Jump to content

redirects continue after malware removal


Recommended Posts

Hello:

I installed today the latest Malwarebytes Anti_Malware today and after removal of several infected files, my browsers are still being hijacked and redirected to the wrong/spam websites. I am running Windows 7 and MacAfee with latest updates (current as of today). Some attempted redirects are blocked by Anti-Malware but others are not. After removal of the infected files I ran another scan which reported zero files were infected. Any advice or assistance in dealing with this virus/malware infection would be greatly appreciated! Per instructions on this forum I ran dds and produced the following DDS.txt and Attach.txt reports:

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_23

Run by Larry at 15:10:47 on 2011-10-19

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.6317 [GMT -4:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe

C:\Windows\system32\mfevtps.exe

C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\SoftwareForMe Inc\PhoneMyPC\PhoneMyPC_Helper.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\PROGRA~2\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\System32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

mWinlogon: Userinit=userinit.exe,

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111011223024.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [intelOnlineNotifier] rundll32.exe "C:\ProgramData\IntelOnlineNotifier.dll",DllRegisterServer

mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SQUEEZ~1.LNK - C:\Program Files (x86)\Squeezebox\SqueezeTray.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

mPolicies-system: SoftwareSASGeneration = 1 (0x1)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

Trusted Zone: intuit.com\ttlc

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {72376E32-8AF2-473F-BE32-E5D0F39C865D} - hxxp://www.cyberlink.com/prog/win7/js/UpdateAdvisor.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1

TCP: Interfaces\{0F478E02-66EE-4BA3-A413-D62BA21F1E60} : DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO-X64: McAfee Phishing Filter - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111011223024.dll

BHO-X64: scriptproxy - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun-x64: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot

mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\sw9njm8h.default\

FF - prefs.js: browser.search.selectedEngine - Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]

R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2011/04/12 18:08:49];C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [2010-3-2 146928]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 HerculesDJControlMP3;Hercules DJ Control MP3;C:\Program Files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE [2011-6-3 20480]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-19 366152]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2011-8-29 102608]

R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-6-14 249936]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-6-14 249936]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-6-14 249936]

R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-10-11 199008]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-10-11 208272]

R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]

R2 MotoConnect Service;MotoConnect Service;C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-7-21 91456]

R2 PhoneMyPC_Helper;PhoneMyPC_Helper;C:\Program Files\SoftwareForMe Inc\PhoneMyPC\PhoneMyPC_Helper.exe [2010-8-22 31232]

R2 SqueezeMySQL;SqueezeMySQL;C:\PROGRA~2\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe --defaults-file=C:\PROGRA~3\SQUEEZ~1\Cache\my.cnf SqueezeMySQL --> C:\PROGRA~2\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe --defaults-file=C:\PROGRA~3\SQUEEZ~1\Cache\my.cnf SqueezeMySQL [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 Bulk;HDJBulk;C:\Windows\system32\Drivers\HDJBulk.sys --> C:\Windows\system32\Drivers\HDJBulk.sys [?]

R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]

R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\system32\DRIVERS\vrtaucbl.sys --> C:\Windows\system32\DRIVERS\vrtaucbl.sys [?]

R3 evserial;Virtual Serial Ports Driver (Eltima Softwate);C:\Windows\system32\DRIVERS\evserial.sys --> C:\Windows\system32\DRIVERS\evserial.sys [?]

R3 FlexRadio;FlexRadio;C:\Windows\system32\Drivers\FlexRadio.sys --> C:\Windows\system32\Drivers\FlexRadio.sys [?]

R3 FlexRadioAudio;FlexRadio Audio;C:\Windows\system32\drivers\FlexRadioAudio.sys --> C:\Windows\system32\drivers\FlexRadioAudio.sys [?]

R3 FlexRadioMidi;FlexRadio MIDI;C:\Windows\system32\drivers\FlexRadioMidi.sys --> C:\Windows\system32\drivers\FlexRadioMidi.sys [?]

R3 HDJMidi;DJ Control MP3 e2 MIDI;C:\Windows\system32\DRIVERS\HDJMidi.sys --> C:\Windows\system32\DRIVERS\HDJMidi.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);C:\Windows\system32\DRIVERS\evsbc.sys --> C:\Windows\system32\DRIVERS\evsbc.sys [?]

S2 CLKMSVC10_1628BCEA;CyberLink Product - 2011/04/12 18:08:46;C:\Program Files (x86)\CyberLink\PowerDVD DX\Kernel\BD\NavFilter\kmsvc.exe [2011-4-12 240360]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SessionLauncher;SessionLauncher;C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]

S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\system32\DRIVERS\motfilt.sys --> C:\Windows\system32\DRIVERS\motfilt.sys [?]

S3 MADFUTRANSIT;Service for M-Audio Transit DFU;C:\Windows\system32\DRIVERS\MAudioTransit_DFU.sys --> C:\Windows\system32\DRIVERS\MAudioTransit_DFU.sys [?]

S3 MAUSBTRANSIT;Service for M-Audio Transit;C:\Windows\system32\DRIVERS\MAudioTransit.sys --> C:\Windows\system32\DRIVERS\MAudioTransit.sys [?]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys --> C:\Windows\system32\DRIVERS\motccgp.sys [?]

S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys --> C:\Windows\system32\DRIVERS\motccgpfl.sys [?]

S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\system32\DRIVERS\Motousbnet.sys --> C:\Windows\system32\DRIVERS\Motousbnet.sys [?]

S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\system32\DRIVERS\motusbdevice.sys --> C:\Windows\system32\DRIVERS\motusbdevice.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]

S4 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-6-10 309744]

S4 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-6-10 1124848]

S4 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-6-10 166384]

S4 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-3-2 656624]

.

=============== Created Last 30 ================

.

2011-10-19 16:56:40 -------- d-----w- C:\Users\Larry\AppData\Roaming\Malwarebytes

2011-10-19 16:56:34 -------- d-----w- C:\ProgramData\Malwarebytes

2011-10-19 16:56:31 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-10-19 16:56:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-10-18 19:23:15 201216 ----a-w- C:\ProgramData\IntelOnlineNotifier.dll

2011-10-18 06:51:17 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9DABF2FB-250B-4270-9B34-EDCB27B03931}\offreg.dll

2011-10-18 06:51:16 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9DABF2FB-250B-4270-9B34-EDCB27B03931}\mpengine.dll

2011-10-12 02:30:24 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys

2011-10-12 02:30:24 28504 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll

2011-10-12 02:30:19 283744 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys

2011-10-12 02:30:18 75672 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys

2011-10-12 02:30:18 65128 ----a-w- C:\Windows\System32\drivers\cfwids.sys

2011-10-12 02:30:18 481504 ----a-w- C:\Windows\System32\drivers\mfefirek.sys

2011-10-12 02:30:18 228752 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys

2011-10-12 02:30:18 100904 ----a-w- C:\Windows\System32\drivers\mferkdet.sys

.

==================== Find3M ====================

.

2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-09-06 11:28:13 62632 ----a-w- C:\Windows\System32\drivers\vrtaucbl.sys

2011-09-06 03:03:17 3138048 ----a-w- C:\Windows\System32\win32k.sys

2011-08-27 05:37:49 861696 ----a-w- C:\Windows\System32\oleaut32.dll

2011-08-27 05:37:48 331776 ----a-w- C:\Windows\System32\oleacc.dll

2011-08-27 04:26:27 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2011-08-27 04:26:27 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll

2011-08-20 05:37:58 1188864 ----a-w- C:\Windows\System32\wininet.dll

2011-08-20 04:31:05 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-08-19 19:59:28 158832 ----a-w- C:\Windows\System32\mfevtps.exe

2011-08-17 05:26:46 613888 ----a-w- C:\Windows\System32\psisdecd.dll

2011-08-17 05:25:08 108032 ----a-w- C:\Windows\System32\psisrndr.ax

2011-08-17 04:24:12 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll

2011-08-17 04:19:27 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax

2011-08-15 14:00:06 642824 ----a-w- C:\Windows\System32\drivers\mfehidk.sys

2011-08-15 14:00:06 158584 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys

.

============= FINISH: 15:11:09.08 ===============

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_23

Run by Larry at 15:10:47 on 2011-10-19

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.6317 [GMT -4:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe

C:\Windows\system32\mfevtps.exe

C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\SoftwareForMe Inc\PhoneMyPC\PhoneMyPC_Helper.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\PROGRA~2\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\System32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

mWinlogon: Userinit=userinit.exe,

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111011223024.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [intelOnlineNotifier] rundll32.exe "C:\ProgramData\IntelOnlineNotifier.dll",DllRegisterServer

mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SQUEEZ~1.LNK - C:\Program Files (x86)\Squeezebox\SqueezeTray.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

mPolicies-system: SoftwareSASGeneration = 1 (0x1)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

Trusted Zone: intuit.com\ttlc

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {72376E32-8AF2-473F-BE32-E5D0F39C865D} - hxxp://www.cyberlink.com/prog/win7/js/UpdateAdvisor.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1

TCP: Interfaces\{0F478E02-66EE-4BA3-A413-D62BA21F1E60} : DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO-X64: McAfee Phishing Filter - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111011223024.dll

BHO-X64: scriptproxy - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun-x64: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot

mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\sw9njm8h.default\

FF - prefs.js: browser.search.selectedEngine - Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]

R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2011/04/12 18:08:49];C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [2010-3-2 146928]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 HerculesDJControlMP3;Hercules DJ Control MP3;C:\Program Files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE [2011-6-3 20480]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-19 366152]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2011-8-29 102608]

R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-6-14 249936]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-6-14 249936]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-6-14 249936]

R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-10-11 199008]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-10-11 208272]

R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]

R2 MotoConnect Service;MotoConnect Service;C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-7-21 91456]

R2 PhoneMyPC_Helper;PhoneMyPC_Helper;C:\Program Files\SoftwareForMe Inc\PhoneMyPC\PhoneMyPC_Helper.exe [2010-8-22 31232]

R2 SqueezeMySQL;SqueezeMySQL;C:\PROGRA~2\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe --defaults-file=C:\PROGRA~3\SQUEEZ~1\Cache\my.cnf SqueezeMySQL --> C:\PROGRA~2\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe --defaults-file=C:\PROGRA~3\SQUEEZ~1\Cache\my.cnf SqueezeMySQL [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 Bulk;HDJBulk;C:\Windows\system32\Drivers\HDJBulk.sys --> C:\Windows\system32\Drivers\HDJBulk.sys [?]

R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]

R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\system32\DRIVERS\vrtaucbl.sys --> C:\Windows\system32\DRIVERS\vrtaucbl.sys [?]

R3 evserial;Virtual Serial Ports Driver (Eltima Softwate);C:\Windows\system32\DRIVERS\evserial.sys --> C:\Windows\system32\DRIVERS\evserial.sys [?]

R3 FlexRadio;FlexRadio;C:\Windows\system32\Drivers\FlexRadio.sys --> C:\Windows\system32\Drivers\FlexRadio.sys [?]

R3 FlexRadioAudio;FlexRadio Audio;C:\Windows\system32\drivers\FlexRadioAudio.sys --> C:\Windows\system32\drivers\FlexRadioAudio.sys [?]

R3 FlexRadioMidi;FlexRadio MIDI;C:\Windows\system32\drivers\FlexRadioMidi.sys --> C:\Windows\system32\drivers\FlexRadioMidi.sys [?]

R3 HDJMidi;DJ Control MP3 e2 MIDI;C:\Windows\system32\DRIVERS\HDJMidi.sys --> C:\Windows\system32\DRIVERS\HDJMidi.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);C:\Windows\system32\DRIVERS\evsbc.sys --> C:\Windows\system32\DRIVERS\evsbc.sys [?]

S2 CLKMSVC10_1628BCEA;CyberLink Product - 2011/04/12 18:08:46;C:\Program Files (x86)\CyberLink\PowerDVD DX\Kernel\BD\NavFilter\kmsvc.exe [2011-4-12 240360]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SessionLauncher;SessionLauncher;C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]

S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\system32\DRIVERS\motfilt.sys --> C:\Windows\system32\DRIVERS\motfilt.sys [?]

S3 MADFUTRANSIT;Service for M-Audio Transit DFU;C:\Windows\system32\DRIVERS\MAudioTransit_DFU.sys --> C:\Windows\system32\DRIVERS\MAudioTransit_DFU.sys [?]

S3 MAUSBTRANSIT;Service for M-Audio Transit;C:\Windows\system32\DRIVERS\MAudioTransit.sys --> C:\Windows\system32\DRIVERS\MAudioTransit.sys [?]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys --> C:\Windows\system32\DRIVERS\motccgp.sys [?]

S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys --> C:\Windows\system32\DRIVERS\motccgpfl.sys [?]

S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\system32\DRIVERS\Motousbnet.sys --> C:\Windows\system32\DRIVERS\Motousbnet.sys [?]

S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\system32\DRIVERS\motusbdevice.sys --> C:\Windows\system32\DRIVERS\motusbdevice.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]

S4 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-6-10 309744]

S4 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-6-10 1124848]

S4 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-6-10 166384]

S4 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-3-2 656624]

.

=============== Created Last 30 ================

.

2011-10-19 16:56:40 -------- d-----w- C:\Users\Larry\AppData\Roaming\Malwarebytes

2011-10-19 16:56:34 -------- d-----w- C:\ProgramData\Malwarebytes

2011-10-19 16:56:31 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-10-19 16:56:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-10-18 19:23:15 201216 ----a-w- C:\ProgramData\IntelOnlineNotifier.dll

2011-10-18 06:51:17 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9DABF2FB-250B-4270-9B34-EDCB27B03931}\offreg.dll

2011-10-18 06:51:16 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9DABF2FB-250B-4270-9B34-EDCB27B03931}\mpengine.dll

2011-10-12 02:30:24 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys

2011-10-12 02:30:24 28504 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll

2011-10-12 02:30:19 283744 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys

2011-10-12 02:30:18 75672 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys

2011-10-12 02:30:18 65128 ----a-w- C:\Windows\System32\drivers\cfwids.sys

2011-10-12 02:30:18 481504 ----a-w- C:\Windows\System32\drivers\mfefirek.sys

2011-10-12 02:30:18 228752 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys

2011-10-12 02:30:18 100904 ----a-w- C:\Windows\System32\drivers\mferkdet.sys

.

==================== Find3M ====================

.

2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-09-06 11:28:13 62632 ----a-w- C:\Windows\System32\drivers\vrtaucbl.sys

2011-09-06 03:03:17 3138048 ----a-w- C:\Windows\System32\win32k.sys

2011-08-27 05:37:49 861696 ----a-w- C:\Windows\System32\oleaut32.dll

2011-08-27 05:37:48 331776 ----a-w- C:\Windows\System32\oleacc.dll

2011-08-27 04:26:27 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2011-08-27 04:26:27 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll

2011-08-20 05:37:58 1188864 ----a-w- C:\Windows\System32\wininet.dll

2011-08-20 04:31:05 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-08-19 19:59:28 158832 ----a-w- C:\Windows\System32\mfevtps.exe

2011-08-17 05:26:46 613888 ----a-w- C:\Windows\System32\psisdecd.dll

2011-08-17 05:25:08 108032 ----a-w- C:\Windows\System32\psisrndr.ax

2011-08-17 04:24:12 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll

2011-08-17 04:19:27 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax

2011-08-15 14:00:06 642824 ----a-w- C:\Windows\System32\drivers\mfehidk.sys

2011-08-15 14:00:06 158584 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys

.

============= FINISH: 15:11:09.08 ===============

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

Thank you very much for your reply. I had one issue. I disabled MacAfee for 60 minutes, but combofix rebooted the computer after the scan was complete (about 5 minutes) and then generated the log file. I didn't see in the combofix manual that it mentions the reboot. MacAfee was automatically turned back on with the reboot and it apparently tried to block combofix after the log file was created. I checked ok to run whatever routine it was trying to perform. Here are the requested logs:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7990

Windows 6.1.7601 Service Pack 1

Internet Explorer 8.0.7601.17514

10/20/2011 7:21:07 PM

mbam-log-2011-10-20 (19-21-07).txt

Scan type: Quick scan

Objects scanned: 192424

Time elapsed: 7 minute(s), 33 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

ComboFix 11-10-24.02 - Larry 10/24/2011 7:27.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.6240 [GMT -4:00]

Running from: c:\users\Larry\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\WinPCap

c:\programdata\IntelOnlineNotifier.dll

c:\users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\sw9njm8h.default\extensions\{fc0aac36-f340-44c1-877f-7d3a377542ab}

c:\users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\sw9njm8h.default\extensions\{fc0aac36-f340-44c1-877f-7d3a377542ab}\chrome.manifest

c:\users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\sw9njm8h.default\extensions\{fc0aac36-f340-44c1-877f-7d3a377542ab}\chrome\xulcache.jar

c:\users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\sw9njm8h.default\extensions\{fc0aac36-f340-44c1-877f-7d3a377542ab}\defaults\preferences\xulcache.js

c:\users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\sw9njm8h.default\extensions\{fc0aac36-f340-44c1-877f-7d3a377542ab}\install.rdf

c:\users\Larry\Documents\passport.JPG~RF1740e5d1.TMP

c:\users\Larry\g2mdlhlpx.exe

c:\users\Larry\GoToAssistDownloadHelper.exe

c:\windows\system32\jucheck.exe

c:\windows\system32\jusched.exe

c:\windows\SysWow64\zip32.dll

.

.

((((((((((((((((((((((((( Files Created from 2011-09-24 to 2011-10-24 )))))))))))))))))))))))))))))))

.

.

2011-10-24 11:33 . 2011-10-24 11:33 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-10-21 10:35 . 2011-10-21 10:35 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0755E705-2DF0-41C7-AAED-F44ADC7F406D}\offreg.dll

2011-10-21 10:35 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0755E705-2DF0-41C7-AAED-F44ADC7F406D}\mpengine.dll

2011-10-19 16:56 . 2011-10-19 16:56 -------- d-----w- c:\users\Larry\AppData\Roaming\Malwarebytes

2011-10-19 16:56 . 2011-10-19 16:56 -------- d-----w- c:\programdata\Malwarebytes

2011-10-19 16:56 . 2011-08-31 21:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-19 16:56 . 2011-10-19 16:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-10-12 02:30 . 2011-10-06 20:42 28504 ----a-w- c:\program files (x86)\Mozilla Firefox\ScriptFF.dll

2011-10-12 02:30 . 2011-08-15 14:00 9984 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-10-12 02:30 . 2011-08-15 14:00 283744 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2011-10-12 02:30 . 2011-08-15 14:00 75672 ----a-w- c:\windows\system32\drivers\mfenlfk.sys

2011-10-12 02:30 . 2011-08-15 14:00 65128 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-10-12 02:30 . 2011-08-15 14:00 481504 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-10-12 02:30 . 2011-08-15 14:00 228752 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-10-12 02:30 . 2011-08-15 14:00 100904 ----a-w- c:\windows\system32\drivers\mferkdet.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-06 11:28 . 2011-09-06 11:28 62632 ----a-w- c:\windows\system32\drivers\vrtaucbl.sys

2011-08-19 19:59 . 2011-06-10 11:52 158832 ----a-w- c:\windows\system32\mfevtps.exe

2011-08-15 14:00 . 2011-03-13 15:20 642824 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-08-15 14:00 . 2011-03-13 15:20 158584 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2011-03-01 144616]

"Hercules DJ Series"="c:\program files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe" [2011-01-25 1675048]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-16 1674896]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Squeezebox Server Tray Tool.lnk - c:\program files (x86)\Squeezebox\SqueezeTray.exe [2010-3-10 2351191]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"SoftwareSASGeneration"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R1 WDMQUA;Service for QUARTET Audio Driver;c:\windows\system32\DRIVERS\wdmqua64.sys [x]

R2 CLKMSVC10_1628BCEA;CyberLink Product - 2011/04/12 18:08;c:\program files (x86)\CyberLink\PowerDVD DX\Kernel\BD\NavFilter\kmsvc.exe [2011-03-01 240360]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]

R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]

R3 cpuz130;cpuz130;c:\users\Larry\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]

R3 MADFUTRANSIT;Service for M-Audio Transit DFU;c:\windows\system32\DRIVERS\MAudioTransit_DFU.sys [x]

R3 MAUSBTRANSIT;Service for M-Audio Transit;c:\windows\system32\DRIVERS\MAudioTransit.sys [x]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]

R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]

R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]

R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]

R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]

R4 RoxLiveShare10;LiveShare P2P Server 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-06-10 309744]

R4 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-10 1124848]

R4 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-06-10 166384]

R4 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-12-02 656624]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]

S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]

S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2011/04/12 18:08];c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl [2009-05-11 21:59 146928]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 HerculesDJControlMP3;Hercules DJ Control MP3;c:\program files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE [2011-03-15 20480]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [2011-08-10 102608]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-06 208272]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]

S2 MotoConnect Service;MotoConnect Service;c:\program files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-06-24 91456]

S2 PhoneMyPC_Helper;PhoneMyPC_Helper;c:\program files\SoftwareForMe Inc\PhoneMyPC\PhoneMyPC_Helper.exe [2011-05-05 31232]

S2 SqueezeMySQL;SqueezeMySQL;c:\progra~2\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe [2010-12-13 4149248]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys [x]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]

S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [x]

S3 evserial;Virtual Serial Ports Driver (Eltima Softwate);c:\windows\system32\DRIVERS\evserial.sys [x]

S3 FlexRadio;FlexRadio;c:\windows\system32\Drivers\FlexRadio.sys [x]

S3 FlexRadioAudio;FlexRadio Audio;c:\windows\system32\drivers\FlexRadioAudio.sys [x]

S3 FlexRadioMidi;FlexRadio MIDI;c:\windows\system32\drivers\FlexRadioMidi.sys [x]

S3 HDJMidi;DJ Control MP3 e2 MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);c:\windows\system32\DRIVERS\evsbc.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - CLKMDRV10_1628BCEA

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1

DPF: {72376E32-8AF2-473F-BE32-E5D0F39C865D} - hxxp://www.cyberlink.com/prog/win7/js/UpdateAdvisor.cab

FF - ProfilePath - c:\users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\sw9njm8h.default\

FF - prefs.js: browser.search.selectedEngine - Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-IntelOnlineNotifier - c:\programdata\IntelOnlineNotifier.dll

Toolbar-Locked - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]

"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\SysWOW64\rundll32.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files (x86)\Motorola\MotoConnectService\MotoConnect.exe

c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

.

**************************************************************************

.

Completion time: 2011-10-24 07:39:31 - machine was rebooted

ComboFix-quarantined-files.txt 2011-10-24 11:39

.

Pre-Run: 493,570,056,192 bytes free

Post-Run: 495,788,077,056 bytes free

.

- - End Of File - - A3572F252066B44ADA179EB696EC2CBE

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_23

Run by Larry at 7:49:29 on 2011-10-24

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.6566 [GMT -4:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe

C:\Windows\system32\mfevtps.exe

C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\SoftwareForMe Inc\PhoneMyPC\PhoneMyPC_Helper.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\system32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\PROGRA~2\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files\Common Files\McAfee\Core\mchost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111011223024.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SQUEEZ~1.LNK - C:\Program Files (x86)\Squeezebox\SqueezeTray.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: SoftwareSASGeneration = 1 (0x1)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

Trusted Zone: intuit.com\ttlc

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {72376E32-8AF2-473F-BE32-E5D0F39C865D} - hxxp://www.cyberlink.com/prog/win7/js/UpdateAdvisor.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1

TCP: Interfaces\{0F478E02-66EE-4BA3-A413-D62BA21F1E60} : DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO-X64: McAfee Phishing Filter - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111011223024.dll

BHO-X64: scriptproxy - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun-x64: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot

mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\sw9njm8h.default\

FF - prefs.js: browser.search.selectedEngine - Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]

R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2011/04/12 18:08:49];C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [2010-3-2 146928]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 HerculesDJControlMP3;Hercules DJ Control MP3;C:\Program Files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE [2011-6-3 20480]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-19 366152]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2011-8-29 102608]

R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-6-14 249936]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-6-14 249936]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-6-14 249936]

R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-10-11 199008]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-10-11 208272]

R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]

R2 MotoConnect Service;MotoConnect Service;C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-7-21 91456]

R2 PhoneMyPC_Helper;PhoneMyPC_Helper;C:\Program Files\SoftwareForMe Inc\PhoneMyPC\PhoneMyPC_Helper.exe [2010-8-22 31232]

R2 SqueezeMySQL;SqueezeMySQL;C:\PROGRA~2\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe --defaults-file=C:\PROGRA~3\SQUEEZ~1\Cache\my.cnf SqueezeMySQL --> C:\PROGRA~2\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe --defaults-file=C:\PROGRA~3\SQUEEZ~1\Cache\my.cnf SqueezeMySQL [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 Bulk;HDJBulk;C:\Windows\system32\Drivers\HDJBulk.sys --> C:\Windows\system32\Drivers\HDJBulk.sys [?]

R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]

R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\system32\DRIVERS\vrtaucbl.sys --> C:\Windows\system32\DRIVERS\vrtaucbl.sys [?]

R3 evserial;Virtual Serial Ports Driver (Eltima Softwate);C:\Windows\system32\DRIVERS\evserial.sys --> C:\Windows\system32\DRIVERS\evserial.sys [?]

R3 FlexRadio;FlexRadio;C:\Windows\system32\Drivers\FlexRadio.sys --> C:\Windows\system32\Drivers\FlexRadio.sys [?]

R3 FlexRadioAudio;FlexRadio Audio;C:\Windows\system32\drivers\FlexRadioAudio.sys --> C:\Windows\system32\drivers\FlexRadioAudio.sys [?]

R3 FlexRadioMidi;FlexRadio MIDI;C:\Windows\system32\drivers\FlexRadioMidi.sys --> C:\Windows\system32\drivers\FlexRadioMidi.sys [?]

R3 HDJMidi;DJ Control MP3 e2 MIDI;C:\Windows\system32\DRIVERS\HDJMidi.sys --> C:\Windows\system32\DRIVERS\HDJMidi.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);C:\Windows\system32\DRIVERS\evsbc.sys --> C:\Windows\system32\DRIVERS\evsbc.sys [?]

S2 CLKMSVC10_1628BCEA;CyberLink Product - 2011/04/12 18:08:46;C:\Program Files (x86)\CyberLink\PowerDVD DX\Kernel\BD\NavFilter\kmsvc.exe [2011-4-12 240360]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SessionLauncher;SessionLauncher;C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]

S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\system32\DRIVERS\motfilt.sys --> C:\Windows\system32\DRIVERS\motfilt.sys [?]

S3 MADFUTRANSIT;Service for M-Audio Transit DFU;C:\Windows\system32\DRIVERS\MAudioTransit_DFU.sys --> C:\Windows\system32\DRIVERS\MAudioTransit_DFU.sys [?]

S3 MAUSBTRANSIT;Service for M-Audio Transit;C:\Windows\system32\DRIVERS\MAudioTransit.sys --> C:\Windows\system32\DRIVERS\MAudioTransit.sys [?]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys --> C:\Windows\system32\DRIVERS\motccgp.sys [?]

S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys --> C:\Windows\system32\DRIVERS\motccgpfl.sys [?]

S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\system32\DRIVERS\Motousbnet.sys --> C:\Windows\system32\DRIVERS\Motousbnet.sys [?]

S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\system32\DRIVERS\motusbdevice.sys --> C:\Windows\system32\DRIVERS\motusbdevice.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]

S4 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-6-10 309744]

S4 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-6-10 1124848]

S4 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-6-10 166384]

S4 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-3-2 656624]

.

=============== Created Last 30 ================

.

2011-10-24 11:35:31 -------- d-----w- C:\$RECYCLE.BIN

2011-10-24 11:26:36 98816 ----a-w- C:\Windows\sed.exe

2011-10-24 11:26:36 518144 ----a-w- C:\Windows\SWREG.exe

2011-10-24 11:26:36 256000 ----a-w- C:\Windows\PEV.exe

2011-10-24 11:26:36 208896 ----a-w- C:\Windows\MBR.exe

2011-10-24 11:26:33 -------- d-----w- C:\ComboFix

2011-10-21 10:35:57 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0755E705-2DF0-41C7-AAED-F44ADC7F406D}\mpengine.dll

2011-10-21 10:35:57 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0755E705-2DF0-41C7-AAED-F44ADC7F406D}\offreg.dll

2011-10-19 16:56:40 -------- d-----w- C:\Users\Larry\AppData\Roaming\Malwarebytes

2011-10-19 16:56:34 -------- d-----w- C:\ProgramData\Malwarebytes

2011-10-19 16:56:31 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-10-19 16:56:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-10-12 02:30:24 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys

2011-10-12 02:30:24 28504 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll

2011-10-12 02:30:19 283744 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys

2011-10-12 02:30:18 75672 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys

2011-10-12 02:30:18 65128 ----a-w- C:\Windows\System32\drivers\cfwids.sys

2011-10-12 02:30:18 481504 ----a-w- C:\Windows\System32\drivers\mfefirek.sys

2011-10-12 02:30:18 228752 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys

2011-10-12 02:30:18 100904 ----a-w- C:\Windows\System32\drivers\mferkdet.sys

.

==================== Find3M ====================

.

2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-09-06 11:28:13 62632 ----a-w- C:\Windows\System32\drivers\vrtaucbl.sys

2011-09-06 03:03:17 3138048 ----a-w- C:\Windows\System32\win32k.sys

2011-08-27 05:37:49 861696 ----a-w- C:\Windows\System32\oleaut32.dll

2011-08-27 05:37:48 331776 ----a-w- C:\Windows\System32\oleacc.dll

2011-08-27 04:26:27 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2011-08-27 04:26:27 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll

2011-08-20 05:37:58 1188864 ----a-w- C:\Windows\System32\wininet.dll

2011-08-20 04:31:05 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-08-19 19:59:28 158832 ----a-w- C:\Windows\System32\mfevtps.exe

2011-08-17 05:26:46 613888 ----a-w- C:\Windows\System32\psisdecd.dll

2011-08-17 05:25:08 108032 ----a-w- C:\Windows\System32\psisrndr.ax

2011-08-17 04:24:12 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll

2011-08-17 04:19:27 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax

2011-08-15 14:00:06 642824 ----a-w- C:\Windows\System32\drivers\mfehidk.sys

2011-08-15 14:00:06 158584 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys

.

============= FINISH: 7:50:25.37 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 3/9/2010 4:49:36 PM

System Uptime: 10/24/2011 7:43:20 AM (0 hours ago)

.

Motherboard: DELL Inc. | | 0X501H

Processor: Intel® Core i7 CPU 920 @ 2.67GHz | CPU 1 | 2668/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 587 GiB total, 461.84 GiB free.

D: is CDROM ()

E: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {6bdd1fc1-810f-11d0-bec7-08002be2092f}

Description: 1394 OHCI Compliant Host Controller

Device ID: PCI\VEN_197B&DEV_2380&SUBSYS_02B71028&REV_00\4&380C3CBC&0&00E4

Manufacturer: 1394 OHCI Compliant Host Controller

Name: 1394 OHCI Compliant Host Controller

PNP Device ID: PCI\VEN_197B&DEV_2380&SUBSYS_02B71028&REV_00\4&380C3CBC&0&00E4

Service: 1394ohci

.

==== System Restore Points ===================

.

RP153: 9/26/2011 4:47:22 PM - Removed APC PowerChute Personal Edition 3.0

RP154: 9/27/2011 3:45:35 AM - Windows Update

RP155: 9/28/2011 3:00:10 AM - Windows Update

RP156: 9/29/2011 8:24:09 PM - Installed FlexRadio Systems PowerSDR 2.2.3.

RP157: 10/2/2011 12:00:24 AM - Windows Backup

RP158: 10/4/2011 8:18:19 AM - Windows Update

RP159: 10/9/2011 12:00:21 AM - Windows Backup

RP160: 10/11/2011 5:15:01 AM - Windows Update

RP161: 10/14/2011 3:00:44 AM - Windows Update

RP162: 10/16/2011 12:00:30 AM - Windows Backup

RP163: 10/18/2011 2:50:51 AM - Windows Update

RP164: 10/21/2011 6:35:36 AM - Windows Update

RP165: 10/24/2011 7:26:39 AM - ComboFix created restore point

.

==== Installed Programs ======================

.

.

Update for Microsoft Office 2007 (KB2508958)

7500_7600_7700_Help

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.2

AGEIA PhysX v7.09.13

Apple Application Support

Apple Software Update

bpd_scan

BPDSoftware

BPDSoftware_Ini

BufferChm

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Cisco Connect

Commander

D3DX10

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell DataSafe Online

Dell Driver Download Manager

Dell Getting Started Guide

Dell Support Center (Support Software)

Destinations

DeviceDiscovery

DirectXInstallService

DocProc

DXKeeper

DXLabLauncher

Fax

Fldigi 3.21.9

FlexRadio Systems PowerSDR 2.0.22

FlexRadio Systems PowerSDR 2.2.3

foobar2000 v1.0.2.1

GPBaseService2

Hercules DJ Products Series drivers

HP Update

HPProductAssistant

Java Auto Updater

Java 6 Update 23

Junk Mail filter update

L7500

Malwarebytes' Anti-Malware version 1.51.2.1300

MarketResearch

McAfee SecurityCenter

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

MotoConnect

Mozilla Firefox 7.0.1 (x86 en-US)

MPM

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Pathfinder

PowerDVD DX

ProductContext

QualXServ Service Agreement

QuickTime

Realtek High Definition Audio Driver

Roxio Activation Module

Roxio CinePlayer Decoder Pack

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator Premier

Roxio Creator Premier 10

Roxio Creator Tools

Roxio Express Labeler 3

Roxio Update Manager

Scan

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2553074)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Excel 2007 (KB2553073)

Security Update for Microsoft Office Groove 2007 (KB2552997)

Security Update for Microsoft Office InfoPath 2007 (KB2510061)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2535818)

Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)

Security Update for Microsoft Office Publisher 2007 (KB2284697)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Skins

SmartWebPrinting

SolutionCenter

Spelling Dictionaries Support For Adobe Reader 9

Squeezebox Server 7.5.2

Status

Switch Sound File Converter

Toolbox

TrayApp

TurboTax 2009

TurboTax 2009 WinPerFedFormset

TurboTax 2009 WinPerReleaseEngine

TurboTax 2009 WinPerTaxSupport

TurboTax 2009 wmeiper

TurboTax 2009 wrapper

TurboTax 2010

TurboTax 2010 WinPerFedFormset

TurboTax 2010 WinPerReleaseEngine

TurboTax 2010 WinPerTaxSupport

TurboTax 2010 wmeiper

TurboTax 2010 wrapper

Update for 2007 Microsoft Office System (KB2284654)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2583910)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Outlook 2007 Junk Email Filter (KB2596560)

vspMgr 1.0.1

WebReg

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

.

==== Event Viewer Messages From Past Week ========

.

10/24/2011 7:43:48 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: WDMQUA

10/24/2011 7:43:41 AM, Error: Service Control Manager [7000] - The SessionLauncher service failed to start due to the following error: The system cannot find the file specified.

10/24/2011 7:33:49 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

10/24/2011 7:33:18 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

10/24/2011 7:25:17 AM, Error: Service Control Manager [7034] - The SqueezeMySQL service terminated unexpectedly. It has done this 1 time(s).

10/24/2011 7:25:17 AM, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).

10/24/2011 7:25:17 AM, Error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).

10/19/2011 1:22:46 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

10/19/2011 1:18:08 PM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.

10/19/2011 1:16:17 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

10/19/2011 1:16:07 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

.

==== End Of File ===========================

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Link to post
Share on other sites

Thank you for the follow-up. ESET found three additional infections: tracur.f, tracur.i and B.gen. All apps have been working OK even before running ESET and Security Check, however, since discovering the initial infections with Malwarebytes, I have not been using internet search engines for fear of getting reinfected or getting new infections. I have been using my favorites and have typed in direct links with no problems or redirection. Is it safe to try using Google or Bing again?

Also, I see that Java is out of date and assume that needs to be updated.

log.txt:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

checkup.txt:

Results of screen317's Security Check version 0.99.24

Windows 7 x64 (UAC is enabled)

Internet Explorer 8 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

McAfee SecurityCenter

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 23

Out of date Java installed!

Adobe Flash Player ( 10.2.152.26) Flash Player Out of Date!

Mozilla Firefox (x86 en-US..)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

``````````End of Log````````````

Link to post
Share on other sites

  • Staff

Hi,

Run TFC by OldTimer to clear temporary files:

  • Please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

ESET Online Scanner v3

Java™ 6 Update 23

Adobe Flash Player ( 10.2.152.26)

Restart your computer.

Get the latest version of Java and Adobe Flash Player.

Next, please click Start, type in Windows Update, click Windows Update, then download all available critical updates, including Internet Explorer 9.

Feel free to try search engines again and see if the redirects persist.

Let me know what issues remain.

Link to post
Share on other sites

Thank you very much for the follow-up. All went well and I have a performed a number of searches with Google with no redirects.

After using the trial of Malwarebytes Anti-Malware I purchased a full license and since then the application does not run when Windows 7 starts or restarts. I have in the Protection form unchecked and re-checked "Enable protection module" a couple of times and checked all the other boxes including "Start protection module with Windows". But, the application still does not run when booting up Windows 7. Can you advise me how to resolve this problem?

Also, I am running the MacAfee firewall, which has disabled the native Windows Firewall. I assume that is necessary to avoid conflicts. However, should I continue to run Windows Defender?

Finally, I got SpywareBlaster from JavaCool and am running that along with Malwarebytes. I will also get WOT later today.

Many thanks for your assistance.

Link to post
Share on other sites

Thanks for the follow-up.

When I reboot my computer, Malwarebytes Anti-Malware Pro does not automatically start-up as expected. I have Malwarebytes configured to "Start protection module with Windows" (checked box on the Protection form), but it does not run. I must start it manually. I've confirmed after a reboot with Task Manager that the MBAM service is NOT running. After a manual start, the service is spawned as expected and appears in the services table.

Link to post
Share on other sites

  • Staff

Okay thanks for the clarification.

Please do the following:

  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

Select all of the correct settings, reboot, and see if the protection module starts successfully.

Link to post
Share on other sites

Hello:

Since my last communications, I removed MacAfee and installed Norton 2012. After that change, Malwarebytes began running automatically when I boot-up.

Also, Norton found and quarantined kbduserman.dll. This virus may have also been detected by Malwarebyte when it tried to connect IE with a dangerous site. The following is an entry from the Malwarebytes logs: "IP-BLOCK 64.111.196.114 (Type: outgoing, Port: 49306, Process: rundll32.exe". After this was detected I updated Malwarebyte and Norton and ran full systems scans that resulted in no threats or infections found.

Presently, my computer appear to be running well and there are no indications of infections, although given the failure of MacAfee to prevent the infections that brought me here in the first place, I have acquired a strong skepticism regarding the efficacy of anti-virus sofware. I am now running WOT, Spywareblaster, Malwarebytes and Norton 2012.

Please let me know if I need to take any further steps to eliminate kbduserman.dll.

Thank you very much for your assistance.

Link to post
Share on other sites

  • Staff

Hi,

Update MBAM, run a Quick Scan, and post its log.

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    kbduserman.dll


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

Ok -- thanks for the reply. Here are the log files:

SystemLook 30.07.11 by jpshortstuff

Log created at 18:45 on 15/11/2011 by Larry

Administrator - Elevation successful

WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "kbduserman.dll"

No files found.

-= EOF =-

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8171

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

11/15/2011 6:40:15 PM

mbam-log-2011-11-15 (18-40-15).txt

Scan type: Quick scan

Objects scanned: 181453

Time elapsed: 1 minute(s), 55 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Actually, Norton shows that it is quarantined :-))

I can't find any substantive information on kbduserman.dll -- perhaps it was tagged by Norton's heuristic engine as a suspected virus.

Whatever it is, my computer seems to be working properly and I have no other issues.

Many thanks for your assistance.

Link to post
Share on other sites

  • Staff

Great! Here is my standard prevention speech:

I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.