-w- c:\windows\system32\dnscacheugc.exe

2011-03-03 05:36 . 2011-04-15 08:16 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe

2011-03-03 03:52 . 2011-04-15 08:16 3135488 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2011-05-25_09.10.17 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:54 . 2011-05-25 08:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2011-06-01 00:28 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2011-05-25 08:07 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2011-06-01 00:28 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2011-06-01 00:28 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2011-05-25 08:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-09-10 00:06 . 2011-05-27 00:01 55510 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

- 2009-07-14 05:10 . 2011-05-20 11:54 36558 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-05-27 00:01 36558 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-01-14 05:44 . 2011-05-27 00:01 10954 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2082310827-357269536-317030132-1002_UserData.bin

+ 2011-01-14 05:40 . 2011-05-31 11:34 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-01-14 05:40 . 2011-05-25 08:32 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-01-14 05:40 . 2011-05-31 11:34 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-01-14 05:40 . 2011-05-25 08:32 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2011-05-25 08:32 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2011-05-31 11:34 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:46 . 2011-05-26 12:20 96016 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2011-05-29 12:52 . 2011-05-29 12:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-05-24 08:40 . 2011-05-24 08:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-05-29 12:52 . 2011-05-29 12:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-05-24 08:40 . 2011-05-24 08:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-01-14 09:21 . 2011-06-01 00:14 276588 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin

+ 2009-07-14 04:45 . 2011-05-26 23:59 351328 c:\windows\system32\FNTCACHE.DAT

+ 2009-07-14 05:01 . 2011-05-29 12:51 320832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 04:45 . 2011-05-26 10:33 7174117 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

- 2009-07-14 04:45 . 2011-05-12 10:24 7174117 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

+ 2011-03-16 02:20 . 2011-05-29 12:51 2036080 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2082310827-357269536-317030132-1002-8192.dat

+ 2011-03-15 12:32 . 2011-05-26 23:59 1457504 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2082310827-357269536-317030132-1002-12288.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2010-07-23 222496]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2007-04-15 259624]

"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-06-08 618496]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-05-02 1658440]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-21 1132320]

Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [x]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]

S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [x]

S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2010-07-23 296808]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-03-13 208272]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]

S2 MOBKbackup;McAfee Online Backup;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-04-13 231224]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-01-16 2009704]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-02-03 2320920]

S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-01 c:\windows\Tasks\Google Software Updater.job

- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-06 10:36]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]

@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"

[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]

2010-04-13 09:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]

@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"

[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]

2010-04-13 09:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]

@="{b4caf489-1eec-c617-49ad-8d7088598c06}"

[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]

2010-04-13 09:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-08-11 11369576]

"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [bU]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 2328944]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://samsung.msn.com

mStart Page = hxxp://samsung.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {{328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - c:\program files\Samsung AnyWeb Print\W2PBrowser.dll

TCP: DhcpNameServer = 10.0.0.138

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\McAfee\MSC\McSnIePl.dll

FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\gw7evncv.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: keyword.URL - hxxp://au.search.yahoo.com/search?fr=mcafee&p=

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-06-01 11:34:21

ComboFix-quarantined-files.txt 2011-06-01 01:34

ComboFix2.txt 2011-05-25 09:43

.

Pre-Run: 82,374,037,504 bytes free

Post-Run: 82,323,144,704 bytes free

.

- - End Of File - - 2C75414EA02920D652689E6CFB07D1D9

Cheers

Dan

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Hi

ESET Scanner Log{/b]

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

esets_scanner_update returned -1 esets_gle=53251

Security Check Log

Results of screen317's Security Check version 0.99.12

Windows 7 (UAC is enabled)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

McAfee Internet Security

McAfee Online Backup

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 24

Out of date Java installed!

Adobe Flash Player 10.3.181.14

Adobe Reader X (10.0.1)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

``````````End of Log````````````

Seems to be running without problems now....thank you for all your help.

Cheers

Dan

Link to post
Share on other sites

  • Staff

Hi,

Great!

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

Java

Link to post
Share on other sites

Hi again,

There doesn't seem to be any problems now - the experience was that obscure and even some common websites were redirecting. This seems to have ceased, ie victory! :)

I seem to recall doing something with defogger or some such at the beginning of the process - turning off CD emulation or some such. Do I need to re-enable that now?

Cheers & thank you so much for your help.

regards,

Dan

Link to post
Share on other sites

  • Staff

Hi,

Yes re-enable Defogger.

I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.