Malware infection (Spyware Protection)

Hi all,

About a week ago I posted on this forum about a program called Spyware Protection (http://www.bleepingcomputer.com/forums/topic372296.html).

I ran a scan with Malwarebytes Antimalware and it came across these two programs:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Spyware Protection (Rogue.SecurityCentral) -> Value: Spyware Protection -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DesktopUserRpl (Trojan.Agent) -> Value: DesktopUserRpl -> Quarantined and deleted successfully.

After that my computer seemed to work fine, however the program 'spyware protection' was still listed in my start menu, and my antivirus software (McAfee) was not working. I ran system recovery (that removed 'Spyware Protection' from my start menu) and reinstalled McAfee. My computer seemed to work fine until last nights security update (maybe it's coincidence, but I logged in at the same location (same modem/ip-address? as where I got the infection).
Now McAfee real time scanning is turned off (when I try to turn it on, it is turning itself off after a few seconds) and also Windows defender doesn't seem to be working. It seems my firewall is still active.

Could you please look into this? Thanks a lot!!!

I've completed the steps in the guideline. Below is the DDS log file.
Edit: I noticed that some lines are in Dutch. I can translate them if necessary
Edit2: I forgot to tell you that I ran the DDS program in windows safe mode with networking
 Attach.txt   4.97KB   1 downloads
--------------------------------------

DDS (Ver_10-12-12.02) - NTFS_AMD64 NETWORK
Run by Marijn's computer at 7:16:33,11 on za 15-01-2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.31.1043.18.3758.2709 [GMT 1:00]

AV: McAfee Antivirus en antispyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Antivirus en antispyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Marijn's computer\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110110230206.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [MarketingTools] C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
StartupFolder: C:\Users\MARIJN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Marijn's computer\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SERVIC~1.LNK - C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/66.36/uploader2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
TCP: {1EFB8A60-ADE3-4852-AA62-C8616E1EABDA} = 192.168.1.254,195.241.77.55
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: VESWinlogon - VESWinlogon.dll
{27B4851A-3207-45A2-B947-BE8AFE6163AB}
{7DB2D5A0-7241-4E79-B68D-6309F01C5231}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AA58ED58-01DD-4d91-8333-CF10577473F7}
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
{B164E929-A1B6-4A06-B104-2CD0E90A88FF}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [Apoint] %ProgramFiles%\Apoint\Apoint.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
mRun-x64: [McAfeeWrapperApplication] "C:\Program Files (x86)\McAfeeMOBK\WrapperTrayIcon.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-1-10 529128]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-6-9 55280]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2011-1-10 75032]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2010-9-14 283360]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 McMPFSvc;McAfee Personal Firewall;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2011-1-10 355440]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-1-10 245352]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2011-1-10 149032]
R2 rimspci;rimspci;C:\Windows\System32\drivers\rimssne64.sys [2010-5-19 93696]
R2 risdsnpe;risdsnpe;C:\Windows\System32\drivers\risdsne64.sys [2010-5-19 75776]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-5-19 56344]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-1-10 441328]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2010-5-19 11392]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2010-5-19 395264]
S1 MOBKFilter;MOBKFilter;C:\Windows\System32\drivers\MOBK.sys [2011-1-10 66040]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
S2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
S2 gupdate;Google Updateservice (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-9 133104]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-5-19 13336]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2011-1-10 355440]
S2 McNaiAnn;McAfee VirusScan Announcer;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2011-1-10 355440]
S2 McProxy;McAfee Proxy Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2011-1-10 355440]
S2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-1-10 200056]
S2 MOBKbackup;1%;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\SONY\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-8-31 362992]
S2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2010-6-9 104960]
S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-8-28 2320920]
S2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-9-14 642416]
S2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2010-6-9 821760]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2010-6-9 19968]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-5-19 52264]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-5-19 35104]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-1-10 62800]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-12-26 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-5-19 151936]
S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-5-19 244736]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-1-10 190136]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-1-10 94864]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-8-31 313840]
S3 SampleCollector;Intel® Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2010-6-9 167424]
S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-6-9 120104]
S3 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2010-6-9 70952]
S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-6-9 427304]
S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-6-9 75048]
S3 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2010-6-9 91432]
S3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2010-6-9 571248]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-6-9 480624]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-6-9 361840]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-6-9 110960]
S3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2010-6-9 1165680]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-29 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

=============== Created Last 30 ================

2011-01-15 05:35:51 -------- d-----w- C:\Users\MARIJN~1\AppData\Roaming\SUPERAntiSpyware.com
2011-01-15 05:35:40 -------- d-----w- C:\PROGRA~3\!SASCORE
2011-01-10 22:23:24 -------- d-----w- C:\Program Files (x86)\McAfeeMOBK
2011-01-10 22:23:19 66040 ----a-w- C:\Windows\System32\drivers\MOBK.sys
2011-01-10 22:23:17 -------- d-----w- C:\Program Files (x86)\McAfee Online Backup
2011-01-10 22:02:15 -------- d-----w- C:\Program Files (x86)\McAfee.com
2011-01-10 22:02:04 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2011-01-10 22:02:02 149032 ----a-w- C:\Windows\System32\mfevtps.exe
2011-01-10 22:02:00 94864 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2011-01-10 22:02:00 75032 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2011-01-10 22:02:00 62800 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2011-01-10 22:02:00 529128 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2011-01-10 22:02:00 441328 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2011-01-10 22:02:00 190136 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2011-01-10 22:02:00 121248 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2011-01-10 22:01:53 -------- d-----w- C:\Program Files\Common Files\McAfee
2011-01-10 22:01:52 -------- d-----w- C:\Program Files\McAfee.com
2011-01-10 22:01:52 -------- d-----w- C:\Program Files\McAfee
2011-01-10 19:36:11 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-10 19:36:06 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-01-10 19:32:47 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{79A0796D-897F-4786-BAE0-78428EFE50C4}\mpengine.dll
2011-01-09 14:43:19 -------- d-----w- C:\Program Files (x86)\Common Files\SWF Studio
2011-01-09 14:25:38 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-01-09 14:25:38 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2011-01-09 13:58:01 -------- d-----w- C:\PROGRA~3\SUPERAntiSpyware.com
2011-01-09 13:57:53 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-01-09 13:00:13 -------- d-----w- C:\Users\MARIJN~1\AppData\Roaming\Malwarebytes
2011-01-09 13:00:09 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-01-09 13:00:06 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-01-09 07:03:28 -------- d-----w- C:\Users\MARIJN~1\AppData\Local\AppleCommsapi
2011-01-08 10:37:30 -------- d-----w- C:\VAIO Entertainment
2011-01-05 19:07:28 -------- d-----r- C:\Users\Marijn's computer\Dropbox
2011-01-05 19:05:07 -------- d-----w- C:\Users\MARIJN~1\AppData\Roaming\Dropbox
2011-01-03 21:08:40 -------- d-----w- C:\Users\Marijn's computer\.mev
2010-12-28 18:52:54 -------- d-----w- C:\PROGRA~3\GameHouse
2010-12-28 18:51:17 -------- d-----w- C:\Users\MARIJN~1\AppData\Roaming\Zylom
2010-12-28 18:50:33 -------- d-----w- C:\Users\MARIJN~1\AppData\Local\Zylom Games
2010-12-26 21:43:26 -------- d-----w- C:\Windows\nl
2010-12-26 21:42:07 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2010-12-26 21:41:41 -------- d-----w- C:\Program Files (x86)\MSN Toolbar
2010-12-26 21:41:37 -------- d-----w- C:\Program Files (x86)\Bing Bar Installer
2010-12-26 21:41:35 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2010-12-26 21:41:35 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2010-12-26 21:41:35 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2010-12-26 21:41:35 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2010-12-26 21:41:33 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2010-12-26 21:41:33 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2010-12-26 21:10:12 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\47df02181cba5412e\InstallManager_WLE_WLE.exe
2010-12-26 21:09:52 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\3d34e6ee1cba54121\MeshBetaRemover.exe
2010-12-26 21:09:37 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\332dc4e81cba5411a\DSETUP.dll
2010-12-26 21:09:37 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\332dc4e81cba5411a\DXSETUP.exe
2010-12-26 21:09:37 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\332dc4e81cba5411a\dsetup32.dll
2010-12-26 21:09:35 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\32a447941cba54119\DSETUP.dll
2010-12-26 21:09:35 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\32a447941cba54119\DXSETUP.exe
2010-12-26 21:09:35 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\32a447941cba54119\dsetup32.dll
2010-12-26 21:08:47 -------- d-----w- C:\Users\MARIJN~1\AppData\Local\Windows Live
2010-12-26 21:08:16 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll
2010-12-26 21:08:16 206848 ----a-w- C:\Windows\System32\mfps.dll
2010-12-26 21:08:16 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
2010-12-26 21:08:16 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2010-12-26 21:08:16 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2010-12-26 21:08:15 4068864 ----a-w- C:\Windows\System32\mf.dll
2010-12-26 21:08:15 3181568 ----a-w- C:\Windows\SysWow64\mf.dll
2010-12-19 15:48:01 -------- d-----w- C:\Users\MARIJN~1\AppData\Local\CutePDF Writer
2010-12-19 15:47:12 -------- d-----w- C:\Program Files (x86)\GPLGS
2010-12-19 15:46:38 85504 ----a-w- C:\Windows\System32\cpwmon64.dll
2010-12-19 15:46:38 -------- d-----w- C:\Program Files (x86)\Acro Software
2010-12-19 15:46:33 -------- d-----w- C:\Program Files (x86)\Ask.com
2010-12-16 06:59:59 860160 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll

==================== Find3M ====================

2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-11-02 05:23:15 1198592 ----a-w- C:\Windows\System32\taskschd.dll
2010-11-02 05:21:51 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2010-11-02 05:18:59 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2010-11-02 05:18:59 229888 ----a-w- C:\Windows\System32\XpsRasterService.dll
2010-11-02 05:18:58 470016 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll
2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
2010-11-02 05:12:53 1133568 ----a-w- C:\Windows\System32\FntCache.dll
2010-11-02 05:12:25 1540608 ----a-w- C:\Windows\System32\DWrite.dll
2010-11-02 05:12:08 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2010-11-02 05:12:07 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2010-11-02 05:12:06 902656 ----a-w- C:\Windows\System32\d2d1.dll
2010-11-02 05:12:06 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe
2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe
2010-11-02 04:59:08 144384 ----a-w- C:\Windows\System32\cdd.dll
2010-11-02 04:41:36 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2010-11-02 04:41:36 283648 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2010-11-02 04:41:36 135168 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll
2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2010-11-02 04:35:51 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2010-11-02 04:35:35 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2010-11-02 04:35:34 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2010-11-02 04:35:34 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2010-11-02 04:35:34 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
2010-11-02 04:28:47 505856 ----a-w- C:\Windows\SysWow64\taskschd.dll
2010-11-02 02:50:58 258048 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2010-10-27 05:06:22 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-10-27 04:32:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-10-20 05:20:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
2010-10-20 04:54:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2010-10-20 03:09:15 3124224 ----a-w- C:\Windows\System32\win32k.sys
2010-10-20 03:05:46 367104 ----a-w- C:\Windows\System32\atmfd.dll
2010-10-20 02:58:41 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-10-19 09:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe

============= FINISH: 7:17:06,60 ===============

Edited by mvj0901, 15 January 2011 - 03:01 AM.

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.

• Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.
  
  
• Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  
  
• Please reply to this post so I know you are there.

The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks

Yay! That would be great Thank you!!!

I have not made any changes to my computer since posting the log (I have only used excel and powerpoint in safe mode)

Please run anything I ask you to in Normal Mode unless I say otherwise.

Please download ComboFix from one of these locations:

• Bleepingcomputer
• ForoSpyware

* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
• Double click on Comfix.exe & follow the prompts.
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Below is the logfile. Before starting combofix I thought I had turned McAfee real time scanning off. But when I ran Combofix, it told me it was on (Maybe because McAfee updated itself shortly before starting combofix?). I turned it off again before proceeding with the scan. Some of the text is in Dutch. But I hope you can make sense of it

Thanks!

-------------------------------------
ComboFix 11-01-20.02 - Marijn's computer 21-01-2011 8:25.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.31.1043.18.3758.2427 [GMT 1:00]
Gestart vanuit: c:\users\Marijn's computer\Desktop\ComFix.exe
AV: McAfee Antivirus en antispyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Antivirus en antispyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Marijn's computer\AppData\Roaming\.#

.
(((((((((((((((((((( Bestanden Gemaakt van 2010-12-21 to 2011-01-21 ))))))))))))))))))))))))))))))
.

2011-01-21 07:29 . 2011-01-21 07:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-15 05:35 . 2011-01-15 05:35 -------- d-----w- c:\users\Marijn's computer\AppData\Roaming\SUPERAntiSpyware.com
2011-01-15 05:35 . 2011-01-15 05:35 -------- d-----w- c:\programdata\!SASCORE
2011-01-10 22:23 . 2011-01-10 22:23 -------- d-----w- c:\program files (x86)\McAfeeMOBK
2011-01-10 22:23 . 2010-04-13 19:10 66040 ----a-w- c:\windows\system32\drivers\MOBK.sys
2011-01-10 19:36 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-10 19:36 . 2010-12-20 17:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-10 19:32 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{79A0796D-897F-4786-BAE0-78428EFE50C4}\mpengine.dll
2011-01-09 14:43 . 2011-01-09 14:43 -------- d-----w- c:\program files (x86)\Common Files\SWF Studio
2011-01-09 14:37 . 2011-01-10 19:21 -------- d-----w- c:\program files (x86)\Windows Live Safety Center
2011-01-09 14:25 . 2011-01-10 19:21 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-01-09 14:25 . 2011-01-10 19:21 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-01-09 13:58 . 2011-01-09 13:58 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-01-09 13:57 . 2011-01-15 05:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-09 13:00 . 2011-01-09 13:00 -------- d-----w- c:\users\Marijn's computer\AppData\Roaming\Malwarebytes
2011-01-09 13:00 . 2011-01-09 13:00 -------- d-----w- c:\programdata\Malwarebytes
2011-01-09 13:00 . 2011-01-10 19:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-01-09 07:03 . 2011-01-09 13:53 -------- d-----w- c:\users\Marijn's computer\AppData\Local\AppleCommsapi
2011-01-08 10:37 . 2011-01-08 19:32 -------- d-----w- C:\VAIO Entertainment
2011-01-05 19:07 . 2011-01-13 21:46 -------- d-----r- c:\users\Marijn's computer\Dropbox
2011-01-05 19:05 . 2011-01-13 21:46 -------- d-----w- c:\users\Marijn's computer\AppData\Roaming\Dropbox
2011-01-03 21:08 . 2011-01-03 21:08 -------- d-----w- c:\users\Marijn's computer\.mev
2010-12-28 18:52 . 2010-12-28 18:52 -------- d-----w- c:\programdata\GameHouse
2010-12-28 18:51 . 2010-12-28 18:52 -------- d-----w- c:\users\Marijn's computer\AppData\Roaming\Zylom
2010-12-28 18:50 . 2010-12-28 18:50 -------- d-----w- c:\users\Marijn's computer\AppData\Local\Zylom Games
2010-12-26 21:43 . 2010-12-26 21:43 -------- d-----w- c:\windows\nl
2010-12-26 21:42 . 2010-09-22 23:36 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-12-26 21:41 . 2010-12-26 21:41 -------- d-----w- c:\program files (x86)\MSN Toolbar
2010-12-26 21:41 . 2010-12-26 21:41 -------- d-----w- c:\program files (x86)\Bing Bar Installer
2010-12-26 21:41 . 2009-09-04 16:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
2010-12-26 21:41 . 2009-09-04 16:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
2010-12-26 21:41 . 2009-09-04 16:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2010-12-26 21:41 . 2009-09-04 16:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-12-26 21:41 . 2006-11-29 12:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-12-26 21:41 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2010-12-26 21:10 . 2010-12-26 21:10 469256 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\47df02181cba5412e\InstallManager_WLE_WLE.exe
2010-12-26 21:09 . 2010-12-26 21:09 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\3d34e6ee1cba54121\MeshBetaRemover.exe
2010-12-26 21:09 . 2010-12-26 21:09 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\332dc4e81cba5411a\DSETUP.dll
2010-12-26 21:09 . 2010-12-26 21:09 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\332dc4e81cba5411a\DXSETUP.exe
2010-12-26 21:09 . 2010-12-26 21:09 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\332dc4e81cba5411a\dsetup32.dll
2010-12-26 21:09 . 2010-12-26 21:09 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\32a447941cba54119\DSETUP.dll
2010-12-26 21:09 . 2010-12-26 21:09 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\32a447941cba54119\DXSETUP.exe
2010-12-26 21:09 . 2010-12-26 21:09 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\32a447941cba54119\dsetup32.dll
2010-12-26 21:08 . 2011-01-21 07:16 -------- d-----w- c:\users\Marijn's computer\AppData\Local\Windows Live
2010-12-26 21:08 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2010-12-26 21:08 . 2010-05-23 10:11 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2010-12-26 21:08 . 2010-05-23 08:37 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
2010-12-26 21:08 . 2010-05-23 08:35 257024 ----a-w- c:\windows\system32\mfreadwrite.dll
2010-12-26 21:08 . 2010-05-23 08:35 206848 ----a-w- c:\windows\system32\mfps.dll
2010-12-26 21:08 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\SysWow64\mf.dll
2010-12-26 21:08 . 2010-05-23 08:35 4068864 ----a-w- c:\windows\system32\mf.dll

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-04 06:35 . 2010-12-16 06:59 1194496 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 06:31 . 2010-12-16 06:59 57856 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 05:52 . 2010-12-16 06:59 978944 ----a-w- c:\windows\SysWow64\wininet.dll
2010-11-04 05:48 . 2010-12-16 06:59 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2010-11-04 05:16 . 2010-12-16 06:59 482816 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:41 . 2010-12-16 06:59 386048 ----a-w- c:\windows\SysWow64\html.iec
2010-11-04 04:35 . 2010-12-16 06:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-04 04:08 . 2010-12-16 06:59 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2010-11-02 05:23 . 2010-12-16 07:00 1198592 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 05:18 . 2010-12-16 07:00 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 05:17 . 2010-12-16 07:00 473600 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 05:16 . 2010-12-16 07:00 1114624 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 05:10 . 2010-12-16 07:00 464384 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 05:10 . 2010-12-16 07:00 285696 ----a-w- c:\windows\system32\schtasks.exe
2010-11-02 04:40 . 2010-12-16 07:00 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll
2010-11-02 04:34 . 2010-12-16 07:00 192000 ----a-w- c:\windows\SysWow64\taskeng.exe
2010-11-02 04:34 . 2010-12-16 07:00 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
2010-11-02 04:28 . 2010-12-16 07:00 505856 ----a-w- c:\windows\SysWow64\taskschd.dll
2010-10-27 05:06 . 2010-12-16 07:00 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-27 04:32 . 2010-12-16 07:00 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 21:44 1400712 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Marijn's computer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Marijn's computer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Marijn's computer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-09 39408]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-12-14 2988784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 284696]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-26 320880]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-17 538472]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-24 597792]
"MarketingTools"="c:\program files (x86)\Sony\Marketing Tools\MarketingTools.exe" [2010-06-09 26624]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2010-06-09 149280]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-11-22 1484856]

c:\users\Marijn's computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Marijn's computer\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-12-17 23343848]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
Servicebeheer.lnk - c:\program files (x86)\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R2 0257551295594364mcinstcleanup;McAfee Application Installer Cleanup (0257551295594364);c:\windows\TEMP\025755~1.EXE [x]
R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-09 133104]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-30 362992]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-11-18 52264]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-11-18 35104]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-11-12 94864]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-30 313840]
R3 SampleCollector;Intel® Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe [2009-09-16 167424]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-10-15 120104]
R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-10-15 70952]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-10-15 427304]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-10-15 75048]
R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-10-15 91432]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-09-16 480624]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-09-01 361840]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-09-08 110960]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2009-10-30 1165680]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-29 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-05-20 55280]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-11-12 75032]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-10-13 283360]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [2010-04-13 66040]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 13336]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McMPFSvc;McAfee Personal Firewall;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-11-12 245352]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-11-12 149032]
S2 MOBKbackup;1%;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-04-13 231224]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2009-11-06 93696]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2009-09-15 75776]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-12-14 2320920]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-09-14 642416]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2009-11-25 821760]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-11-12 62800]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-12-14 56344]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2009-11-13 151936]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-12-16 244736]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-11-12 441328]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2009-08-19 11392]
S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-11-30 571248]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-11-12 395264]


--- Andere Services/Drivers In Geheugen ---

*Deregistered* - mfeavfk01
.
Inhoud van de 'Gedeelde Taken' map

2011-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-09 11:01]

2011-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-09 11:01]

2010-10-31 c:\windows\Tasks\McDefragTask.job
- c:\progra~2\mcafee\mqc\QcConsol.exe [2010-10-31 11:22]

2011-01-01 c:\windows\Tasks\McQcTask.job
- c:\progra~2\mcafee\mqc\QcConsol.exe [2010-10-31 11:22]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Marijn's computer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Marijn's computer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Marijn's computer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Marijn's computer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-13 19:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-13 19:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-13 19:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-12-16 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-12-16 390680]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-12-16 410136]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-16 9636896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-06-09 171520]
"McAfeeWrapperApplication"="c:\program files (x86)\McAfeeMOBK\WrapperTrayIcon.exe" [2010-12-07 453344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: {1EFB8A60-ADE3-4852-AA62-C8616E1EABDA} = 192.168.1.254,195.241.77.55
.
- - - - ORPHANS VERWIJDERD - - - -

Notify-VESWinlogon - VESWinlogon.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-Apoint - %ProgramFiles%\Apoint\Apoint.exe



[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2011-01-21 08:32:05
ComboFix-quarantined-files.txt 2011-01-21 07:32

Pre-Run: 231.802.380.288 bytes beschikbaar
Post-Run: 232.363.200.512 bytes beschikbaar

- - End Of File - - 6DA8505868F1E7DAEA75268539C79A6C

Edited by mvj0901, 21 January 2011 - 03:25 AM.

There's no evidence of anything there. Are you still getting any symptoms from this Spyware Protection program?

Unfortunately I still have symptoms. As I described in my first post, McAfee real time scanning module was turned off, and when I try to turn it on, it is turning itself off. Yesterday, before I started Combofix it was still off, but then I got a message McAfee was updated, and real time scanning was on for a while. But now it is off again (and when I try to turn it on, after a few seconds it turns itself off). I did manage to turn on Windows defender.

Apart from the McAfee issue my computer seems to work fine.

I did notice, when I was searching for a file on my computer, that there was a program called 'reset keymapper' on my computer, located in the DosBoxV0.74 folder. Don't know if it is part of the program, but I have never seen it before.

And I got a message that a program blocked by McAfee is trying to access internet (C:\windows\system32\netsh.exe). (Isn't it weird that I get these messages since real time scanning seems to be turned off??)

I hope this is of any help.

Thank you again for helping me, I appreciate it!

The netsh.exe program is legitimate which leads me to McAfee scanning it as a false positive. The errors from McAfee don't sound like malware and as there are only issues left which relate to the program please reinstall McAfee to see if that solves the problems. Let me know.

I did notice, when I was searching for a file on my computer, that there was a program called 'reset keymapper' on my computer, located in the DosBoxV0.74 folder. Don't know if it is part of the program, but I have never seen it before.

This is related to a gaming. Here's the link to the research I had to do on that one.

Thank you for looking that up!
I still have problems with McAfee. The real time scanning is turned off. When I update McAfee, it is on. But when I restart my computer RT scanning is off again.
But if you say it is not malware, maybe it would be better to contact McAfee helpdesk for that?
Do you have an advice for another good antivirus scanner? I will probably replace McAfee when my license has ended

Thank you again for helping me!

I'm no expert on McAfee so maybe the help desk can take a look at that for you in case it's just a setting.

I will hold the topic for five days for you to let me know how that goes. You are clean but you do need to come back for a final clear up.

I've contacted McAfee Helpdesk, removed other antivirus programs and reinstalled the software again, and now McAfee seems to be running OK. I hope that's solved.
So I am ready for the final clear up I guess.
Thanks

Edited by mvj0901, 24 January 2011 - 06:18 PM.

Good news there.

You're clean. Good stuff!

Let's do some clearing up

Uninstall ComboFix

Remove Combofix now that we're done with it.

• Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  (For Vista/Windows 7 please click Start -> All Programs -> Accessories -> Run)
• Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between "Combofix" and "/")
• Please follow the prompts to uninstall Combofix.
• You will then receive a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

This will uninstall Combofix and anything associated with it.


We Need to Clean Up our Mess
Download and Run OTC

We will now remove the tools we used during this fix using OTC.

• Download OTC by OldTimer and save it to your desktop.
• Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
• Then Click the big button.
• You will get a prompt saying "Being Cleanup Process". Please select Yes.
• Restart your computer when prompted.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.
------------------------------------------------------------------------------------------------------------------------

Here's some advice on how you can keep your PC clean


Use and update your AntiVirus Software

You must have a good antivirus. There are plenty to choose from but I personally recommend the free options of Avast and Avira Antivir. If you want to purchase a security program then I recommend any of the following: AVG, Norton, McAfee, Kaspersky and ESET Nod32.

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

Use this next program to check for updates for programs already on your system. Download Security Check by screen317 from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically, make sure that updates on any that are flagged are carried out as soon as possible

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Installing this or another recommended program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.


Finally, here's a treasure trove of antivirus, antimalware and antispyware resources


That's it mvj0901, happy surfing!

Cheers.

m0le

Thanks a lot for your help M0le. I appreciate it very much!!!

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.