Jump to content

Malwarebytes found problems


Recommended Posts

Hi,

I ran Malewarebytes on a fairly new laptop, and found the below. I did remove these problems, but need to make sure there's no additional problems. Can someone help with any additional things to do?

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7977

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

10/18/2011 9:14:55 PM

mbam-log-2011-10-18 (21-14-55).txt

Scan type: Quick scan

Objects scanned: 196789

Time elapsed: 11 minute(s), 13 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 4

Registry Keys Infected: 5

Registry Values Infected: 3

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 7

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

c:\Users\dwillis\AppData\Local\Adobe\adobeupdate\adobeupdt32.dll (Trojan.SHarpro) -> Delete on reboot.

c:\Users\dwillis\AppData\Local\tcpipwin32.dll (Trojan.SHarpro.Gen) -> Delete on reboot.

c:\programdata\mousebackupverifier.dll (Trojan.SHarpro.PGen) -> Delete on reboot.

c:\Users\dwillis\AppData\Local\virtualstore\virtualstoreupdate\virtualstoreupdt32.dll (Trojan.SHarpro.PGen) -> Delete on reboot.

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{01B4791D-A5A7-45C1-BD2F-595B314AA152} (Trojan.SHarpro.Gen) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01B4791D-A5A7-45C1-BD2F-595B314AA152} (Trojan.SHarpro.Gen) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{01B4791D-A5A7-45C1-BD2F-595B314AA152} (Trojan.SHarpro.Gen) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{01B4791D-A5A7-45C1-BD2F-595B314AA152} (Trojan.SHarpro.Gen) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Netscape Update (Trojan.SHarpro) -> Value: Netscape Update -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MouseBackupVerifier (Trojan.SHarpro.PGen) -> Value: MouseBackupVerifier -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Leader Update (Trojan.SHarpro.PGen) -> Value: Leader Update -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\dwillis\AppData\Local\Temp\thpm3308519708440818443.tmp (Exploit.Drop.3) -> Quarantined and deleted successfully.

c:\Users\dwillis\local settings\application data\Adobe\adobeupdate\adobeupdt32.dll (Trojan.SHarpro) -> Delete on reboot.

c:\Users\dwillis\AppData\Local\Adobe\adobeupdate\adobeupdt32.dll (Trojan.SHarpro) -> Delete on reboot.

c:\Users\dwillis\local settings\application data\tcpipwin32.dll (Trojan.SHarpro.Gen) -> Quarantined and deleted successfully.

c:\Users\dwillis\AppData\Local\tcpipwin32.dll (Trojan.SHarpro.Gen) -> Quarantined and deleted successfully.

c:\programdata\mousebackupverifier.dll (Trojan.SHarpro.PGen) -> Delete on reboot.

c:\Users\dwillis\AppData\Local\virtualstore\virtualstoreupdate\virtualstoreupdt32.dll (Trojan.SHarpro.PGen) -> Delete on reboot.

Link to post
Share on other sites

Thank you for the reply. I am also now having IE redirect problems as well. Here are the logs:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8033

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

10/29/2011 10:46:34 PM

mbam-log-2011-10-29 (22-46-34).txt

Scan type: Quick scan

Objects scanned: 196830

Time elapsed: 10 minute(s), 35 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 3

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{01B4791D-A5A7-45C1-BD2F-595B314AA152} (Trojan.SHarpro.Gen) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01B4791D-A5A7-45C1-BD2F-595B314AA152} (Trojan.SHarpro.Gen) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\dwillis\AppData\Local\Temp\thpm2177313071744657143.tmp (Exploit.Drop.3) -> Quarantined and deleted successfully.

c:\Users\dwillis\local settings\application data\networkwin32.dll (Trojan.SHarpro.Gen) -> Quarantined and deleted successfully.

c:\Users\dwillis\AppData\Local\networkwin32.dll (Trojan.SHarpro.Gen) -> Quarantined and deleted successfully.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by dwillis at 1:33:46 on 2011-10-30

Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.1903.479 [GMT -5:00]

.

AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\vcsFPService.exe

C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

C:\Program Files\ACEmessage\Client\ACEnwork.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\IDT\WDM\aestsrv.exe

C:\Program Files\avs\bin\avagent.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Windows\system32\mfevtps.exe

C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe

C:\Windows\system32\conhost.exe

C:\Program Files\QUALCOMM\QDLService2k\QDLService2kHP.exe

C:\Program Files\McAfee\Common Framework\naPrdMgr.exe

C:\Program Files\Riverbed\Steelhead Mobile\rbtlogger.exe

C:\Program Files\Riverbed\Steelhead Mobile\rbtmon.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Windows\system32\CCM\CcmExec.exe

C:\Windows\system32\fxssvc.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Riverbed\Steelhead Mobile\rbtsport.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Hewlett-Packard\HP Connection Manager\SMManager.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe

C:\Program Files\Riverbed\Steelhead Mobile\shmobile.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\Epson Software\Event Manager\EEventManager.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\ACEmessage\Client\ACEclnt.exe

C:\Program Files\avs\bin\avscc.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Yahoo!\Companion\Installs\cpn0\ytbb.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\McAfee\Common Framework\McScript_InUse.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com

uDefault_Page_URL = hxxp://portal.dako.com

uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn0\YTNavAssist.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110819154749.dll

BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll

TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

uRun: [MicrosoftManagerOnline] rundll32.exe "c:\programdata\MicrosoftManagerOnline.dll",DllRegisterServer

uRun: [Policies Update] rundll32 "c:\users\dwillis\appdata\local\abbyy\abbyyupdate\ABBYYup.DLL",DllRegisterServer

uRun: [smith Update] rundll32 "c:\users\dwillis\appdata\local\downloaded installations\downloadedupdate\Downloadedup.DLL",DllRegisterServer

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe

mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start

mRun: [steelhead Mobile] c:\program files\riverbed\steelhead mobile\shmobile.exe

mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey

mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"

mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"

mRun: [LTCM Client] c:\program files\ltcm client\ltcmClient.exe /startup

mRun: [<NO NAME>]

mRun: [HP Connection Manager.exe]

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

StartupFolder: c:\users\dwillis\appdata\roaming\micros~1\windows\startm~1\programs\startup\epsona~1.lnk - d:\common\epsonreg\EpsonReg.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\acemes~1.lnk - c:\program files\acemessage\client\ACEclnt.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\client.lnk - c:\program files\avs\bin\avscc.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{21e247d4-5e27-4bea-aa4d-19a81203fe2a}\Icon3E5562ED7.ico

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL

Trusted Zone: dako.net\sharepoint1.caus

Trusted Zone: sharepoint1

Trusted Zone: dako.net\sharepoint1.caus

Trusted Zone: sharepoint1

DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

TCP: DhcpNameServer = 192.168.100.2

TCP: Interfaces\{15527850-28E7-41F3-953E-365C0CAD22ED} : NameServer = 66.174.71.33 66.174.95.44

TCP: Interfaces\{5FC1FB0F-A794-4976-AE20-01758701B182} : DhcpNameServer = 192.168.100.2

Notify: igfxcui - igfxdev.dll

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-8-19 436728]

R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-8-19 162928]

R1 rbtnfd_srv;Steelhead Mobile Filter Driver;c:\windows\system32\drivers\rbtnfd.sys [2011-8-19 388608]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-5-14 759048]

R2 ACEnwork;ACEmessage Network Client;c:\program files\acemessage\client\ACEnwork.exe [2008-11-29 40960]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]

R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2011-8-19 81920]

R2 avbackup;Backup Agent;c:\program files\avs\bin\avagent.exe [2010-9-10 4965728]

R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2011-5-13 26168]

R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2010-2-18 120128]

R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-8-19 159320]

R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2011-1-12 209760]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-8-19 145936]

R2 QDLService2kHP;Qualcomm Gobi 2000 Download Service (HP);c:\program files\qualcomm\qdlservice2k\QDLService2kHP.exe [2009-10-1 330488]

R2 RVBD_SH_Mobile_Logger;Riverbed Steelhead Mobile Logger Service;c:\program files\riverbed\steelhead mobile\rbtlogger.exe [2011-4-9 863232]

R2 RVBD_SH_Mobile_Monitor;Riverbed Steelhead Mobile Monitor Service;c:\program files\riverbed\steelhead mobile\rbtmon.exe [2011-4-9 6164992]

R2 SMManager;HP Connection Manager Service;c:\program files\hewlett-packard\hp connection manager\SMManager.exe [2009-11-13 82760]

R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-12-14 1639728]

R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2008-7-25 370872]

R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2011-8-19 228408]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2011-5-5 266408]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-2-26 132480]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-8-31 269824]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-8-19 171296]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-8-19 58456]

R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2011-8-19 6755840]

R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [2011-8-19 49152]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 TeamViewer5;TeamViewer 5; [x]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 dc21x4vm;dc21x4vm;c:\windows\system32\drivers\dc21x4vm.sys [2009-6-10 52224]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-8-19 85152]

S3 qcfilterhp2k;Gobi 2000 USB Composite Device Filter Driver(03F0-251D);c:\windows\system32\drivers\qcfilterhp2k.sys [2009-10-1 5248]

S3 qcusbnethp2k;Gobi 2000 USB-NDIS miniport(03F0-251D);c:\windows\system32\drivers\qcusbnethp2k.sys [2009-10-1 201728]

S3 qcusbserhp2k;Gobi 2000 USB Device for Legacy Serial Communication(03F0-251D);c:\windows\system32\drivers\qcusbserhp2k.sys [2009-10-1 106368]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-8-24 15872]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-8-24 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-8-24 1343400]

.

=============== Created Last 30 ================

.

2011-10-30 03:34:44 190976 ----a-w- c:\programdata\MicrosoftManagerOnline.dll

2011-10-19 04:38:10 -------- d-----w- c:\program files\ESET

2011-10-13 22:34:25 -------- d-----w- c:\program files\CCleaner

2011-10-13 21:31:28 -------- d-----w- c:\users\dwillis\appdata\local\File Renamer Basic

2011-10-08 00:30:37 -------- d-----w- c:\users\dwillis\appdata\roaming\Malwarebytes

2011-10-08 00:30:20 -------- d-----w- c:\programdata\Malwarebytes

2011-10-08 00:30:16 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-08 00:30:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.

==================== Find3M ====================

.

2011-09-02 02:15:06 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-24 17:30:27 152576 ----a-w- c:\windows\system32\msclmd.dll

2011-08-19 22:47:13 162928 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2011-08-19 22:47:13 145936 ----a-w- c:\windows\system32\mfevtps.exe

2011-08-19 22:47:12 85152 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-08-19 22:47:12 74848 ----a-w- c:\windows\system32\MfeOtlkAddin.dll

2011-08-19 22:47:12 436728 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-08-19 22:47:12 22816 ----a-w- c:\windows\system32\MFEOtlk.dll

2011-08-19 22:47:11 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-08-19 22:47:11 58456 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-08-19 22:47:10 171296 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-08-19 22:47:09 116104 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-08-19 22:29:16 411368 ----a-w- c:\windows\system32\deploytk.dll

2011-08-19 21:39:50 495708 ----a-w- c:\windows\sttray.exe

2011-08-19 21:39:50 431616 ----a-w- c:\windows\system32\drivers\stwrt.sys

2011-08-19 21:39:49 934912 ----a-w- c:\windows\system32\stapo.dll

2011-08-19 21:39:49 531968 ------w- c:\windows\system32\stapi32.dll

2011-08-19 21:39:49 405504 ----a-w- c:\windows\system32\stcplx.dll

2011-08-19 21:39:49 1953792 ----a-w- c:\windows\system32\stlang.dll

2011-08-19 21:39:48 179712 ----a-w- c:\windows\system32\staco.dll

2011-08-19 21:39:48 12705884 ----a-w- c:\windows\system32\idtcpl.cpl

2011-08-19 21:39:46 380928 ----a-w- c:\windows\system32\aestecap.dll

2011-08-19 21:39:45 86016 ----a-w- c:\windows\system32\AESTCom.dll

2011-08-19 21:39:45 61440 ----a-w- c:\windows\system32\aestaren.dll

2011-08-19 21:39:45 140288 ----a-w- c:\windows\system32\aestacap.dll

2011-08-19 20:37:14 90112 ----a-w- c:\windows\system32\snymsico.dll

2011-08-19 20:37:14 38400 ----a-w- c:\windows\system32\drivers\rixdptsk.sys

2011-08-19 20:37:13 49152 ----a-w- c:\windows\system32\drivers\rismc32.sys

2011-08-19 20:37:13 44544 ----a-w- c:\windows\system32\drivers\rimsptsk.sys

2011-08-19 20:37:13 172032 ----a-w- c:\windows\system32\rixdicon.dll

2011-08-19 20:37:12 48128 ----a-w- c:\windows\system32\drivers\rimmptsk.sys

2011-08-19 20:34:40 6755840 ----a-w- c:\windows\system32\drivers\NETw5s32.sys

2011-08-19 20:34:39 675840 ----a-w- c:\windows\system32\NETw5c32.dll

2011-08-19 20:34:39 2756608 ----a-w- c:\windows\system32\NETw5r32.dll

2011-08-19 20:34:29 313904 ----a-w- c:\windows\system32\vsnp2uvc.dll

2011-08-19 20:34:29 27184 ----a-w- c:\windows\snuvcdsm.exe

2011-08-19 20:34:29 1758464 ----a-w- c:\windows\system32\drivers\snp2uvc.sys

2011-08-19 20:34:28 34480 ----a-w- c:\windows\system32\drivers\sncduvc.sys

2011-08-19 20:34:28 256560 ----a-w- c:\windows\system32\rsnp2uvc.dll

2011-08-19 20:34:28 213040 ----a-w- c:\windows\system32\csnp2uvc.dll

2011-08-19 20:34:01 331288 ----a-w- c:\windows\system32\drivers\iaStor.sys

2011-08-19 20:33:52 41088 ----a-w- c:\windows\system32\drivers\HECI.sys

2011-08-19 20:33:05 28792 ----a-w- c:\windows\system32\NicCo36.dll

2011-08-19 20:32:43 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll

2011-08-19 20:31:22 13368 ----a-w- c:\windows\system32\HPMDPCoInst.dll

2011-08-09 13:56:52 196608 ----a-w- c:\windows\system32\bzpdf.dll

2011-08-01 20:56:42 40936 ----a-w- c:\windows\system32\drivers\point32.sys

.

============= FINISH: 1:35:17.94 ===============

Link to post
Share on other sites

  • Staff

Hi,

My apologies for the delay.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

ComboFix 11-11-03.03 - dwillis 11/03/2011 15:04:27.1.4 - x86

Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.1903.989 [GMT -5:00]

Running from: c:\users\dwillis\Desktop\ComboFix.exe

AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\MicrosoftManagerOnline.dll

.

.

((((((((((((((((((((((((( Files Created from 2011-10-03 to 2011-11-03 )))))))))))))))))))))))))))))))

.

.

2011-11-03 20:15 . 2011-11-03 20:16 -------- d-----w- c:\users\dwillis\AppData\Local\temp

2011-11-03 20:15 . 2011-11-03 20:15 -------- d-----w- c:\users\salbritton\AppData\Local\temp

2011-11-03 20:15 . 2011-11-03 20:15 -------- d-----w- c:\users\jhenry\AppData\Local\temp

2011-11-03 20:15 . 2011-11-03 20:15 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-10-19 04:38 . 2011-10-19 04:38 -------- d-----w- c:\program files\ESET

2011-10-13 22:34 . 2011-10-13 22:34 -------- d-----w- c:\program files\CCleaner

2011-10-13 21:31 . 2011-10-13 21:41 -------- d-----w- c:\users\dwillis\AppData\Local\File Renamer Basic

2011-10-08 00:30 . 2011-10-08 00:30 -------- d-----w- c:\users\dwillis\AppData\Roaming\Malwarebytes

2011-10-08 00:30 . 2011-10-08 00:30 -------- d-----w- c:\programdata\Malwarebytes

2011-10-08 00:30 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-08 00:30 . 2011-10-08 00:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-02 02:15 . 2011-09-02 02:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-24 18:28 . 2011-08-24 18:28 86528 ----a-w- c:\windows\system32\iesysprep.dll

2011-08-24 18:28 . 2011-08-24 18:28 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-08-24 18:28 . 2011-08-24 18:28 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-08-24 18:28 . 2011-08-24 18:28 74752 ----a-w- c:\windows\system32\iesetup.dll

2011-08-24 18:28 . 2011-08-24 18:28 63488 ----a-w- c:\windows\system32\tdc.ocx

2011-08-24 18:28 . 2011-08-24 18:28 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-08-24 18:28 . 2011-08-24 18:28 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-08-24 18:28 . 2011-08-24 18:28 367104 ----a-w- c:\windows\system32\html.iec

2011-08-24 18:28 . 2011-08-24 18:28 35840 ----a-w- c:\windows\system32\imgutil.dll

2011-08-24 18:28 . 2011-08-24 18:28 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-08-24 18:28 . 2011-08-24 18:28 23552 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-24 18:28 . 2011-08-24 18:28 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-08-24 18:28 . 2011-08-24 18:28 161792 ----a-w- c:\windows\system32\msls31.dll

2011-08-24 18:28 . 2011-08-24 18:28 152064 ----a-w- c:\windows\system32\wextract.exe

2011-08-24 18:28 . 2011-08-24 18:28 150528 ----a-w- c:\windows\system32\iexpress.exe

2011-08-24 18:28 . 2011-08-24 18:28 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2011-08-24 18:28 . 2011-08-24 18:28 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2011-08-24 18:28 . 2011-08-24 18:28 11776 ----a-w- c:\windows\system32\mshta.exe

2011-08-24 18:28 . 2011-08-24 18:28 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-08-24 18:28 . 2011-08-24 18:28 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-08-24 18:28 . 2011-08-24 18:28 101888 ----a-w- c:\windows\system32\admparse.dll

2011-08-24 17:30 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll

2011-08-19 22:47 . 2011-08-19 22:47 162928 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2011-08-19 22:47 . 2011-08-19 22:47 145936 ----a-w- c:\windows\system32\mfevtps.exe

2011-08-19 22:47 . 2011-08-19 22:47 74848 ----a-w- c:\windows\system32\MfeOtlkAddin.dll

2011-08-19 22:47 . 2011-08-19 22:47 22816 ----a-w- c:\windows\system32\MFEOtlk.dll

2011-08-19 22:47 . 2011-08-19 22:47 85152 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-08-19 22:47 . 2011-08-19 22:47 436728 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-08-19 22:47 . 2011-08-19 22:47 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-08-19 22:47 . 2011-08-19 22:47 58456 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-08-19 22:47 . 2011-08-19 22:47 171296 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-08-19 22:47 . 2011-08-19 22:47 116104 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-08-19 22:29 . 2011-08-19 22:29 411368 ----a-w- c:\windows\system32\deploytk.dll

2011-08-19 21:39 . 2011-08-19 21:40 495708 ----a-w- c:\windows\sttray.exe

2011-08-19 21:39 . 2011-08-19 11:54 431616 ----a-w- c:\windows\system32\drivers\stwrt.sys

2011-08-19 21:39 . 2011-08-19 21:40 1953792 ----a-w- c:\windows\system32\stlang.dll

2011-08-19 21:39 . 2011-08-19 11:54 934912 ----a-w- c:\windows\system32\stapo.dll

2011-08-19 21:39 . 2011-08-19 11:54 531968 ------w- c:\windows\system32\stapi32.dll

2011-08-19 21:39 . 2011-08-19 11:54 405504 ----a-w- c:\windows\system32\stcplx.dll

2011-08-19 21:39 . 2011-08-19 21:40 12705884 ----a-w- c:\windows\system32\idtcpl.cpl

2011-08-19 21:39 . 2011-08-19 21:40 179712 ----a-w- c:\windows\system32\staco.dll

2011-08-19 21:39 . 2011-08-19 21:40 380928 ----a-w- c:\windows\system32\aestecap.dll

2011-08-19 21:39 . 2011-08-19 21:40 86016 ----a-w- c:\windows\system32\AESTCom.dll

2011-08-19 21:39 . 2011-08-19 21:40 61440 ----a-w- c:\windows\system32\aestaren.dll

2011-08-19 21:39 . 2011-08-19 21:40 140288 ----a-w- c:\windows\system32\aestacap.dll

2011-08-19 20:37 . 2011-08-19 20:37 90112 ----a-w- c:\windows\system32\snymsico.dll

2011-08-19 20:37 . 2011-08-19 20:37 38400 ----a-w- c:\windows\system32\drivers\rixdptsk.sys

2011-08-19 20:37 . 2011-08-19 20:37 49152 ----a-w- c:\windows\system32\drivers\rismc32.sys

2011-08-19 20:37 . 2011-08-19 20:37 44544 ----a-w- c:\windows\system32\drivers\rimsptsk.sys

2011-08-19 20:37 . 2011-08-19 20:37 172032 ----a-w- c:\windows\system32\rixdicon.dll

2011-08-19 20:37 . 2011-08-19 20:37 48128 ----a-w- c:\windows\system32\drivers\rimmptsk.sys

2011-08-19 20:34 . 2011-08-19 20:34 6755840 ----a-w- c:\windows\system32\drivers\NETw5s32.sys

2011-08-19 20:34 . 2011-08-19 20:34 675840 ----a-w- c:\windows\system32\NETw5c32.dll

2011-08-19 20:34 . 2011-08-19 20:34 2756608 ----a-w- c:\windows\system32\NETw5r32.dll

2011-08-19 20:34 . 2011-08-19 20:34 313904 ----a-w- c:\windows\system32\vsnp2uvc.dll

2011-08-19 20:34 . 2011-08-19 20:34 27184 ----a-w- c:\windows\snuvcdsm.exe

2011-08-19 20:34 . 2011-08-19 20:34 1758464 ----a-w- c:\windows\system32\drivers\snp2uvc.sys

2011-08-19 20:34 . 2011-08-19 20:34 34480 ----a-w- c:\windows\system32\drivers\sncduvc.sys

2011-08-19 20:34 . 2011-08-19 20:34 256560 ----a-w- c:\windows\system32\rsnp2uvc.dll

2011-08-19 20:34 . 2011-08-19 20:34 213040 ----a-w- c:\windows\system32\csnp2uvc.dll

2011-08-19 20:34 . 2011-08-19 20:34 331288 ----a-w- c:\windows\system32\drivers\iaStor.sys

2011-08-19 20:33 . 2011-08-19 20:33 41088 ----a-w- c:\windows\system32\drivers\HECI.sys

2011-08-19 20:33 . 2011-08-19 20:33 28792 ----a-w- c:\windows\system32\NicCo36.dll

2011-08-19 20:32 . 2011-08-19 20:32 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll

2011-08-19 20:31 . 2011-08-19 20:31 13368 ----a-w- c:\windows\system32\HPMDPCoInst.dll

2011-08-09 13:56 . 2011-09-07 02:13 196608 ----a-w- c:\windows\system32\bzpdf.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-08-09 202040]

.

[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]

[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]

[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]

[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-08-19 495708]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]

"Steelhead Mobile"="c:\program files\Riverbed\Steelhead Mobile\shmobile.exe" [2011-04-09 4504064]

"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2010-02-18 136512]

"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-01-12 215360]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-05 137752]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-05 171032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-05 172568]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]

"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-18 976832]

"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-03 847872]

"LTCM Client"="c:\program files\LTCM Client\ltcmClient.exe" [2009-08-05 1596096]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]

.

c:\users\dwillis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Epson all-in-one Registration.lnk - d:\common\EpsonReg\EpsonReg.exe [N/A]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

ACEmessage Client.lnk - c:\program files\ACEmessage\Client\ACEclnt.exe [2009-3-5 335872]

client.lnk - c:\program files\avs\bin\avscc.exe [2010-9-10 5436768]

VPN Client.lnk - c:\windows\Installer\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}\Icon3E5562ED7.ico [2011-8-19 6144]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 TeamViewer5;TeamViewer 5; [x]

R3 dc21x4vm;dc21x4vm;c:\windows\system32\DRIVERS\dc21x4vm.sys [2009-07-13 52224]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-08-19 85152]

R3 qcfilterhp2k;Gobi 2000 USB Composite Device Filter Driver(03F0-251D);c:\windows\system32\DRIVERS\qcfilterhp2k.sys [2009-10-01 5248]

R3 qcusbnethp2k;Gobi 2000 USB-NDIS miniport(03F0-251D);c:\windows\system32\DRIVERS\qcusbnethp2k.sys [2009-10-01 201728]

R3 qcusbserhp2k;Gobi 2000 USB Device for Legacy Serial Communication(03F0-251D);c:\windows\system32\DRIVERS\qcusbserhp2k.sys [2009-10-01 106368]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-24 1343400]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-08-19 162928]

S1 rbtnfd_srv;Steelhead Mobile Filter Driver;c:\windows\system32\DRIVERS\rbtnfd.sys [2011-04-09 388608]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]

S2 ACEnwork;ACEmessage Network Client;c:\program files\ACEmessage\Client\ACEnwork.exe [2008-11-29 40960]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2011-08-19 81920]

S2 avbackup;Backup Agent;c:\program files\avs\bin\avagent.exe [2010-09-10 4965728]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 26168]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-08-19 145936]

S2 QDLService2kHP;Qualcomm Gobi 2000 Download Service (HP);c:\program files\QUALCOMM\QDLService2k\QDLService2kHP.exe [2009-10-01 330488]

S2 RVBD_SH_Mobile_Logger;Riverbed Steelhead Mobile Logger Service;c:\program files\Riverbed\Steelhead Mobile\rbtlogger.exe [2011-04-09 863232]

S2 RVBD_SH_Mobile_Monitor;Riverbed Steelhead Mobile Monitor Service;c:\program files\Riverbed\Steelhead Mobile\rbtmon.exe [2011-04-09 6164992]

S2 SMManager;HP Connection Manager Service;c:\program files\Hewlett-Packard\HP Connection Manager\SMManager.exe [2009-11-13 82760]

S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-12-14 1639728]

S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2008-07-25 370872]

S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]

S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2011-05-05 266408]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 132480]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-08-31 269824]

S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2011-08-19 6755840]

S3 rismc32;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismc32.sys [2011-08-19 49152]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000

Trusted Zone: dako.net\sharepoint1.caus

Trusted Zone: sharepoint1

Trusted Zone: dako.net\sharepoint1.caus

Trusted Zone: sharepoint1

TCP: DhcpNameServer = 192.168.100.2

TCP: Interfaces\{15527850-28E7-41F3-953E-365C0CAD22ED}: NameServer = 66.174.71.33 66.174.95.44

DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

HKCU-Run-MicrosoftManagerOnline - c:\programdata\MicrosoftManagerOnline.dll

HKLM-Run-HP Connection Manager.exe - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-11-03 15:18:38

ComboFix-quarantined-files.txt 2011-11-03 20:18

.

Pre-Run: 128,559,419,392 bytes free

Post-Run: 128,753,164,288 bytes free

.

- - End Of File - - 6ECA728A404CB8DB8E62B9DE1673B905

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by dwillis at 15:21:55 on 2011-11-03

Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.1903.658 [GMT -5:00]

.

AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\vcsFPService.exe

C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

C:\Program Files\ACEmessage\Client\ACEnwork.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\IDT\WDM\aestsrv.exe

C:\Program Files\avs\bin\avagent.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\mfevtps.exe

C:\Program Files\QUALCOMM\QDLService2k\QDLService2kHP.exe

C:\Program Files\Riverbed\Steelhead Mobile\rbtlogger.exe

C:\Program Files\McAfee\Common Framework\naPrdMgr.exe

C:\Program Files\Riverbed\Steelhead Mobile\rbtmon.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Windows\system32\CCM\CcmExec.exe

C:\Windows\system32\fxssvc.exe

C:\Program Files\Riverbed\Steelhead Mobile\rbtsport.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Hewlett-Packard\HP Connection Manager\SMManager.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\Dwm.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe

C:\Program Files\Riverbed\Steelhead Mobile\shmobile.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Epson Software\Event Manager\EEventManager.exe

C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe

C:\Program Files\ACEmessage\Client\ACEclnt.exe

C:\Program Files\avs\bin\avscc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE

C:\Windows\explorer.exe

C:\Program Files\McAfee\Common Framework\McScript_InUse.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Yahoo!\Companion\Installs\cpn0\ytbb.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com

uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn0\YTNavAssist.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110819154749.dll

BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll

TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe

mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start

mRun: [steelhead Mobile] c:\program files\riverbed\steelhead mobile\shmobile.exe

mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey

mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"

mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"

mRun: [LTCM Client] c:\program files\ltcm client\ltcmClient.exe /startup

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

StartupFolder: c:\users\dwillis\appdata\roaming\micros~1\windows\startm~1\programs\startup\epsona~1.lnk - d:\common\epsonreg\EpsonReg.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\acemes~1.lnk - c:\program files\acemessage\client\ACEclnt.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\client.lnk - c:\program files\avs\bin\avscc.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{21e247d4-5e27-4bea-aa4d-19a81203fe2a}\Icon3E5562ED7.ico

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL

Trusted Zone: dako.net\sharepoint1.caus

Trusted Zone: sharepoint1

Trusted Zone: dako.net\sharepoint1.caus

Trusted Zone: sharepoint1

DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

TCP: DhcpNameServer = 192.168.100.2

TCP: Interfaces\{15527850-28E7-41F3-953E-365C0CAD22ED} : NameServer = 66.174.71.33 66.174.95.44

TCP: Interfaces\{5FC1FB0F-A794-4976-AE20-01758701B182} : DhcpNameServer = 192.168.100.2

Notify: igfxcui - igfxdev.dll

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-8-19 436728]

R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-8-19 162928]

R1 rbtnfd_srv;Steelhead Mobile Filter Driver;c:\windows\system32\drivers\rbtnfd.sys [2011-8-19 388608]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-5-14 759048]

R2 ACEnwork;ACEmessage Network Client;c:\program files\acemessage\client\ACEnwork.exe [2008-11-29 40960]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]

R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2011-8-19 81920]

R2 avbackup;Backup Agent;c:\program files\avs\bin\avagent.exe [2010-9-10 4965728]

R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2011-5-13 26168]

R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2010-2-18 120128]

R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-8-19 159320]

R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2011-1-12 209760]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-8-19 145936]

R2 QDLService2kHP;Qualcomm Gobi 2000 Download Service (HP);c:\program files\qualcomm\qdlservice2k\QDLService2kHP.exe [2009-10-1 330488]

R2 RVBD_SH_Mobile_Logger;Riverbed Steelhead Mobile Logger Service;c:\program files\riverbed\steelhead mobile\rbtlogger.exe [2011-4-9 863232]

R2 RVBD_SH_Mobile_Monitor;Riverbed Steelhead Mobile Monitor Service;c:\program files\riverbed\steelhead mobile\rbtmon.exe [2011-4-9 6164992]

R2 SMManager;HP Connection Manager Service;c:\program files\hewlett-packard\hp connection manager\SMManager.exe [2009-11-13 82760]

R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-12-14 1639728]

R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2008-7-25 370872]

R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2011-8-19 228408]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2011-5-5 266408]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-2-26 132480]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-8-31 269824]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-8-19 171296]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-8-19 58456]

R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2011-8-19 6755840]

R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [2011-8-19 49152]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 TeamViewer5;TeamViewer 5; [x]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 dc21x4vm;dc21x4vm;c:\windows\system32\drivers\dc21x4vm.sys [2009-6-10 52224]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-8-19 85152]

S3 qcfilterhp2k;Gobi 2000 USB Composite Device Filter Driver(03F0-251D);c:\windows\system32\drivers\qcfilterhp2k.sys [2009-10-1 5248]

S3 qcusbnethp2k;Gobi 2000 USB-NDIS miniport(03F0-251D);c:\windows\system32\drivers\qcusbnethp2k.sys [2009-10-1 201728]

S3 qcusbserhp2k;Gobi 2000 USB Device for Legacy Serial Communication(03F0-251D);c:\windows\system32\drivers\qcusbserhp2k.sys [2009-10-1 106368]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-8-24 15872]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-8-24 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-8-24 1343400]

.

=============== Created Last 30 ================

.

2011-11-03 20:19:06 -------- d-sh--w- C:\$RECYCLE.BIN

2011-11-03 20:19:01 -------- d-----w- c:\users\dwillis\appdata\local\temp

2011-11-03 20:01:11 208896 ----a-w- c:\windows\MBR.exe

2011-11-03 20:01:09 518144 ----a-w- c:\windows\SWREG.exe

2011-11-03 20:01:09 256000 ----a-w- c:\windows\PEV.exe

2011-11-03 20:01:08 98816 ----a-w- c:\windows\sed.exe

2011-10-19 04:38:10 -------- d-----w- c:\program files\ESET

2011-10-13 22:34:25 -------- d-----w- c:\program files\CCleaner

2011-10-13 21:31:28 -------- d-----w- c:\users\dwillis\appdata\local\File Renamer Basic

2011-10-08 00:30:37 -------- d-----w- c:\users\dwillis\appdata\roaming\Malwarebytes

2011-10-08 00:30:20 -------- d-----w- c:\programdata\Malwarebytes

2011-10-08 00:30:16 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-08 00:30:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.

==================== Find3M ====================

.

2011-09-02 02:15:06 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-24 17:30:27 152576 ----a-w- c:\windows\system32\msclmd.dll

2011-08-19 22:47:13 162928 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2011-08-19 22:47:13 145936 ----a-w- c:\windows\system32\mfevtps.exe

2011-08-19 22:47:12 85152 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-08-19 22:47:12 74848 ----a-w- c:\windows\system32\MfeOtlkAddin.dll

2011-08-19 22:47:12 436728 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-08-19 22:47:12 22816 ----a-w- c:\windows\system32\MFEOtlk.dll

2011-08-19 22:47:11 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-08-19 22:47:11 58456 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-08-19 22:47:10 171296 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-08-19 22:47:09 116104 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-08-19 22:29:16 411368 ----a-w- c:\windows\system32\deploytk.dll

2011-08-19 21:39:50 495708 ----a-w- c:\windows\sttray.exe

2011-08-19 21:39:50 431616 ----a-w- c:\windows\system32\drivers\stwrt.sys

2011-08-19 21:39:49 934912 ----a-w- c:\windows\system32\stapo.dll

2011-08-19 21:39:49 531968 ------w- c:\windows\system32\stapi32.dll

2011-08-19 21:39:49 405504 ----a-w- c:\windows\system32\stcplx.dll

2011-08-19 21:39:49 1953792 ----a-w- c:\windows\system32\stlang.dll

2011-08-19 21:39:48 179712 ----a-w- c:\windows\system32\staco.dll

2011-08-19 21:39:48 12705884 ----a-w- c:\windows\system32\idtcpl.cpl

2011-08-19 21:39:46 380928 ----a-w- c:\windows\system32\aestecap.dll

2011-08-19 21:39:45 86016 ----a-w- c:\windows\system32\AESTCom.dll

2011-08-19 21:39:45 61440 ----a-w- c:\windows\system32\aestaren.dll

2011-08-19 21:39:45 140288 ----a-w- c:\windows\system32\aestacap.dll

2011-08-19 20:37:14 90112 ----a-w- c:\windows\system32\snymsico.dll

2011-08-19 20:37:14 38400 ----a-w- c:\windows\system32\drivers\rixdptsk.sys

2011-08-19 20:37:13 49152 ----a-w- c:\windows\system32\drivers\rismc32.sys

2011-08-19 20:37:13 44544 ----a-w- c:\windows\system32\drivers\rimsptsk.sys

2011-08-19 20:37:13 172032 ----a-w- c:\windows\system32\rixdicon.dll

2011-08-19 20:37:12 48128 ----a-w- c:\windows\system32\drivers\rimmptsk.sys

2011-08-19 20:34:40 6755840 ----a-w- c:\windows\system32\drivers\NETw5s32.sys

2011-08-19 20:34:39 675840 ----a-w- c:\windows\system32\NETw5c32.dll

2011-08-19 20:34:39 2756608 ----a-w- c:\windows\system32\NETw5r32.dll

2011-08-19 20:34:29 313904 ----a-w- c:\windows\system32\vsnp2uvc.dll

2011-08-19 20:34:29 27184 ----a-w- c:\windows\snuvcdsm.exe

2011-08-19 20:34:29 1758464 ----a-w- c:\windows\system32\drivers\snp2uvc.sys

2011-08-19 20:34:28 34480 ----a-w- c:\windows\system32\drivers\sncduvc.sys

2011-08-19 20:34:28 256560 ----a-w- c:\windows\system32\rsnp2uvc.dll

2011-08-19 20:34:28 213040 ----a-w- c:\windows\system32\csnp2uvc.dll

2011-08-19 20:34:01 331288 ----a-w- c:\windows\system32\drivers\iaStor.sys

2011-08-19 20:33:52 41088 ----a-w- c:\windows\system32\drivers\HECI.sys

2011-08-19 20:33:05 28792 ----a-w- c:\windows\system32\NicCo36.dll

2011-08-19 20:32:43 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll

2011-08-19 20:31:22 13368 ----a-w- c:\windows\system32\HPMDPCoInst.dll

2011-08-09 13:56:52 196608 ----a-w- c:\windows\system32\bzpdf.dll

.

============= FINISH: 15:22:20.20 ===============

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Link to post
Share on other sites

  • 2 weeks later...
  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.