Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infection HKI****.exe


  • This topic is locked This topic is locked
26 replies to this topic

#1 OxtonyxO

OxtonyxO

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 11 December 2010 - 05:21 AM

hope you can help

DDS (Ver_10-12-05.01) - NTFS_AMD64
Run by Tony Delap at 9:08:08.42 on 11/12/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3037.1442 [GMT 0:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
C:\Program Files (x86)\McAfee\MSK\MskSrver.exe
C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files (x86)\Digiarty\WinX DVD Author 5.5\NMSAccessU.exe
C:\Windows\SysWOW64\IoctlSvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\O2 Assistant\bin\sprtsvc.exe
C:\Program Files (x86)\O2 Assistant\bin\tgsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
c:\PROGRA~2\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2 .exe
C:\Program Files (x86)\O2 Assistant\bin\sprtcmd .exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser .exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia .exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched .exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Windows\system32\wuauclt.exe
C:\Users\TONYDE~1\AppData\Local\Temp\hki1084.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Users\Tony Delap\Downloads\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1284835096&rver=6.0.5285.0&wp=MBI&wreply=hxxp:%2F%2Fmail.live.com%2Fdefault.aspx&lc=2057&id=64855&mkt=en-gb
uLocal Page = about:blank
uDefault_Page_URL = hxxp://asus.msn.com
mLocal Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~2\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
uRun: [Power2GoExpress]
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun: [O2DA] "C:\Program Files (x86)\O2 Assistant\bin\sprtcmd.exe" /P O2DA
mRun: [McENUI] C:\PROGRA~2\McAfee\MHN\McENUI.exe /hide
mRun: [mcagent_exe] "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask .exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [O2Start] C:\Program Files (x86)\O2CM-CE\O2 Connection Manager\tscui.exe /s
dRun: [DelayShred] c:\progra~2\mcafee\mshr\ShrCL.EXE /P7 /q c:\users\TONYDE~1\appdata\local\temp\Low\TEMPOR~1\Content.IE5\N76O8889.SH! c:\users\TONYDE~1\appdata\local\temp\Low\TEMPOR~1\Content.IE5\N1SSGY5G.SH! c:\users\TONYDE~1\appdata\local\temp\Low\TEMPOR~1\Content.IE5\I1HCYAYX.SH! c:\users\TONYDE~1\appdata\local\temp\Low\TEMPOR~1\Content.SH! c:\users\TONYDE~1\appdata\local\temp\Low\TEMPOR~1.SH!
StartupFolder: C:\Users\TONYDE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\MSKAPB~1.DLL
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
BHO-X64: Windows Live Family Safety Browser Helper - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe
mRun-x64: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe MySyncFolder
mRun-x64: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
mRun-x64: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe

================= FIREFOX ===================

FF - ProfilePath - C:\Users\TONYDE~1\AppData\Roaming\Mozilla\Firefox\Profiles\y8o0eqy6.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Tony Delap\AppData\Roaming\Mozilla\Firefox\Profiles\y8o0eqy6.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - C:\Program Files (x86)\McAfee\SiteAdvisor
FF - Extension: XULRunner: {E6C5333D-4865-4F71-9A20-D7737880291D} - C:\Users\Tony Delap\AppData\Local\{E6C5333D-4865-4F71-9A20-D7737880291D}

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-4-22 308296]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2010-4-22 379520]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2010-4-22 14904]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2010-11-6 101048]
R2 McProxy;McAfee Proxy Service;C:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe [2010-5-21 359952]
R2 McShield;McAfee Real-time Scanner;C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2010-5-21 155456]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-11-22 1153368]
R2 sprtsvc_O2DA;SupportSoft Sprocket Service (O2DA);C:\Program Files (x86)\O2 Assistant\bin\sprtsvc.exe [2010-2-5 206120]
R2 tgsrvc_O2DA;SupportSoft Repair Service (O2DA);C:\Program Files (x86)\O2 Assistant\bin\tgsrvc.exe [2010-2-5 185640]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-1-18 128512]
R3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\System32\drivers\ewusbnet.sys [2010-4-22 246224]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-12-13 144896]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2009-11-13 67072]
R3 McSysmon;McAfee SystemGuards;C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe [2010-5-21 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-4-22 102472]
R3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\System32\drivers\mfesmfk.sys [2010-4-22 49480]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-4-22 35104]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-5-21 61792]
S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]
S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\System32\drivers\mferkdk.sys [2010-4-22 40904]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2010-4-19 22528]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-22 1255736]

=============== Created Last 30 ================

2010-12-10 06:01:00 80386 ----a-w- C:\PROGRA~3\wq5r84MK.exe_
2010-12-10 06:01:00 80386 ----a-w- C:\PROGRA~3\wq5r84MK.exe
2010-11-25 20:56:32 -------- d-----w- C:\PROGRA~3\Novatel Wireless
2010-11-25 11:30:49 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-11-25 11:30:48 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-11-22 13:40:14 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2010-11-22 13:40:14 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2010-11-21 19:13:04 -------- d-----w- C:\Users\TONYDE~1\AppData\Roaming\Malwarebytes
2010-11-21 19:12:51 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-11-20 09:53:47 -------- d-----w- C:\Users\TONYDE~1\AppData\Local\ElevatedDiagnostics
2010-11-19 21:06:02 -------- d-----w- C:\Program Files\iPod
2010-11-19 21:06:00 -------- d-----w- C:\Program Files\iTunes
2010-11-18 20:51:47 -------- d-----w- C:\Users\TONYDE~1\AppData\Local\{E6C5333D-4865-4F71-9A20-D7737880291D}
2010-11-18 20:44:33 -------- d-----w- C:\Users\TONYDE~1\AppData\Roaming\Ugral
2010-11-18 20:44:33 -------- d-----w- C:\Users\TONYDE~1\AppData\Roaming\Foeb
2010-11-15 19:58:39 -------- d-----w- C:\Users\TONYDE~1\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-11-14 09:59:18 -------- d-----w- C:\Program Files\DivX
2010-11-14 09:58:59 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared
2010-11-14 09:58:17 -------- d-----w- C:\Program Files (x86)\DivX
2010-11-14 09:57:47 -------- d-----w- C:\PROGRA~3\DivX
2010-11-12 20:48:32 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll
2010-11-12 20:48:32 206848 ----a-w- C:\Windows\System32\mfps.dll
2010-11-12 20:48:32 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
2010-11-12 20:48:32 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2010-11-12 20:48:32 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2010-11-12 20:48:31 4068864 ----a-w- C:\Windows\System32\mf.dll
2010-11-12 20:48:30 3181568 ----a-w- C:\Windows\SysWow64\mf.dll
2010-11-11 20:08:58 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2010-11-11 20:08:58 552960 ----a-w- C:\Windows\System32\msdri.dll
2010-11-11 20:08:57 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2010-11-11 20:08:57 288256 ----a-w- C:\Windows\System32\MSNP.ax
2010-11-11 20:08:57 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2010-11-11 20:08:56 258560 ----a-w- C:\Windows\System32\mpg2splt.ax
2010-11-11 20:08:56 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2010-11-11 20:07:16 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys

==================== Find3M ====================

2010-09-28 15:44:52 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2010-09-28 15:44:52 4184352 ----a-w- C:\Windows\System32\usbaaplrc.dll
2010-09-15 04:50:37 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

============= FINISH: 9:09:48.47 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-05.01)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 21/05/2010 02:27:34
System Uptime: 11/12/2010 08:08:45 (1 hours ago)

Motherboard: ASUSTeK Computer Inc. | | UL30A
Processor: Genuine Intel® CPU U7300 @ 1.30GHz | Socket 478 | 1300/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 75 GiB total, 19.552 GiB free.
D: is FIXED (NTFS) - 207 GiB total, 10.765 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP101: 11/12/2010 09:03:40 - Windows Update

==== Installed Programs ======================

3ivx MPEG-4 5.0.2 (remove only)
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.1 MUI
Alcor Micro USB Card Reader
Apple Application Support
Apple Software Update
ASUS AP Bank
ASUS FancyStart
ASUS LifeFrame3
ASUS Live Update
ASUS MultiFrame
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
Asus_ULSeries_ScreenSaver
ATK Generic Function Service
ATK Hotkey
ATK Media
ATKOSD2
µTorrent
Banana Bugs
Choice Guard
ControlDeck
CyberLink LabelPrint
CyberLink Power2Go
DivX Setup
eReg
Express Gate
Google SketchUp 7
Image Icon Converter 1.3
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Internet TV for Windows Media Center
Java Auto Updater
Java™ 6 Update 22
Junk Mail filter update
Mathcad 2001i Professional
McAfee SecurityCenter
Microsoft Office Live Add-in 1.5
Microsoft Office XP Professional with FrontPage
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.6.12)
Mozilla Thunderbird (3.1.7)
MSVCRT
MSXML 4.0 SP3 Parser (KB973685)
My O2
Nero 8 Essentials
neroxml
O2 Connection Manager
OJOsoft Total Video Converter
QuickTime
Realtek High Definition Audio Driver
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Sid Meier's SimGolf
Skype Toolbars
Skype™ 4.2
Spybot - Search & Destroy
VC80CRTRedist - 8.0.50727.4053
VCRedistSetup
VLC media player 1.0.3
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Movie Maker 2.6
WinFlash
WinX DVD Author 5.5.2
WinX DVD Ripper Platinum 5.22.0
Wireless Console 3
Zoo Tycoon - Dinosaur Digs

==== Event Viewer Messages From Past Week ========

11/12/2010 09:04:40, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Windows Live Essentials 2011 (KB2434419).
11/12/2010 08:34:43, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
11/12/2010 08:09:37, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
11/12/2010 08:01:54, Error: Service Control Manager [7031] - The McAfee SystemGuards service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/12/2010 07:55:41, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {B299BB78-EBBE-48F9-8725-E6A84C4E7C1D} and APPID {EDF91290-887E-4010-BC73-F40A2988882D} to the user TonyDelap-PC\Tony Delap SID (S-1-5-21-2965382674-955575303-1029481018-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
11/12/2010 00:27:18, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
10/12/2010 19:24:42, Error: Service Control Manager [7000] - The McAfee Inc. mferkdk service failed to start due to the following error: The specified procedure could not be found.
09/12/2010 18:46:14, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000fe (0x0000000000000008, 0x0000000000000004, 0xfffffa800510d760, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120910-14804-01.
05/12/2010 10:55:40, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x000000010317abf0, 0x0000000000000002, 0x0000000000000000, 0xfffff80002e87995). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120510-25662-01.
05/12/2010 10:53:20, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
05/12/2010 01:11:27, Error: volsnap [35] - The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.

==== End Of File ===========================
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-11 09:34:08
Windows 6.1.7600
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b20761
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b20761@40d32d9e9beb 0x7F 0xA6 0x34 0x41 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b20761 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b20761@40d32d9e9beb 0x7F 0xA6 0x34 0x41 ...

---- EOF - GMER 1.0.15 ----



thank you

sorry forgot a discription :(


my problem is :- when connecting to an internet conection my macaffe picks up two trojans and deletes them , most of the time.
if it doesnt i get random advents as audio.
in the running processors are 20-30 hki****.exe plus a number of iexpore.exe

i have run spybot search and destory removed a few things
when ever i run macaffe it remove 3 items

EDIT: Posts merged ~BP

Attached Files


Edited by Budapest, 11 December 2010 - 09:31 PM.


BC AdBot (Login to Remove)

 


#2 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:04:32 AM

Posted 19 December 2010 - 09:15 AM

Hello and welcome to Bleeping Computer

I'm judicandus and I'll be helping you out.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.


Please download Malwarebytes' Anti-Malware (v1.50) and save it to your desktop.
Download Link 1
Download Link 2Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes' when done.
Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.

We need to see some information about what is happening in your machine. Please perform the following scan:
Download DDS by sUBs from one of the following links. Save it to your desktop.
DDS.scr
DDS.pif
Double click on the DDS icon, allow it to run.
A small box will open, with an explaination about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

#3 OxtonyxO

OxtonyxO
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 19 December 2010 - 11:03 AM

thanks very much for your help

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5358

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

19/12/2010 15:56:56
mbam-log-2010-12-19 (15-56-56).txt

Scan type: Quick scan
Objects scanned: 159030
Time elapsed: 5 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


DDS (Ver_10-12-05.01) - NTFS_AMD64
Run by Tony Delap at 15:58:50.18 on 19/12/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3037.958 [GMT 0:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
C:\Program Files (x86)\McAfee\MSK\MskSrver.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Digiarty\WinX DVD Author 5.5\NMSAccessU.exe
C:\Windows\SysWOW64\IoctlSvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\O2 Assistant\bin\sprtsvc.exe
C:\Program Files (x86)\O2 Assistant\bin\tgsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\alg.exe
C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
c:\PROGRA~2\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser .exe
C:\Program Files (x86)\O2 Assistant\bin\sprtcmd .exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia .exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2 .exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched .exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Windows\system32\msiexec.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Tony Delap\Downloads\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1284835096&rver=6.0.5285.0&wp=MBI&wreply=hxxp:%2F%2Fmail.live.com%2Fdefault.aspx&lc=2057&id=64855&mkt=en-gb
uLocal Page = about:blank
uDefault_Page_URL = hxxp://asus.msn.com
mLocal Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~2\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
uRun: [Power2GoExpress]
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun: [O2DA] "C:\Program Files (x86)\O2 Assistant\bin\sprtcmd.exe" /P O2DA
mRun: [McENUI] C:\PROGRA~2\McAfee\MHN\McENUI.exe /hide
mRun: [mcagent_exe] "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [O2Start] C:\Program Files (x86)\O2CM-CE\O2 Connection Manager\tscui.exe /s
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: [Uninstall Adobe Download Manager] "C:\Program Files (x86)\NOS\bin\getPlusUninst_Adobe.exe" /Get1noarp
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
dRun: [DelayShred] c:\progra~2\mcafee\mshr\ShrCL.EXE /P7 /q c:\users\TONYDE~1\appdata\local\temp\Low\TEMPOR~1\Content.IE5\N76O8889.SH! c:\users\TONYDE~1\appdata\local\temp\Low\TEMPOR~1\Content.IE5\N1SSGY5G.SH! c:\users\TONYDE~1\appdata\local\temp\Low\TEMPOR~1\Content.IE5\I1HCYAYX.SH! c:\users\TONYDE~1\appdata\local\temp\Low\TEMPOR~1\Content.SH! c:\users\TONYDE~1\appdata\local\temp\Low\TEMPOR~1.SH!
StartupFolder: C:\Users\TONYDE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\MSKAPB~1.DLL
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
BHO-X64: Windows Live Family Safety Browser Helper - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe
mRun-x64: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe MySyncFolder
mRun-x64: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
mRun-x64: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe

================= FIREFOX ===================

FF - ProfilePath - C:\Users\TONYDE~1\AppData\Roaming\Mozilla\Firefox\Profiles\y8o0eqy6.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Tony Delap\AppData\Roaming\Mozilla\Firefox\Profiles\y8o0eqy6.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: C:\Users\Tony Delap\AppData\Roaming\Mozilla\Firefox\Profiles\y8o0eqy6.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Extension: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - C:\Program Files (x86)\McAfee\SiteAdvisor
FF - Extension: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - C:\Users\TONYDE~1\AppData\Roaming\Mozilla\Firefox\Profiles\y8o0eqy6.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Extension: XULRunner: {E6C5333D-4865-4F71-9A20-D7737880291D} - C:\Users\Tony Delap\AppData\Local\{E6C5333D-4865-4F71-9A20-D7737880291D}

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-4-22 308296]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2010-4-22 379520]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2010-4-22 14904]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-1-18 128512]
R3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\System32\drivers\ewusbnet.sys [2010-4-22 246224]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-12-13 144896]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2009-11-13 67072]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-4-22 102472]
R3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\System32\drivers\mfesmfk.sys [2010-4-22 49480]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-4-22 35104]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-5-21 61792]
S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\System32\drivers\mferkdk.sys [2010-4-22 40904]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2010-4-19 22528]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]

=============== Created Last 30 ================

2010-12-19 15:50:17 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-19 15:50:17 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-12-19 15:50:13 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-12-19 15:44:26 -------- d-----w- C:\PROGRA~3\McAfee Security Scan
2010-12-19 15:44:22 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan
2010-12-18 19:15:53 -------- d-----w- C:\Program Files\iPod
2010-12-18 19:15:52 -------- d-----w- C:\Program Files\iTunes
2010-12-18 09:55:14 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-12-18 09:55:14 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-11-29 17:38:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-11-29 17:38:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-11-25 20:56:32 -------- d-----w- C:\PROGRA~3\Novatel Wireless
2010-11-25 11:30:49 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-11-25 11:30:48 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-11-22 13:40:14 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2010-11-22 13:40:14 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2010-11-21 19:13:04 -------- d-----w- C:\Users\TONYDE~1\AppData\Roaming\Malwarebytes
2010-11-21 19:12:51 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-11-20 09:53:47 -------- d-----w- C:\Users\TONYDE~1\AppData\Local\ElevatedDiagnostics

==================== Find3M ====================

2010-11-12 18:53:06 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll
2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll
2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe
2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe
2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
2010-10-20 05:20:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
2010-10-20 04:54:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2010-10-20 03:09:15 3124224 ----a-w- C:\Windows\System32\win32k.sys
2010-10-20 03:05:46 367104 ----a-w- C:\Windows\System32\atmfd.dll
2010-10-20 02:58:41 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-10-16 05:23:13 112000 ----a-w- C:\Windows\System32\consent.exe
2010-10-16 05:19:41 395776 ----a-w- C:\Windows\System32\webio.dll
2010-10-16 04:36:10 314368 ----a-w- C:\Windows\SysWow64\webio.dll
2010-09-28 15:44:52 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2010-09-28 15:44:52 4184352 ----a-w- C:\Windows\System32\usbaaplrc.dll

============= FINISH: 16:00:54.76 ===============


thank you

Attached Files



#4 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:04:32 AM

Posted 19 December 2010 - 11:45 AM

Hello,

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

#5 OxtonyxO

OxtonyxO
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 19 December 2010 - 01:32 PM

how long should combofix take ? its been preparing the log for an hour now :S

#6 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:04:32 AM

Posted 19 December 2010 - 01:34 PM

That's an awful lot of time :D Do you have a lot of files on your computer?
Is the Hard Drive led flashing or is the computer making some noise as if it was working?

#7 OxtonyxO

OxtonyxO
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 19 December 2010 - 01:40 PM

i have got a lot of avi files
hard drive light flashes now and again
processor running at 50% on thw widget

#8 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:04:32 AM

Posted 19 December 2010 - 01:55 PM

could you please open the task manager and see which process is occupying the cpu?

#9 OxtonyxO

OxtonyxO
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 19 December 2010 - 01:58 PM

pev.cfxxe*32

a macafe scan normally takes 1-2 hours

Edited by OxtonyxO, 19 December 2010 - 02:00 PM.


#10 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:04:32 AM

Posted 19 December 2010 - 02:00 PM

Ok, you can kill that process

#11 OxtonyxO

OxtonyxO
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 19 December 2010 - 02:04 PM

cant end the process

'the operation could not be completed.

the operation is not valid for this process'

#12 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:04:32 AM

Posted 19 December 2010 - 02:10 PM

If you can find any of these, also try to terminate them:

PEV.exe
NirCmd.cfxxe
PEV.cfxxe

How long has it been since it started the log creation process?

#13 OxtonyxO

OxtonyxO
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 19 December 2010 - 02:14 PM

combofix was started around 2hrs ago
the other cant find PEV.EXE and NirCmd.cfxxe

#14 OxtonyxO

OxtonyxO
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 19 December 2010 - 02:16 PM

process has gone and combofix shut down

#15 OxtonyxO

OxtonyxO
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 19 December 2010 - 02:19 PM

i have a combofix report

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users