Jump to content

Redirects, Firefox Crashes, random pop-ups, fun times


Recommended Posts

Hey guys, installed some downloaded software today and now my pc is going a little weird.

Heres the DDS as per the instructions.

.

DDS (Ver_2011-06-03.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514

Run by sean at 18:43:25 on 2011-06-08

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.4026.2600 [GMT -7:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Launch Manager\dsiwmis.exe

C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files\Acer\Acer Updater\UpdaterService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\rundll32.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Windows\System32\M-AudioTaskBarIcon.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files\mcafee.com\agent\mcagent.exe

C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

C:\Program Files (x86)\Launch Manager\LMworker.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

c:\PROGRA~1\mcafee\msc\mcupdmgr.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\sean\Downloads\Defogger.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://acer.msn.com

uDefault_Page_URL = hxxp://acer.msn.com

mDefault_Page_URL = hxxp://acer.msn.com

mStart Page = hxxp://acer.msn.com

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\PROGRA~1\mcafee\msk\mskapbho.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110514110242.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d

mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"

mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{12B31360-51AF-46F6-951C-5D82709063EC} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{FDED1584-56C8-49A8-B186-D0ABD3A57600} : DhcpNameServer = 172.25.0.30 24.235.110.66 206.108.149.254

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll

BHO-X64: McAfee Phishing Filter - No File

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110514110242.dll

BHO-X64: scriptproxy - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun-x64: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d

mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"

mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\sean\AppData\Roaming\Mozilla\Firefox\Profiles\ui4fqg88.default\

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]

R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]

R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]

R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-11-22 321104]

R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-1-29 868896]

R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-22 13336]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-6-8 366640]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-5-13 355440]

R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-5-13 355440]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-5-13 355440]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-5-13 355440]

R2 McShield;McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2010-11-22 200056]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2010-11-22 245352]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe [2010-11-22 149032]

R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]

R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]

R3 MAUSBFASTTRACKULTRA8R;Service for M-Audio Fast Track Ultra 8R;C:\Windows\system32\DRIVERS\MAudioFastTrackUltra8R.sys --> C:\Windows\system32\DRIVERS\MAudioFastTrackUltra8R.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 iLokDrvr;Usb Driver;C:\Windows\system32\DRIVERS\iLokDrvr.sys --> C:\Windows\system32\DRIVERS\iLokDrvr.sys [?]

S3 MADFUFTU8R;Service for M-Audio FastTrackUltra8R DFU;C:\Windows\system32\DRIVERS\MAudioFastTrackUltra8R_DFU.sys --> C:\Windows\system32\DRIVERS\MAudioFastTrackUltra8R_DFU.sys [?]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-5-26 305520]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 TASCAM_US1800;TASCAM US-1800 Audio Device driver;C:\Windows\system32\Drivers\tus1800u.sys --> C:\Windows\system32\Drivers\tus1800u.sys [?]

S3 TASCAM_US1800_MIDI;TASCAM US-1800 WDM MIDI Device;C:\Windows\system32\drivers\tus1800m.sys --> C:\Windows\system32\drivers\tus1800m.sys [?]

S3 TASCAM_US1800_WDM;TASCAM US-1800 WDM;C:\Windows\system32\drivers\tus1800a.sys --> C:\Windows\system32\drivers\tus1800a.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-5-13 355440]

.

=============== Created Last 30 ================

.

2011-06-09 01:28:02 -------- d-----w- C:\Users\sean\AppData\Local\{AE1691C8-065C-4FF7-BA21-433D50753939}

2011-06-08 20:16:16 -------- d-----w- C:\Users\sean\AppData\Roaming\Malwarebytes

2011-06-08 20:16:09 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-06-08 20:16:08 -------- d-----w- C:\ProgramData\Malwarebytes

2011-06-08 20:16:05 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-06-08 20:16:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-06-08 19:12:54 -------- d-----w- C:\Program Files\VstPlugins

2011-06-08 19:12:25 2510848 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{72b9f528-5143-7593-11db-02d7fdd3785b}\components\3f635668.dll

2011-06-08 19:08:37 45056 ----a-r- C:\Users\sean\AppData\Roaming\Microsoft\Installer\{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}\ARPPRODUCTICON.exe

2011-06-04 17:00:38 -------- d-----w- C:\Users\sean\AppData\Local\{FB7C850B-307B-40E7-88E9-D3BE16EB47EC}

2011-06-02 14:56:16 -------- d-----w- C:\Program Files (x86)\Toontrack

2011-06-02 14:37:07 737280 ----a-w- C:\Windows\iun6002.exe

2011-06-02 14:37:03 -------- d-----w- C:\Program Files (x86)\Drumagog40

2011-06-01 18:52:44 -------- d-----w- C:\Users\sean\AppData\Local\{8120E14A-6A96-4536-B1A6-4EBC9505B7BC}

2011-06-01 18:52:43 -------- d-----w- C:\Users\sean\AppData\Local\{28147F5B-C4EB-4DED-B3A2-CCD3ED59E4AE}

2011-05-30 19:26:34 -------- d-----w- C:\AcmeBarGig

2011-05-30 19:21:31 -------- d-----w- C:\Program Files\M-Audio

2011-05-30 17:33:23 -------- d-----w- C:\Windows\System32\SPReview

2011-05-30 17:32:32 -------- d-----w- C:\Windows\System32\EventProviders

2011-05-30 17:27:59 4583424 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe

2011-05-30 17:26:59 98304 ----a-w- C:\Windows\SysWow64\nslookup.exe

2011-05-30 17:25:51 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll

2011-05-30 17:25:51 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll

2011-05-30 17:23:33 529408 ----a-w- C:\Windows\System32\wbemcomn.dll

2011-05-29 19:06:55 -------- d-----w- C:\Users\sean\AppData\Roaming\REAPER

2011-05-29 19:06:38 -------- d-----w- C:\Program Files\REAPER (x64)

2011-05-28 03:42:35 -------- d-----w- C:\Users\sean\AppData\Roaming\Trillium Lane

2011-05-28 03:38:23 -------- d-----w- C:\Users\sean\AppData\Roaming\PACE Anti-Piracy

2011-05-28 03:38:23 -------- d-----w- C:\Users\sean\AppData\Local\PACE Anti-Piracy

2011-05-28 03:38:23 -------- d-----w- C:\ProgramData\PACE Anti-Piracy

2011-05-28 03:38:22 -------- d-----w- C:\Program Files (x86)\Common Files\PACE Anti-Piracy

2011-05-28 03:33:14 -------- d-----w- C:\ProgramData\Digidesign

2011-05-28 03:13:56 -------- d-----w- C:\Program Files (x86)\InterLok

2011-05-28 03:11:57 21520 ----a-w- C:\Windows\System32\drivers\diginet.sys

2011-05-28 03:10:51 -------- d-----w- C:\Program Files (x86)\Digidesign

2011-05-28 03:10:41 -------- d-----w- C:\Program Files (x86)\Common Files\Digidesign

2011-05-25 22:45:53 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys

2011-05-25 19:37:50 -------- d-----w- C:\video

2011-05-21 14:59:56 -------- d-----w- C:\3d63c764813744b65264d610e178

2011-05-20 03:31:14 -------- d-----w- C:\Users\sean\AppData\Local\Adobe

2011-05-20 02:48:17 -------- d-----w- C:\Program Files\Microsoft IntelliPoint

2011-05-20 01:59:40 -------- d-----w- C:\Users\sean\AppData\Roaming\VST3 Presets

2011-05-20 01:56:19 -------- d-----w- C:\Program Files (x86)\Common Files\Steinberg

2011-05-20 01:54:07 2892 ----a-w- C:\Windows\SysWow64\audcon.sys

2011-05-20 01:54:06 -------- d-----w- C:\ProgramData\Syncrosoft

2011-05-20 01:52:35 1695232 ----a-w- C:\Windows\System32\synsoacc.dll

2011-05-20 01:52:32 -------- d-----w- C:\ProgramData\eLicenser

2011-05-20 01:52:32 -------- d-----w- C:\Program Files (x86)\Syncrosoft

2011-05-20 01:52:32 -------- d-----w- C:\Program Files (x86)\eLicenser

2011-05-20 01:52:29 86016 ----a-w- C:\Windows\SysWow64\SYNSOPOS.exe

2011-05-20 01:52:29 1261568 ----a-w- C:\Windows\SysWow64\SYNSOACC.dll

2011-05-20 01:41:08 242240 ------w- C:\Windows\System32\US-1800.CPL

2011-05-20 01:41:07 50752 ----a-w- C:\Windows\System32\drivers\tus1800a.sys

2011-05-20 01:41:07 409664 ----a-w- C:\Windows\System32\drivers\tus1800u.sys

2011-05-20 01:41:07 31296 ----a-w- C:\Windows\System32\drivers\tus1800m.sys

2011-05-20 01:41:07 -------- d-----w- C:\Windows\usb-audio.deTascamUS1800

2011-05-20 01:40:08 142336 ----a-w- C:\Windows\System32\poqexec.exe

2011-05-20 01:40:08 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe

2011-05-19 00:51:14 -------- d-----w- C:\Program Files (x86)\ASIO4ALL v2

2011-05-17 19:18:23 -------- d-----w- C:\audio

2011-05-17 14:56:35 -------- d-----w- C:\Program Files (x86)\VSTPlugins

2011-05-17 14:56:27 -------- d-----w- C:\Program Files (x86)\FXpansion

2011-05-17 14:55:15 -------- d-----w- C:\Users\sean\AppData\Roaming\FXpansion

2011-05-16 23:36:47 1177600 ----a-w- C:\Windows\SysWow64\SYNSOEMU.DLL

2011-05-16 23:36:40 -------- d-----w- C:\Program Files (x86)\Common Files\VST3

2011-05-16 23:27:08 -------- d-----w- C:\ProgramData\Steinberg

2011-05-16 23:24:24 -------- d-----w- C:\Users\sean\AppData\Roaming\Steinberg

2011-05-16 23:24:24 -------- d-----w- C:\Program Files (x86)\Steinberg

2011-05-16 19:50:37 338432 ----a-w- C:\Windows\SysWow64\REX Shared Library.dll

2011-05-16 19:50:35 406528 ----a-w- C:\Windows\SysWow64\ReWire.dll

2011-05-16 19:47:39 -------- d-----w- C:\ProgramData\Propellerhead Software

2011-05-16 19:47:38 -------- d-----w- C:\Users\sean\AppData\Roaming\Propellerhead Software

2011-05-16 19:46:32 -------- d-----w- C:\Program Files (x86)\Propellerhead

2011-05-16 19:44:57 254528 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys

2011-05-16 19:44:40 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite

2011-05-16 19:44:18 -------- d-----w- C:\Users\sean\AppData\Roaming\DAEMON Tools Lite

2011-05-16 19:44:18 -------- d-----w- C:\ProgramData\DAEMON Tools Lite

2011-05-15 10:25:26 -------- d-----w- C:\Windows\SysWow64\Wat

2011-05-15 10:25:26 -------- d-----w- C:\Windows\System32\Wat

2011-05-14 18:02:42 24376 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\Scriptff.dll

2011-05-14 17:02:40 961024 ----a-w- C:\Windows\System32\CPFilters.dll

2011-05-14 17:02:40 723968 ----a-w- C:\Windows\System32\EncDec.dll

2011-05-14 17:02:40 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll

2011-05-14 17:02:40 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll

2011-05-14 17:02:39 850944 ----a-w- C:\Windows\SysWow64\sbe.dll

2011-05-14 17:02:39 259072 ----a-w- C:\Windows\System32\mpg2splt.ax

2011-05-14 17:02:39 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax

2011-05-14 17:02:39 1118720 ----a-w- C:\Windows\System32\sbe.dll

2011-05-14 17:02:28 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2011-05-14 17:02:28 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2011-05-14 17:02:06 715776 ----a-w- C:\Windows\System32\kerberos.dll

2011-05-14 17:02:06 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll

2011-05-14 17:01:48 2871808 ----a-w- C:\Windows\explorer.exe

2011-05-14 17:01:48 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe

2011-05-14 16:58:39 467456 ----a-w- C:\Windows\System32\drivers\srv.sys

2011-05-14 16:57:46 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll

2011-05-14 16:57:45 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe

2011-05-14 16:57:45 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe

2011-05-14 16:54:07 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe

2011-05-14 16:54:07 31232 ----a-w- C:\Windows\System32\prevhost.exe

2011-05-14 16:54:06 974336 ----a-w- C:\Windows\System32\WFS.exe

2011-05-14 16:54:06 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe

2011-05-14 16:53:54 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys

2011-05-14 16:53:53 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys

2011-05-14 16:53:53 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-05-14 16:53:53 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys

2011-05-14 06:01:01 -------- d-----w- C:\Users\sean\AppData\Local\Kobo

2011-05-13 20:04:49 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-05-13 19:42:45 -------- d-----w- C:\Users\sean\AppData\Local\Mozilla

2011-05-13 17:26:39 -------- d-----w- C:\Program Files (x86)\uTorrent

2011-05-13 17:25:57 -------- d-----w- C:\Users\sean\AppData\Roaming\uTorrent

2011-05-13 17:05:23 -------- d---a-w- C:\book

2011-05-13 17:05:04 -------- d-----w- C:\Program Files (x86)\Kobo

2011-05-13 17:04:40 -------- d-----w- C:\Windows\en

2011-05-13 17:04:11 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2011-05-13 17:03:41 -------- d-----w- C:\Windows\PCHEALTH

2011-05-13 17:02:58 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll

2011-05-13 17:02:58 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll

2011-05-13 17:02:58 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll

2011-05-13 17:02:58 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll

2011-05-13 17:02:36 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll

2011-05-13 17:02:36 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll

2011-05-13 17:00:11 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\3880a7bc1cc118f04\DSETUP.dll

2011-05-13 17:00:11 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\3880a7bc1cc118f04\DXSETUP.exe

2011-05-13 17:00:11 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\3880a7bc1cc118f04\dsetup32.dll

2011-05-13 17:00:11 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\38c0ece41cc118f05\MeshBetaRemover.exe

2011-05-13 17:00:10 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\381a4c901cc118f03\DSETUP.dll

2011-05-13 17:00:10 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\381a4c901cc118f03\DXSETUP.exe

2011-05-13 17:00:10 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\381a4c901cc118f03\dsetup32.dll

2011-05-13 17:00:09 -------- d-----w- C:\Users\sean\AppData\Local\Windows Live

2011-05-13 17:00:09 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live

2011-05-13 16:59:01 1819648 ----a-w- C:\ProgramData\Microsoft\OEMOffice14\Office14\Word.en-us\WordMUI.msi

2011-05-13 16:54:48 -------- d-----w- C:\Users\sean\AppData\Roaming\Intel Corporation

2011-05-13 16:54:44 -------- d-----w- C:\Users\sean\AppData\Local\EgisTec IPS

2011-05-13 16:54:11 -------- d-----w- C:\Users\sean\AppData\Local\VirtualStore

2011-05-13 16:50:33 -------- d-----w- C:\Program Files (x86)\OEM

2011-05-13 16:50:23 -------- d-----w- C:\ProgramData\OEM_E471269A730E

2011-05-13 16:48:21 -------- d-sh--we C:\ProgramData\Mod

Attach.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

MBAM:

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6842

Windows 6.1.7601 Service Pack 1

Internet Explorer 8.0.7601.17514

13/06/2011 10:24:14 AM

mbam-log-2011-06-13 (10-24-14).txt

Scan type: Quick scan

Objects scanned: 159079

Time elapsed: 6 minute(s), 2 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

COMBOFIX:

ComboFix 11-06-11.01 - sean 13/06/2011 14:41:13.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.4026.2535 [GMT -7:00]

Running from: c:\users\sean\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2011-05-13 to 2011-06-13 )))))))))))))))))))))))))))))))

.

.

2011-06-13 22:22 . 2011-06-13 22:22 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-06-09 15:01 . 2011-06-09 15:02 -------- d-----w- c:\users\sean\AppData\Local\{3BE83C96-99FF-4255-B9C9-3134F4A81919}

2011-06-09 01:28 . 2011-06-09 01:28 -------- d-----w- c:\users\sean\AppData\Local\{AE1691C8-065C-4FF7-BA21-433D50753939}

2011-06-08 20:16 . 2011-06-08 20:16 -------- d-----w- c:\users\sean\AppData\Roaming\Malwarebytes

2011-06-08 20:16 . 2011-05-29 16:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-06-08 20:16 . 2011-06-08 20:16 -------- d-----w- c:\programdata\Malwarebytes

2011-06-08 20:16 . 2011-06-08 20:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-06-08 20:16 . 2011-05-29 16:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-08 19:12 . 2011-06-08 19:12 -------- d-----w- c:\program files\VstPlugins

2011-06-08 19:12 . 2011-04-20 11:50 2510848 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{72b9f528-5143-7593-11db-02d7fdd3785b}\components\3f635668.dll

2011-06-08 19:08 . 2011-06-08 19:08 45056 ----a-r- c:\users\sean\AppData\Roaming\Microsoft\Installer\{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}\ARPPRODUCTICON.exe

2011-06-04 17:00 . 2011-06-04 17:00 -------- d-----w- c:\users\sean\AppData\Local\{FB7C850B-307B-40E7-88E9-D3BE16EB47EC}

2011-06-02 14:56 . 2011-06-02 14:56 -------- d-----w- c:\program files (x86)\Toontrack

2011-06-02 14:37 . 2011-06-02 14:36 737280 ----a-w- c:\windows\iun6002.exe

2011-06-02 14:37 . 2011-06-02 14:37 -------- d-----w- c:\program files (x86)\Drumagog40

2011-06-01 18:52 . 2011-06-01 18:53 -------- d-----w- c:\users\sean\AppData\Local\{8120E14A-6A96-4536-B1A6-4EBC9505B7BC}

2011-06-01 18:52 . 2011-06-01 18:52 -------- d-----w- c:\users\sean\AppData\Local\{28147F5B-C4EB-4DED-B3A2-CCD3ED59E4AE}

2011-05-30 19:26 . 2011-05-30 19:26 -------- d-----w- C:\AcmeBarGig

2011-05-30 19:21 . 2011-05-30 19:21 -------- d-----w- c:\program files\M-Audio

2011-05-30 17:33 . 2011-05-30 17:33 -------- d-----w- c:\windows\system32\SPReview

2011-05-30 17:32 . 2011-05-30 17:32 -------- d-----w- c:\windows\system32\EventProviders

2011-05-30 17:27 . 2010-11-20 13:33 273792 ----a-w- c:\windows\system32\drivers\msiscsi.sys

2011-05-30 17:26 . 2010-11-20 13:27 132608 ----a-w- c:\windows\system32\wmpshell.dll

2011-05-30 17:25 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll

2011-05-30 17:25 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll

2011-05-30 17:23 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll

2011-05-29 19:06 . 2011-06-02 15:02 -------- d-----w- c:\users\sean\AppData\Roaming\REAPER

2011-05-29 19:06 . 2011-05-29 19:06 -------- d-----w- c:\program files\REAPER (x64)

2011-05-28 03:42 . 2011-05-28 03:42 -------- d-----w- c:\users\sean\AppData\Roaming\Trillium Lane

2011-05-28 03:38 . 2011-05-28 03:40 -------- d-----w- c:\users\sean\AppData\Roaming\PACE Anti-Piracy

2011-05-28 03:38 . 2011-05-28 03:40 -------- d-----w- c:\programdata\PACE Anti-Piracy

2011-05-28 03:38 . 2011-05-28 03:39 -------- d-----w- c:\users\sean\AppData\Local\PACE Anti-Piracy

2011-05-28 03:38 . 2011-05-28 03:38 -------- d-----w- c:\program files (x86)\Common Files\PACE Anti-Piracy

2011-05-28 03:33 . 2011-05-28 03:33 -------- d-----w- c:\programdata\Digidesign

2011-05-28 03:13 . 2011-05-28 03:13 -------- d-----w- c:\program files (x86)\InterLok

2011-05-28 03:11 . 2009-12-19 06:42 21520 ----a-w- c:\windows\system32\drivers\diginet.sys

2011-05-28 03:10 . 2011-06-08 20:35 -------- d-----w- c:\program files (x86)\Digidesign

2011-05-28 03:10 . 2011-06-08 20:28 -------- d-----w- c:\program files (x86)\Common Files\Digidesign

2011-05-28 02:28 . 2011-05-28 02:28 -------- d-----w- c:\users\sean\AppData\Roaming\InstallShield

2011-05-25 22:45 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2011-05-25 19:37 . 2011-05-25 19:41 -------- d-----w- C:\video

2011-05-21 14:59 . 2011-05-21 15:00 -------- d-----w- C:\3d63c764813744b65264d610e178

2011-05-20 03:31 . 2011-05-20 03:31 -------- d-----w- c:\users\sean\AppData\Local\Adobe

2011-05-20 02:48 . 2011-05-20 02:48 -------- d-----w- c:\program files\Microsoft IntelliPoint

2011-05-20 01:59 . 2011-05-20 01:59 -------- d-----w- c:\users\sean\AppData\Roaming\VST3 Presets

2011-05-20 01:56 . 2011-05-20 01:56 -------- d-----w- c:\program files (x86)\Common Files\Steinberg

2011-05-20 01:54 . 2011-05-20 01:54 2892 ----a-w- c:\windows\SysWow64\audcon.sys

2011-05-20 01:54 . 2011-05-20 01:54 -------- d-----w- c:\programdata\Syncrosoft

2011-05-20 01:52 . 2009-09-17 23:20 1695232 ----a-w- c:\windows\system32\synsoacc.dll

2011-05-20 01:52 . 2011-05-20 01:54 -------- d-----w- c:\programdata\eLicenser

2011-05-20 01:52 . 2011-05-20 01:53 -------- d-----w- c:\program files (x86)\eLicenser

2011-05-20 01:52 . 2011-05-20 01:52 -------- d-----w- c:\program files (x86)\Syncrosoft

2011-05-20 01:52 . 2009-09-17 23:20 1261568 ----a-w- c:\windows\SysWow64\SYNSOACC.dll

2011-05-20 01:52 . 2009-05-19 22:21 86016 ----a-w- c:\windows\SysWow64\SYNSOPOS.exe

2011-05-20 01:41 . 2010-08-05 15:37 242240 ------w- c:\windows\system32\US-1800.CPL

2011-05-20 01:41 . 2011-05-20 01:41 -------- d-----w- c:\windows\usb-audio.deTascamUS1800

2011-05-20 01:41 . 2010-08-05 15:37 50752 ----a-w- c:\windows\system32\drivers\tus1800a.sys

2011-05-20 01:41 . 2010-08-05 15:37 31296 ----a-w- c:\windows\system32\drivers\tus1800m.sys

2011-05-20 01:41 . 2010-08-05 15:37 409664 ----a-w- c:\windows\system32\drivers\tus1800u.sys

2011-05-20 01:40 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe

2011-05-20 01:40 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe

2011-05-19 14:44 . 2011-05-19 14:44 -------- d-----w- c:\program files (x86)\Microsoft.NET

2011-05-19 00:51 . 2011-05-19 00:51 -------- d-----w- c:\program files (x86)\ASIO4ALL v2

2011-05-17 19:18 . 2011-06-13 22:23 -------- d-----w- C:\audio

2011-05-17 14:56 . 2011-05-17 18:56 -------- d-----w- c:\program files (x86)\VSTPlugins

2011-05-17 14:56 . 2011-05-17 18:48 -------- d-----w- c:\program files (x86)\FXpansion

2011-05-17 14:55 . 2011-05-17 19:11 -------- d-----w- c:\users\sean\AppData\Roaming\FXpansion

2011-05-16 23:36 . 2009-10-12 04:58 1177600 ----a-w- c:\windows\SysWow64\SYNSOEMU.DLL

2011-05-16 23:36 . 2011-05-16 23:36 -------- d-----w- c:\program files (x86)\Common Files\VST3

2011-05-16 23:27 . 2011-05-16 23:27 -------- d-----w- c:\programdata\Steinberg

2011-05-16 23:24 . 2011-06-08 20:36 -------- d-----w- c:\program files (x86)\Steinberg

2011-05-16 23:24 . 2011-05-20 01:55 -------- d-----w- c:\users\sean\AppData\Roaming\Steinberg

2011-05-16 19:50 . 2011-05-16 19:50 338432 ----a-w- c:\windows\SysWow64\REX Shared Library.dll

2011-05-16 19:50 . 2011-05-16 19:50 406528 ----a-w- c:\windows\SysWow64\ReWire.dll

2011-05-16 19:47 . 2011-05-16 19:50 -------- d-----w- c:\programdata\Propellerhead Software

2011-05-16 19:47 . 2011-05-19 00:49 -------- d-----w- c:\users\sean\AppData\Roaming\Propellerhead Software

2011-05-16 19:46 . 2011-05-16 19:46 -------- d-----w- c:\program files (x86)\Propellerhead

2011-05-16 19:44 . 2011-05-16 19:44 254528 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2011-05-16 19:44 . 2011-05-16 19:44 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite

2011-05-16 19:44 . 2011-05-16 19:46 -------- d-----w- c:\users\sean\AppData\Roaming\DAEMON Tools Lite

2011-05-16 19:44 . 2011-05-16 19:44 -------- d-----w- c:\programdata\DAEMON Tools Lite

2011-05-15 10:25 . 2011-05-15 10:25 -------- d-----w- c:\windows\SysWow64\Wat

2011-05-15 10:25 . 2011-05-15 10:25 -------- d-----w- c:\windows\system32\Wat

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-11 03:33 . 2011-05-13 20:04 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-05-30 17:41 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2011-05-30 17:41 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2011-05-13 18:02 . 2010-06-24 17:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-04-14 20:01 . 2010-11-22 08:27 9984 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-04-14 20:01 . 2010-01-06 02:04 94992 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-04-14 20:01 . 2010-01-06 02:04 75160 ----a-w- c:\windows\system32\drivers\mfenlfk.sys

2011-04-14 20:01 . 2010-01-06 02:04 63056 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-04-14 20:01 . 2010-01-06 02:04 530304 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-04-14 20:01 . 2010-01-06 02:04 441840 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-04-14 20:01 . 2010-01-06 02:04 283744 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2011-04-14 20:01 . 2010-01-06 02:04 190520 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-04-14 20:01 . 2010-01-06 02:04 121376 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-04-13 22:04 . 2011-04-13 22:04 45432 ----a-w- c:\windows\system32\drivers\point64.sys

2011-04-09 07:02 . 2011-05-14 17:00 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-04-09 06:02 . 2011-05-14 17:00 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2011-04-09 06:02 . 2011-05-14 17:00 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2011-04-09 06:00 . 2011-04-09 06:00 464896 ----a-w- c:\windows\system32\ipcoin815.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2010-05-27 03:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-05-13 399736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]

"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1486392]

"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]

"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]

"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]

"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]

"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 iLokDrvr;Usb Driver;c:\windows\system32\DRIVERS\iLokDrvr.sys [x]

R3 MADFUFTU8R;Service for M-Audio FastTrackUltra8R DFU;c:\windows\system32\DRIVERS\MAudioFastTrackUltra8R_DFU.sys [x]

R3 MAUSBFASTTRACKULTRA8R;Service for M-Audio Fast Track Ultra 8R;c:\windows\system32\DRIVERS\MAudioFastTrackUltra8R.sys [x]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]

R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 TASCAM_US1800;TASCAM US-1800 Audio Device driver;c:\windows\system32\Drivers\tus1800u.sys [x]

R3 TASCAM_US1800_MIDI;TASCAM US-1800 WDM MIDI Device;c:\windows\system32\drivers\tus1800m.sys [x]

R3 TASCAM_US1800_WDM;TASCAM US-1800 WDM;c:\windows\system32\drivers\tus1800a.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2010-03-10 355440]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896]

S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2010-03-10 355440]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 245352]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-04-14 149032]

S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]

S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 243232]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2010-05-27 03:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768]

"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-14 165912]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-14 387608]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-14 365592]

"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]

"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2009-10-06 798216]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = hxxp://acer.msn.com

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://acer.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\sean\AppData\Roaming\Mozilla\Firefox\Profiles\ui4fqg88.default\

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-epcbvikctjfho - c:\windows\system32\epcbvikctjfho.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2579752490-95955909-2022076903-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-2579752490-95955909-2022076903-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\SysWOW64\rundll32.exe

.

**************************************************************************

.

Completion time: 2011-06-13 15:29:18 - machine was rebooted

ComboFix-quarantined-files.txt 2011-06-13 22:29

.

Pre-Run: 560,948,871,168 bytes free

Post-Run: 561,025,650,688 bytes free

.

- - End Of File - - A5CFB4848AD277AE616B64BF346A3EFE

DDS:

.

DDS (Ver_2011-06-03.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514

Run by sean at 15:43:11 on 2011-06-13

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.4026.2824 [GMT -7:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Launch Manager\dsiwmis.exe

C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\rundll32.exe

C:\Program Files\Acer\Acer Updater\UpdaterService.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\Explorer.EXE

C:\Windows\system32\Dwm.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Windows\System32\M-AudioTaskBarIcon.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\igfxext.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files\mcafee.com\agent\mcagent.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

C:\Program Files (x86)\Launch Manager\LMworker.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://acer.msn.com

mStart Page = hxxp://acer.msn.com

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\PROGRA~1\mcafee\msk\mskapbho.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110514110242.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d

mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"

mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{12B31360-51AF-46F6-951C-5D82709063EC} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{FDED1584-56C8-49A8-B186-D0ABD3A57600} : DhcpNameServer = 172.25.0.30 24.235.110.66 206.108.149.254

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll

BHO-X64: McAfee Phishing Filter - No File

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110514110242.dll

BHO-X64: scriptproxy - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun-x64: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d

mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"

mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\sean\AppData\Roaming\Mozilla\Firefox\Profiles\ui4fqg88.default\

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]

R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]

R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]

R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-11-22 321104]

R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-1-29 868896]

R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-22 13336]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-6-8 366640]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-5-13 355440]

R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-5-13 355440]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-5-13 355440]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-5-13 355440]

R2 McShield;McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2010-11-22 200056]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2010-11-22 245352]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe [2010-11-22 149032]

R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]

R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-6-28 255744]

R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-11-22 243232]

R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 iLokDrvr;Usb Driver;C:\Windows\system32\DRIVERS\iLokDrvr.sys --> C:\Windows\system32\DRIVERS\iLokDrvr.sys [?]

S3 MADFUFTU8R;Service for M-Audio FastTrackUltra8R DFU;C:\Windows\system32\DRIVERS\MAudioFastTrackUltra8R_DFU.sys --> C:\Windows\system32\DRIVERS\MAudioFastTrackUltra8R_DFU.sys [?]

S3 MAUSBFASTTRACKULTRA8R;Service for M-Audio Fast Track Ultra 8R;C:\Windows\system32\DRIVERS\MAudioFastTrackUltra8R.sys --> C:\Windows\system32\DRIVERS\MAudioFastTrackUltra8R.sys [?]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-5-26 305520]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 TASCAM_US1800;TASCAM US-1800 Audio Device driver;C:\Windows\system32\Drivers\tus1800u.sys --> C:\Windows\system32\Drivers\tus1800u.sys [?]

S3 TASCAM_US1800_MIDI;TASCAM US-1800 WDM MIDI Device;C:\Windows\system32\drivers\tus1800m.sys --> C:\Windows\system32\drivers\tus1800m.sys [?]

S3 TASCAM_US1800_WDM;TASCAM US-1800 WDM;C:\Windows\system32\drivers\tus1800a.sys --> C:\Windows\system32\drivers\tus1800a.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-5-13 355440]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2011-06-13 22:39:28 -------- d-sh--w- C:\$RECYCLE.BIN

2011-06-13 21:39:07 98816 ----a-w- C:\Windows\sed.exe

2011-06-13 21:39:07 518144 ----a-w- C:\Windows\SWREG.exe

2011-06-13 21:39:07 256512 ----a-w- C:\Windows\PEV.exe

2011-06-13 21:39:07 208896 ----a-w- C:\Windows\MBR.exe

2011-06-09 15:01:54 -------- d-----w- C:\Users\sean\AppData\Local\{3BE83C96-99FF-4255-B9C9-3134F4A81919}

2011-06-09 01:28:02 -------- d-----w- C:\Users\sean\AppData\Local\{AE1691C8-065C-4FF7-BA21-433D50753939}

2011-06-08 20:16:16 -------- d-----w- C:\Users\sean\AppData\Roaming\Malwarebytes

2011-06-08 20:16:09 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-06-08 20:16:08 -------- d-----w- C:\ProgramData\Malwarebytes

2011-06-08 20:16:05 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-06-08 20:16:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-06-08 19:12:54 -------- d-----w- C:\Program Files\VstPlugins

2011-06-08 19:12:25 2510848 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{72b9f528-5143-7593-11db-02d7fdd3785b}\components\3f635668.dll

2011-06-08 19:08:37 45056 ----a-r- C:\Users\sean\AppData\Roaming\Microsoft\Installer\{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}\ARPPRODUCTICON.exe

2011-06-04 17:00:38 -------- d-----w- C:\Users\sean\AppData\Local\{FB7C850B-307B-40E7-88E9-D3BE16EB47EC}

2011-06-02 14:56:16 -------- d-----w- C:\Program Files (x86)\Toontrack

2011-06-02 14:37:07 737280 ----a-w- C:\Windows\iun6002.exe

2011-06-02 14:37:03 -------- d-----w- C:\Program Files (x86)\Drumagog40

2011-06-01 18:52:44 -------- d-----w- C:\Users\sean\AppData\Local\{8120E14A-6A96-4536-B1A6-4EBC9505B7BC}

2011-06-01 18:52:43 -------- d-----w- C:\Users\sean\AppData\Local\{28147F5B-C4EB-4DED-B3A2-CCD3ED59E4AE}

2011-05-30 19:26:34 -------- d-----w- C:\AcmeBarGig

2011-05-30 19:21:31 -------- d-----w- C:\Program Files\M-Audio

2011-05-30 17:33:23 -------- d-----w- C:\Windows\System32\SPReview

2011-05-30 17:32:32 -------- d-----w- C:\Windows\System32\EventProviders

2011-05-30 17:27:59 4583424 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe

2011-05-30 17:26:59 98304 ----a-w- C:\Windows\SysWow64\nslookup.exe

2011-05-30 17:25:51 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll

2011-05-30 17:25:51 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll

2011-05-30 17:23:33 529408 ----a-w- C:\Windows\System32\wbemcomn.dll

2011-05-29 19:06:55 -------- d-----w- C:\Users\sean\AppData\Roaming\REAPER

2011-05-29 19:06:38 -------- d-----w- C:\Program Files\REAPER (x64)

2011-05-28 03:42:35 -------- d-----w- C:\Users\sean\AppData\Roaming\Trillium Lane

2011-05-28 03:38:23 -------- d-----w- C:\Users\sean\AppData\Roaming\PACE Anti-Piracy

2011-05-28 03:38:23 -------- d-----w- C:\Users\sean\AppData\Local\PACE Anti-Piracy

2011-05-28 03:38:23 -------- d-----w- C:\ProgramData\PACE Anti-Piracy

2011-05-28 03:38:22 -------- d-----w- C:\Program Files (x86)\Common Files\PACE Anti-Piracy

2011-05-28 03:33:14 -------- d-----w- C:\ProgramData\Digidesign

2011-05-28 03:13:56 -------- d-----w- C:\Program Files (x86)\InterLok

2011-05-28 03:11:57 21520 ----a-w- C:\Windows\System32\drivers\diginet.sys

2011-05-28 03:10:51 -------- d-----w- C:\Program Files (x86)\Digidesign

2011-05-28 03:10:41 -------- d-----w- C:\Program Files (x86)\Common Files\Digidesign

2011-05-25 22:45:53 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys

2011-05-25 19:37:50 -------- d-----w- C:\video

2011-05-21 14:59:56 -------- d-----w- C:\3d63c764813744b65264d610e178

2011-05-20 03:31:14 -------- d-----w- C:\Users\sean\AppData\Local\Adobe

2011-05-20 02:48:17 -------- d-----w- C:\Program Files\Microsoft IntelliPoint

2011-05-20 01:59:40 -------- d-----w- C:\Users\sean\AppData\Roaming\VST3 Presets

2011-05-20 01:56:19 -------- d-----w- C:\Program Files (x86)\Common Files\Steinberg

2011-05-20 01:54:07 2892 ----a-w- C:\Windows\SysWow64\audcon.sys

2011-05-20 01:54:06 -------- d-----w- C:\ProgramData\Syncrosoft

2011-05-20 01:52:35 1695232 ----a-w- C:\Windows\System32\synsoacc.dll

2011-05-20 01:52:32 -------- d-----w- C:\ProgramData\eLicenser

2011-05-20 01:52:32 -------- d-----w- C:\Program Files (x86)\Syncrosoft

2011-05-20 01:52:32 -------- d-----w- C:\Program Files (x86)\eLicenser

2011-05-20 01:52:29 86016 ----a-w- C:\Windows\SysWow64\SYNSOPOS.exe

2011-05-20 01:52:29 1261568 ----a-w- C:\Windows\SysWow64\SYNSOACC.dll

2011-05-20 01:41:08 242240 ------w- C:\Windows\System32\US-1800.CPL

2011-05-20 01:41:07 50752 ----a-w- C:\Windows\System32\drivers\tus1800a.sys

2011-05-20 01:41:07 409664 ----a-w- C:\Windows\System32\drivers\tus1800u.sys

2011-05-20 01:41:07 31296 ----a-w- C:\Windows\System32\drivers\tus1800m.sys

2011-05-20 01:41:07 -------- d-----w- C:\Windows\usb-audio.deTascamUS1800

2011-05-20 01:40:08 142336 ----a-w- C:\Windows\System32\poqexec.exe

2011-05-20 01:40:08 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe

2011-05-19 00:51:14 -------- d-----w- C:\Program Files (x86)\ASIO4ALL v2

2011-05-17 19:18:23 -------- d-----w- C:\audio

2011-05-17 14:56:35 -------- d-----w- C:\Program Files (x86)\VSTPlugins

2011-05-17 14:56:27 -------- d-----w- C:\Program Files (x86)\FXpansion

2011-05-17 14:55:15 -------- d-----w- C:\Users\sean\AppData\Roaming\FXpansion

2011-05-16 23:36:47 1177600 ----a-w- C:\Windows\SysWow64\SYNSOEMU.DLL

2011-05-16 23:36:40 -------- d-----w- C:\Program Files (x86)\Common Files\VST3

2011-05-16 23:27:08 -------- d-----w- C:\ProgramData\Steinberg

2011-05-16 23:24:24 -------- d-----w- C:\Users\sean\AppData\Roaming\Steinberg

2011-05-16 23:24:24 -------- d-----w- C:\Program Files (x86)\Steinberg

2011-05-16 19:50:37 338432 ----a-w- C:\Windows\SysWow64\REX Shared Library.dll

2011-05-16 19:50:35 406528 ----a-w- C:\Windows\SysWow64\ReWire.dll

2011-05-16 19:47:39 -------- d-----w- C:\ProgramData\Propellerhead Software

2011-05-16 19:47:38 -------- d-----w- C:\Users\sean\AppData\Roaming\Propellerhead Software

2011-05-16 19:46:32 -------- d-----w- C:\Program Files (x86)\Propellerhead

2011-05-16 19:44:57 254528 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys

2011-05-16 19:44:40 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite

2011-05-16 19:44:18 -------- d-----w- C:\Users\sean\AppData\Roaming\DAEMON Tools Lite

2011-05-16 19:44:18 -------- d-----w- C:\ProgramData\DAEMON Tools Lite

2011-05-15 10:25:26 -------- d-----w- C:\Windows\SysWow64\Wat

2011-05-15 10:25:26 -------- d-----w- C:\Windows\System32\Wat

.

==================== Find3M ====================

.

2011-06-11 03:33:52 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-05-30 17:41:23 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2011-05-30 17:41:22 175616 ----a-w- C:\Windows\System32\msclmd.dll

2011-04-14 20:01:38 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys

2011-04-14 20:01:38 94992 ----a-w- C:\Windows\System32\drivers\mferkdet.sys

2011-04-14 20:01:38 75160 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys

2011-04-14 20:01:38 63056 ----a-w- C:\Windows\System32\drivers\cfwids.sys

2011-04-14 20:01:38 530304 ----a-w- C:\Windows\System32\drivers\mfehidk.sys

2011-04-14 20:01:38 441840 ----a-w- C:\Windows\System32\drivers\mfefirek.sys

2011-04-14 20:01:38 283744 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys

2011-04-14 20:01:38 190520 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys

2011-04-14 20:01:38 121376 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys

2011-04-13 22:04:38 45432 ----a-w- C:\Windows\System32\drivers\point64.sys

2011-04-09 07:02:55 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe

2011-04-09 06:02:25 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2011-04-09 06:02:25 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2011-04-09 06:00:28 464896 ----a-w- C:\Windows\System32\ipcoin815.dll

.

============= FINISH: 15:44:27.49 ===============

THANKS FOR ALL YOUR HELP + EFFORTS :)

Link to post
Share on other sites

  • Staff

Hi,

Grab a fresh copy of ComboFix, run it, and post its log.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Link to post
Share on other sites

  • 4 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.