Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Malware or Virus?


  • This topic is locked This topic is locked
28 replies to this topic

#1 byte007

byte007

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 27 May 2011 - 07:27 PM

Greetings to you at Bleeping Computer!

My son's laptop has been running slow and has the following symptoms:
1. When you do a Windows Vista Search, the initial search results show in the left pane. When you then click 'Search Everywhere' it trys to search for:
127.0.0.1:4664/search?q=bb&flags=68&s=KOSRChK7Xp_EyVwclwoSS5ciF_4 and a box says: 'Oops! Google Chrome could not connect to 127.0.0.1:4664'.

2. My son says he gets a BSOD about once a month.


Please note that Windows update has been kept up to Date, McAfee AntiVirus Plus has been kept up to date.

What I have done so far:

5-22-11 I ran a McAfee full system scan - 0 files detected.
5-22-11 I ran a Malwarebytes Quick Scan - see attached log.
5-23-11 I ran a Malwarebytes FULL Scan - see attached log.
5-25-11 I ran Stinger (McAfee) - RESULTS:
C:\Windows\System32\Macromed\Flash\uninstall_activeX.exe found the FakeAlert!fakealert-REP trojan !!!
C:\Windows\System32\Macromed\Flash\uninstall_activeX.exe is infected with the
FakeAlert!fakealert-REP virus !!!
C:\Windows\System32\Macromed\Flash\uninstall_activeX.exe could not be repaired.
Number of clean files: 407826
Number of infected files: 1

5-26-11 I ran Housecall (Trend Micro) scan - results:
FILE THREAT TYPE ACTION
count(1).htm Expl ShellCodeSM Other Fixed
73769d5f-37~ JAVA DLOADR.DM Trojan Fixed


I recently purchased a larger hard drive for my son's laptop. We are planning on cloning his current drive onto the new drive. Before we do this we want to be sure that his current drive is clean and that we do not transfer problems to the new drive.




DDS LOG:
.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_21
Run by Michael at 14:06:01 on 2011-05-27
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1981.979 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Softex\OmniPass\OmniServ.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\o2flash.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\RioMSC.exe
C:\Program Files\SafeConnect\scManager.sys
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Tablet.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Tablet.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Softex\OmniPass\opvapp.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\Fujitsu\fjdvrupd\updatenv.exe
C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\SafeConnect\scClient.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Windows Media Player\wmplayer.exe
c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Windows\System32\mobsync.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Michael\Desktop\dds.scr
C:\Windows\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.computers.us.fujitsu.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\ie\4.4\dealioToolbarIE.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\ie\4.4\dealioToolbarIE.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: PodcastBHO Class: {65134fdf-f8a5-4b3d-91d9-cdf273cfd578} - c:\program files\common files\doubletwist\IEPodcastPlugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101114201018.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\supertoolbar\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\supertoolbar\GenericAskToolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\ie\4.4\dealioToolbarIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {00000000-0000-0000-0000-000000000000} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [<NO NAME>]
uRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [Google Update] "c:\users\michael\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [IndicatorUtility] c:\program files\fujitsu\fujitsu hotkey utility\IndicatorUty.exe
mRun: [LoadFUJ02E3] c:\program files\fujitsu\fuj02e3\FUJ02E3.exe
mRun: [LoadFujitsuQuickTouch] c:\program files\fujitsu\application panel\QuickTouch.exe
mRun: [LoadBtnHnd] c:\program files\fujitsu\btnhnd\BtnHnd.exe
mRun: [SSUtility] c:\program files\fujitsu\ssutility\FJSSDMN.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [ATSwpNav] "c:\program files\fingerprint sensor\ATSwpNav" -run
mRun: [OmniPass] c:\program files\softex\omnipass\scureapp.exe
mRun: [FJUPDNV_Chitose] c:\program files\fujitsu\fjdvrupd\updatenv.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [EEventManager] c:\program files\epson\creativity suite\event manager\EEventManager.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [<NO NAME>]
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\michael\appdata\roaming\micros~1\windows\startm~1\programs\startup\ccc.lnk - c:\program files\ati technologies\ati.ace\core-static\CCC.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\cleana~1.lnk - c:\program files\cisco systems\clean access agent\CCAAgentLauncher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\safeco~1.lnk - c:\program files\safeconnect\scClient.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
mASetup: ccc-core-static - msiexec /fums {9FB9E409-423F-8B24-BF0D-1172F67EFA2F} /qb
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\michael\appdata\roaming\mozilla\firefox\profiles\nawn8weg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=<html><head><META http-equiv='refresh' content='1;URL=https://secure-tin.resnet.nau.edu/auth/perfigo&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://karoyence.deviantart.com/
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=<html><head><META http-equiv='refresh' content='1;URL=https://secure-tin.resnet.nau.edu/auth/perfigo&tid={3AAB2482-2F4C-A177-F784-B83D9DD119A5}&q=
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=524517&p=
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=524517&p=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\common files\doubletwist\NPPodcast.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\gametap\bin\release\npgametaptool.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\michael\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Rikaichan: {0AA9101C-D3C1-4129-A9B7-D778C6A17F82} - %profile%\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Japanese-English Dictionary for rikaichan: {6D898772-AD34-4c16-86BB-9DE787A5DEA0} - %profile%\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}
FF - Ext: My Web Tattoo (Fast Browser Search): {C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB} - %profile%\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor
.
============= SERVICES / DRIVERS ===============
.
R0 FBIOSDRV;FBIOSDRV;c:\windows\system32\drivers\FBIOSDRV.SYS [2007-5-11 8960]
R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\drivers\FJGSDisk.sys [2007-5-11 10368]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-5-31 386840]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-10-3 36640]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2006-10-12 33152]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-9-12 64304]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-9-12 164840]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2010-3-9 6656]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-9-12 55840]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2007-5-11 5632]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-9-12 152960]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-9-12 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-9-12 313288]
S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [2008-8-14 3872]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-9-12 84264]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-10-24 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-10-24 40552]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-12-2 25600]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\drivers\smscirda.sys [2006-11-2 30720]
.
=============== Created Last 30 ================
.
2011-05-23 02:53:19 -------- d-----w- c:\users\michael\appdata\roaming\Malwarebytes
2011-05-23 02:52:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-23 02:52:58 -------- d-----w- c:\programdata\Malwarebytes
2011-05-23 02:52:54 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-23 02:52:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-22 20:31:45 -------- d-----w- c:\users\michael\appdata\local\MakeDisc
2011-05-20 04:51:33 -------- d-----w- c:\users\michael\appdata\roaming\Auslogics
2011-05-18 21:46:19 -------- d-----w- c:\program files\Dealio Toolbar
2011-05-18 21:46:19 -------- d-----w- c:\program files\Application Updater
2011-05-14 21:47:12 -------- d-----w- c:\users\michael\appdata\local\{8B3CB555-971C-469C-AD71-916C8C3A922A}
2011-05-11 15:54:47 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-05-06 19:45:14 -------- d-----w- c:\users\michael\appdata\local\{A8FC2726-CAC1-45C3-AEAD-1DFA19C4FAC9}
2011-04-29 21:45:18 -------- d-----w- c:\users\michael\appdata\local\{5E968C5E-ED42-463B-B8F7-0285F5B3A9B5}
2011-04-28 00:45:36 -------- d-----w- c:\users\michael\appdata\local\{B18A3E9E-33B2-49AC-9894-18AF05BCC60C}
.
==================== Find3M ====================
.
2011-05-25 09:52:06 44544 ----a-w- c:\windows\system32\agremove.exe
2011-03-12 21:55:52 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-10 17:03:51 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03:51 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42:03 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40:13 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-03-03 15:40:07 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40:05 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40:05 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:35:36 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-03-03 13:25:11 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44:27 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
.
============= FINISH: 14:07:53.34 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,949 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:29 AM

Posted 07 June 2011 - 06:40 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks and again sorry for the delay.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 byte007

byte007
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 08 June 2011 - 09:34 PM

Thank you for your reply, I'm sure you are all being kept busy.
I have run a new DDS log and GMER log as you requested. I wasn't certain if you wanted the "Attach" log from DDS Log
But I zipped it and attached it just in case you wanted to see it.
Here is the DDS Log:
.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_21
Run by Michael at 16:49:25 on 2011-06-08
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1981.877 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Softex\OmniPass\OmniServ.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\system32\o2flash.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\RioMSC.exe
C:\Windows\System32\rpcnetp.exe
C:\Program Files\SafeConnect\scManager.sys
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Tablet.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\TabUserW.exe
C:\Windows\system32\Tablet.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Softex\OmniPass\opvapp.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\Fujitsu\fjdvrupd\updatenv.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\SafeConnect\scClient.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Michael\Desktop\dds.scr
C:\Windows\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.computers.us.fujitsu.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\ie\4.4\dealioToolbarIE.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\ie\4.4\dealioToolbarIE.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: PodcastBHO Class: {65134fdf-f8a5-4b3d-91d9-cdf273cfd578} - c:\program files\common files\doubletwist\IEPodcastPlugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110608021630.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\supertoolbar\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\supertoolbar\GenericAskToolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\ie\4.4\dealioToolbarIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {00000000-0000-0000-0000-000000000000} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [<NO NAME>]
uRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [Google Update] "c:\users\michael\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [IndicatorUtility] c:\program files\fujitsu\fujitsu hotkey utility\IndicatorUty.exe
mRun: [LoadFUJ02E3] c:\program files\fujitsu\fuj02e3\FUJ02E3.exe
mRun: [LoadFujitsuQuickTouch] c:\program files\fujitsu\application panel\QuickTouch.exe
mRun: [LoadBtnHnd] c:\program files\fujitsu\btnhnd\BtnHnd.exe
mRun: [SSUtility] c:\program files\fujitsu\ssutility\FJSSDMN.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [ATSwpNav] "c:\program files\fingerprint sensor\ATSwpNav" -run
mRun: [OmniPass] c:\program files\softex\omnipass\scureapp.exe
mRun: [FJUPDNV_Chitose] c:\program files\fujitsu\fjdvrupd\updatenv.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [EEventManager] c:\program files\epson\creativity suite\event manager\EEventManager.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [<NO NAME>]
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\michael\appdata\roaming\micros~1\windows\startm~1\programs\startup\ccc.lnk - c:\program files\ati technologies\ati.ace\core-static\CCC.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\cleana~1.lnk - c:\program files\cisco systems\clean access agent\CCAAgentLauncher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\safeco~1.lnk - c:\program files\safeconnect\scClient.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
mASetup: ccc-core-static - msiexec /fums {9FB9E409-423F-8B24-BF0D-1172F67EFA2F} /qb
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\michael\appdata\roaming\mozilla\firefox\profiles\nawn8weg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=<html><head><META http-equiv='refresh' content='1;URL=https://secure-tin.resnet.nau.edu/auth/perfigo&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://karoyence.deviantart.com/
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=<html><head><META http-equiv='refresh' content='1;URL=https://secure-tin.resnet.nau.edu/auth/perfigo&tid={3AAB2482-2F4C-A177-F784-B83D9DD119A5}&q=
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=524517&p=
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=524517&p=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\common files\doubletwist\NPPodcast.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\gametap\bin\release\npgametaptool.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\michael\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Rikaichan: {0AA9101C-D3C1-4129-A9B7-D778C6A17F82} - %profile%\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Japanese-English Dictionary for rikaichan: {6D898772-AD34-4c16-86BB-9DE787A5DEA0} - %profile%\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}
FF - Ext: My Web Tattoo (Fast Browser Search): {C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB} - %profile%\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor
.
============= SERVICES / DRIVERS ===============
.
R0 FBIOSDRV;FBIOSDRV;c:\windows\system32\drivers\FBIOSDRV.SYS [2007-5-11 8960]
R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\drivers\FJGSDisk.sys [2007-5-11 10368]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-5-31 459728]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-10-3 36640]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2006-10-12 33152]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-9-12 64648]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-9-12 163400]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2011-5-6 393112]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-16 21504]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2010-3-9 6656]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-12 214904]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-12 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-12 214904]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-12 214904]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-9-12 165000]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-9-12 159832]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-9-12 148520]
R2 SCManager;SafeConnect Manager;c:\program files\safeconnect\scmanager.sys servicestart --> c:\program files\safeconnect\scManager.sys servicestart [?]
R2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\fujitsu\fjdvrupd\updnvsrv.exe [2007-1-27 11776]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-2-15 24652]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-9-12 57432]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2007-5-11 5632]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-9-12 179248]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-9-12 337912]
R3 WISDPen;Wacom Penabled MiniDriver;c:\windows\system32\drivers\wisdpen.sys [2007-5-11 34736]
RUnknown rpcnetp;rpcnetp; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9a39cc5cdf2be;Google Update Service (gupdate1c9a39cc5cdf2be);c:\program files\google\update\GoogleUpdate.exe [2009-3-12 133104]
S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [2008-8-14 3872]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-5-11 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-3-12 133104]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-9-12 59288]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-9-12 85984]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-10-24 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-10-24 40552]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-12-2 25600]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\drivers\smscirda.sys [2006-11-2 30720]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 wtpfiltr;wtpfiltr;c:\windows\system32\drivers\wtpfiltr.sys [2007-5-11 7680]
.
=============== Created Last 30 ================
.
2011-06-08 23:42:10 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2011-06-08 23:41:38 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2011-06-08 09:16:30 24376 ----a-w- c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll
2011-05-23 02:53:19 -------- d-----w- c:\users\michael\appdata\roaming\Malwarebytes
2011-05-23 02:52:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-23 02:52:58 -------- d-----w- c:\programdata\Malwarebytes
2011-05-23 02:52:54 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-23 02:52:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-22 20:31:45 -------- d-----w- c:\users\michael\appdata\local\MakeDisc
2011-05-20 04:51:33 -------- d-----w- c:\users\michael\appdata\roaming\Auslogics
2011-05-18 21:46:19 -------- d-----w- c:\program files\Dealio Toolbar
2011-05-18 21:46:19 -------- d-----w- c:\program files\Application Updater
2011-05-14 21:47:12 -------- d-----w- c:\users\michael\appdata\local\{8B3CB555-971C-469C-AD71-916C8C3A922A}
2011-05-11 15:54:47 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
.
==================== Find3M ====================
.
2011-06-08 09:12:26 44544 ----a-w- c:\windows\system32\agremove.exe
2011-03-13 18:20:10 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-03-13 18:20:10 85984 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-03-13 18:20:10 64648 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-03-13 18:20:10 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-03-13 18:20:10 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-03-13 18:20:10 459728 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-03-13 18:20:10 337912 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-03-13 18:20:10 179248 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-03-13 18:20:10 163400 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-03-13 18:20:10 118784 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-03-12 21:55:52 876032 ----a-w- c:\windows\system32\XpsPrint.dll
.
============= FINISH: 16:56:32.66 ===============

Attached Files



#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:29 AM

Posted 10 June 2011 - 01:59 PM

Hi

Please do the following:


Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

NEXT

Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.


    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 byte007

byte007
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 10 June 2011 - 04:40 PM

Hello CatByte ! Thank you for your reply. I have run TDSSKiller and ComboFix as you have instructed.
Thank you in advance for your time and your help!
Here are the Logs:
TDSSKiller Log:
2011/06/10 13:15:52.0053 3832 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/10 13:15:54.0056 3832 ================================================================================
2011/06/10 13:15:54.0056 3832 SystemInfo:
2011/06/10 13:15:54.0056 3832
2011/06/10 13:15:54.0056 3832 OS Version: 6.0.6002 ServicePack: 2.0
2011/06/10 13:15:54.0056 3832 Product type: Workstation
2011/06/10 13:15:54.0056 3832 ComputerName: MICHAEL-PC
2011/06/10 13:15:54.0057 3832 UserName: Michael
2011/06/10 13:15:54.0057 3832 Windows directory: C:\Windows
2011/06/10 13:15:54.0058 3832 System windows directory: C:\Windows
2011/06/10 13:15:54.0058 3832 Processor architecture: Intel x86
2011/06/10 13:15:54.0058 3832 Number of processors: 2
2011/06/10 13:15:54.0058 3832 Page size: 0x1000
2011/06/10 13:15:54.0058 3832 Boot type: Normal boot
2011/06/10 13:15:54.0058 3832 ================================================================================
2011/06/10 13:16:14.0604 3832 Initialize success
2011/06/10 13:16:34.0672 6340 ================================================================================
2011/06/10 13:16:34.0672 6340 Scan started
2011/06/10 13:16:34.0673 6340 Mode: Manual;
2011/06/10 13:16:34.0673 6340 ================================================================================
2011/06/10 13:16:36.0951 6340 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/06/10 13:16:38.0613 6340 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/06/10 13:16:39.0819 6340 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/06/10 13:16:42.0158 6340 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/06/10 13:16:42.0800 6340 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/06/10 13:16:43.0559 6340 ADVNTDRV (e341a95c1329e272782b2baecc64316a) C:\Windows\System32\drivers\ADVNTDRV.SYS
2011/06/10 13:16:44.0967 6340 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/06/10 13:16:46.0674 6340 AgereSoftModem (2e3abaacbf547abbb5e73a504a56d05a) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/06/10 13:16:47.0735 6340 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/06/10 13:16:48.0795 6340 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/06/10 13:16:49.0836 6340 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/06/10 13:16:50.0150 6340 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/06/10 13:16:50.0555 6340 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/06/10 13:16:51.0389 6340 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/06/10 13:16:52.0553 6340 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/06/10 13:16:53.0832 6340 ApfiltrService (7c2f57bce81fa74933f0e1c84a97c9db) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/06/10 13:16:55.0097 6340 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/06/10 13:16:55.0908 6340 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/06/10 13:16:56.0887 6340 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/10 13:16:57.0552 6340 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/06/10 13:16:58.0103 6340 athr (2846f5ee802889d500fcf5cc48b28381) C:\Windows\system32\DRIVERS\athr.sys
2011/06/10 13:16:59.0123 6340 AtiPcie (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/06/10 13:16:59.0548 6340 ATSWPDRV (4c42e4697f3a4ea0cd73a85116d7af7f) C:\Windows\system32\DRIVERS\ATSwpDrv.sys
2011/06/10 13:17:01.0081 6340 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/06/10 13:17:02.0976 6340 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/10 13:17:04.0131 6340 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/10 13:17:05.0343 6340 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/06/10 13:17:06.0437 6340 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/06/10 13:17:07.0800 6340 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/06/10 13:17:08.0567 6340 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/10 13:17:09.0240 6340 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/06/10 13:17:10.0148 6340 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/06/10 13:17:11.0288 6340 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/10 13:17:11.0670 6340 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/10 13:17:12.0738 6340 cfwids (ecaf4a51580244fef1aa32cb984f13bf) C:\Windows\system32\drivers\cfwids.sys
2011/06/10 13:17:14.0425 6340 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
2011/06/10 13:17:15.0259 6340 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/06/10 13:17:16.0024 6340 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/10 13:17:17.0344 6340 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/06/10 13:17:18.0085 6340 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/10 13:17:19.0261 6340 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/06/10 13:17:20.0179 6340 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/06/10 13:17:21.0123 6340 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/06/10 13:17:21.0750 6340 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/06/10 13:17:21.0916 6340 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/06/10 13:17:22.0851 6340 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/10 13:17:24.0290 6340 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/10 13:17:24.0682 6340 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/06/10 13:17:25.0120 6340 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/06/10 13:17:26.0160 6340 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/06/10 13:17:28.0286 6340 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/06/10 13:17:29.0788 6340 FBIOSDRV (f64b86a52fb20686954703a6f7a955d5) C:\Windows\system32\drivers\FBIOSDRV.SYS
2011/06/10 13:17:31.0234 6340 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/10 13:17:32.0185 6340 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/06/10 13:17:33.0469 6340 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/06/10 13:17:34.0196 6340 FJGSDisk (04895abdff069972eb2c56ccc31a0abf) C:\Windows\system32\DRIVERS\FJGSDisk.sys
2011/06/10 13:17:35.0751 6340 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/10 13:17:36.0074 6340 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/06/10 13:17:36.0365 6340 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/10 13:17:36.0643 6340 FUJ02B1 (49e588ac7d2b57f057756a91c6f36d25) C:\Windows\system32\DRIVERS\FUJ02B1.sys
2011/06/10 13:17:37.0109 6340 FUJ02E3 (d45474a7e5e2f35150c29a3193747884) C:\Windows\system32\DRIVERS\FUJ02E3.sys
2011/06/10 13:17:37.0682 6340 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/10 13:17:37.0831 6340 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/06/10 13:17:38.0268 6340 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/06/10 13:17:38.0532 6340 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/10 13:17:38.0787 6340 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/06/10 13:17:38.0847 6340 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
2011/06/10 13:17:38.0955 6340 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/10 13:17:39.0141 6340 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/06/10 13:17:39.0314 6340 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/06/10 13:17:39.0552 6340 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/06/10 13:17:40.0100 6340 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/10 13:17:40.0617 6340 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/06/10 13:17:41.0006 6340 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/06/10 13:17:41.0400 6340 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/06/10 13:17:41.0999 6340 IntcAzAudAddService (0789485ffae865458e0f079dcbf4fcd2) C:\Windows\system32\drivers\RTKVHDA.sys
2011/06/10 13:17:42.0358 6340 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/06/10 13:17:42.0419 6340 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/10 13:17:42.0562 6340 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/10 13:17:43.0133 6340 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/10 13:17:43.0556 6340 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/10 13:17:44.0006 6340 iPodDrv (cf79ff3d10864f73660a34e006b6b8f8) C:\Windows\system32\drivers\iPodDrv.sys
2011/06/10 13:17:44.0419 6340 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
2011/06/10 13:17:44.0621 6340 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/06/10 13:17:44.0945 6340 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/06/10 13:17:45.0369 6340 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/10 13:17:45.0504 6340 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/06/10 13:17:45.0785 6340 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/06/10 13:17:45.0857 6340 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/10 13:17:46.0064 6340 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/10 13:17:46.0210 6340 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/10 13:17:46.0546 6340 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/10 13:17:46.0870 6340 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/10 13:17:46.0987 6340 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/10 13:17:47.0054 6340 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/10 13:17:47.0145 6340 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/06/10 13:17:47.0519 6340 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/06/10 13:17:47.0736 6340 mfeapfk (688b626fca708ee9eb161cad1f7363a9) C:\Windows\system32\drivers\mfeapfk.sys
2011/06/10 13:17:48.0087 6340 mfeavfk (693a8d924b640223974e0a88f2baf0f4) C:\Windows\system32\drivers\mfeavfk.sys
2011/06/10 13:17:48.0509 6340 mfebopk (52c40d19873528bd15823c969d3ad227) C:\Windows\system32\drivers\mfebopk.sys
2011/06/10 13:17:48.0995 6340 mfefirek (e37b98d49df546f4059483d49e349a53) C:\Windows\system32\drivers\mfefirek.sys
2011/06/10 13:17:49.0539 6340 mfehidk (44184f32392fa2e94d08d056ce750d56) C:\Windows\system32\drivers\mfehidk.sys
2011/06/10 13:17:49.0996 6340 mfenlfk (aedda57376e051e8e152b72d2df5387c) C:\Windows\system32\DRIVERS\mfenlfk.sys
2011/06/10 13:17:50.0352 6340 mferkdet (5f5313bfd1e73233885a26ab77488f6f) C:\Windows\system32\drivers\mferkdet.sys
2011/06/10 13:17:50.0700 6340 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\Windows\system32\drivers\mferkdk.sys
2011/06/10 13:17:51.0068 6340 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\Windows\system32\drivers\mfesmfk.sys
2011/06/10 13:17:51.0622 6340 mfewfpk (547c95b8a73fd111b0d7af7c0f6736a3) C:\Windows\system32\drivers\mfewfpk.sys
2011/06/10 13:17:52.0073 6340 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/06/10 13:17:52.0179 6340 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/10 13:17:52.0346 6340 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/10 13:17:52.0611 6340 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/10 13:17:52.0780 6340 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/06/10 13:17:52.0904 6340 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/06/10 13:17:53.0144 6340 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/10 13:17:53.0405 6340 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/06/10 13:17:53.0590 6340 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/06/10 13:17:53.0818 6340 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/10 13:17:54.0607 6340 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/10 13:17:55.0511 6340 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/10 13:17:56.0030 6340 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/06/10 13:17:56.0125 6340 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/06/10 13:17:56.0302 6340 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/06/10 13:17:56.0427 6340 MSHUSBVideo (956741c67abaa78b19aadc5474936842) C:\Windows\system32\Drivers\nx6000.sys
2011/06/10 13:17:56.0652 6340 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/06/10 13:17:56.0908 6340 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/10 13:17:57.0126 6340 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/10 13:17:57.0181 6340 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/06/10 13:17:57.0694 6340 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/06/10 13:17:58.0106 6340 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/10 13:17:58.0572 6340 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/06/10 13:17:58.0833 6340 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/06/10 13:17:59.0113 6340 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/10 13:17:59.0564 6340 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/06/10 13:17:59.0968 6340 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/10 13:18:00.0027 6340 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/10 13:18:00.0192 6340 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/10 13:18:00.0293 6340 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/06/10 13:18:00.0345 6340 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/10 13:18:00.0414 6340 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/10 13:18:01.0179 6340 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/06/10 13:18:02.0471 6340 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/06/10 13:18:03.0281 6340 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/10 13:18:04.0141 6340 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/06/10 13:18:05.0209 6340 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/06/10 13:18:06.0249 6340 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/06/10 13:18:07.0072 6340 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/06/10 13:18:08.0195 6340 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/06/10 13:18:08.0979 6340 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/06/10 13:18:11.0151 6340 O2MDRDR (f4aa04f7ba01d54b31f14841386cc60b) C:\Windows\system32\DRIVERS\o2media.sys
2011/06/10 13:18:12.0049 6340 O2SDRDR (bfd27594e1ff49ddff3c23dae246ad44) C:\Windows\system32\DRIVERS\o2sd.sys
2011/06/10 13:18:12.0953 6340 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/10 13:18:14.0410 6340 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\DRIVERS\parport.sys
2011/06/10 13:18:15.0196 6340 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/06/10 13:18:16.0011 6340 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\DRIVERS\parvdm.sys
2011/06/10 13:18:16.0853 6340 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/06/10 13:18:17.0682 6340 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/06/10 13:18:18.0019 6340 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/06/10 13:18:18.0997 6340 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/06/10 13:18:20.0649 6340 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/10 13:18:21.0228 6340 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/06/10 13:18:22.0243 6340 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/10 13:18:23.0028 6340 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
2011/06/10 13:18:24.0022 6340 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/06/10 13:18:24.0806 6340 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/06/10 13:18:25.0039 6340 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/10 13:18:25.0524 6340 R300 (15b131177ec8a6dd6cbec2c124712ee4) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/06/10 13:18:26.0090 6340 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/10 13:18:26.0456 6340 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/10 13:18:26.0622 6340 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/10 13:18:26.0825 6340 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/10 13:18:26.0965 6340 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/10 13:18:27.0131 6340 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/10 13:18:27.0227 6340 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/06/10 13:18:27.0426 6340 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/10 13:18:27.0611 6340 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/06/10 13:18:27.0888 6340 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/10 13:18:27.0986 6340 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/06/10 13:18:28.0470 6340 sdbus (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys
2011/06/10 13:18:28.0764 6340 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/10 13:18:29.0036 6340 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
2011/06/10 13:18:29.0178 6340 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys
2011/06/10 13:18:29.0626 6340 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/06/10 13:18:30.0029 6340 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/06/10 13:18:30.0241 6340 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/10 13:18:30.0494 6340 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/10 13:18:30.0767 6340 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/06/10 13:18:30.0957 6340 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/06/10 13:18:31.0011 6340 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/06/10 13:18:31.0067 6340 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/06/10 13:18:31.0475 6340 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/06/10 13:18:31.0925 6340 SMSCIRDA (12b62474e707a26d662232c54a4ef322) C:\Windows\system32\DRIVERS\SMSCirda.sys
2011/06/10 13:18:32.0091 6340 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/06/10 13:18:32.0291 6340 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/06/10 13:18:32.0934 6340 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/10 13:18:33.0454 6340 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/10 13:18:33.0959 6340 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/10 13:18:34.0369 6340 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/06/10 13:18:34.0614 6340 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/06/10 13:18:34.0947 6340 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/06/10 13:18:35.0351 6340 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/06/10 13:18:36.0213 6340 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/10 13:18:36.0720 6340 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/10 13:18:37.0086 6340 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/06/10 13:18:37.0197 6340 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/06/10 13:18:37.0528 6340 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/10 13:18:38.0087 6340 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/10 13:18:38.0648 6340 tosporte (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\Windows\system32\DRIVERS\tosporte.sys
2011/06/10 13:18:39.0133 6340 tosrfbd (eaeddb6c8bbe3e1b753753c2e847fecb) C:\Windows\system32\DRIVERS\tosrfbd.sys
2011/06/10 13:18:39.0566 6340 tosrfbnp (90c8525bc578aaffe87c2d0ed4379e9e) C:\Windows\system32\Drivers\tosrfbnp.sys
2011/06/10 13:18:39.0857 6340 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\Windows\system32\Drivers\tosrfcom.sys
2011/06/10 13:18:40.0086 6340 Tosrfhid (410aa85d04cfe697a2c3368286ddd128) C:\Windows\system32\DRIVERS\Tosrfhid.sys
2011/06/10 13:18:40.0561 6340 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\Windows\system32\DRIVERS\tosrfnds.sys
2011/06/10 13:18:40.0905 6340 tosrfusb (d20ec88e60b78578d7ebcf4201f426d4) C:\Windows\system32\DRIVERS\tosrfusb.sys
2011/06/10 13:18:41.0684 6340 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/10 13:18:41.0781 6340 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/06/10 13:18:41.0894 6340 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/10 13:18:41.0969 6340 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/06/10 13:18:42.0042 6340 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/10 13:18:42.0184 6340 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/10 13:18:42.0255 6340 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/06/10 13:18:42.0298 6340 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/06/10 13:18:42.0340 6340 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/06/10 13:18:42.0468 6340 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/10 13:18:42.0570 6340 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys
2011/06/10 13:18:42.0801 6340 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/06/10 13:18:42.0866 6340 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/10 13:18:42.0994 6340 usbcir (47b9770ea21436de4ad5aea7926e0900) C:\Windows\system32\DRIVERS\usbcir.sys
2011/06/10 13:18:43.0087 6340 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/10 13:18:43.0132 6340 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/10 13:18:43.0257 6340 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/06/10 13:18:43.0340 6340 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/10 13:18:43.0452 6340 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/06/10 13:18:43.0569 6340 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/10 13:18:43.0644 6340 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/10 13:18:43.0796 6340 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/06/10 13:18:43.0905 6340 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/10 13:18:43.0974 6340 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/06/10 13:18:44.0083 6340 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/06/10 13:18:44.0204 6340 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/06/10 13:18:44.0258 6340 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/06/10 13:18:44.0390 6340 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/06/10 13:18:44.0491 6340 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/06/10 13:18:44.0569 6340 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/06/10 13:18:44.0694 6340 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/06/10 13:18:44.0787 6340 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/06/10 13:18:44.0849 6340 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/10 13:18:44.0892 6340 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/10 13:18:45.0010 6340 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/06/10 13:18:45.0138 6340 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/10 13:18:45.0338 6340 WISDPen (dc2111b884ac9e942939e70869511526) C:\Windows\system32\DRIVERS\wisdpen.sys
2011/06/10 13:18:45.0520 6340 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/06/10 13:18:45.0643 6340 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/10 13:18:45.0776 6340 wtpfiltr (2a456c4791e405cd810ab2219ff8b070) C:\Windows\system32\drivers\wtpfiltr.sys
2011/06/10 13:18:45.0986 6340 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/10 13:18:46.0167 6340 xnacc (69d5c58a3a03f86196db66ee95435652) C:\Windows\system32\DRIVERS\xnacc.sys
2011/06/10 13:18:46.0329 6340 xusb21 (f5e5f944e63a9b5f6e76c2ebb2ac462f) C:\Windows\system32\DRIVERS\xusb21.sys
2011/06/10 13:18:46.0597 6340 yukonwlh (64b7c777b88d3ad5a3553bafd66f9cae) C:\Windows\system32\DRIVERS\yk60x86.sys
2011/06/10 13:18:46.0925 6340 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/06/10 13:18:46.0980 6340 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
2011/06/10 13:18:47.0035 6340 ================================================================================
2011/06/10 13:18:47.0035 6340 Scan finished
2011/06/10 13:18:47.0035 6340 ================================================================================
2011/06/10 13:18:47.0065 3016 Detected object count: 0
2011/06/10 13:18:47.0066 3016 Actual detected object count: 0


And here is the ComboFix Log:
ComboFix 11-06-10.08 - Michael 06/10/2011 13:39:01.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1981.579 [GMT -7:00]
Running from: c:\users\Michael\Desktop\Bleeping Computer Files\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\FF\chrome.manifest
c:\program files\Dealio Toolbar\FF\chrome\content\chevron.js
c:\program files\Dealio Toolbar\FF\chrome\content\chevron.xul
c:\program files\Dealio Toolbar\FF\chrome\content\login.js
c:\program files\Dealio Toolbar\FF\chrome\content\login.xul
c:\program files\Dealio Toolbar\FF\chrome\content\parser.js
c:\program files\Dealio Toolbar\FF\chrome\content\RssTickerWidget.js
c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.js
c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.xul
c:\program files\Dealio Toolbar\FF\chrome\content\utils.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgichevron.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgicomm.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgihandling.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgilisteners.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.xul
c:\program files\Dealio Toolbar\FF\chrome\content\widgiui.js
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\searchbox.dtd
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\yahoo-search.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\amazon.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\apple.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\barnes.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\bestbuy.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\chevron.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\ebay.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\icon_settings.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\macys.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\newegg.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\overstock.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-button-hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-button.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron-hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_amazon.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_dealio.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_ebay.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_yahoo.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\searchbox.css
c:\program files\Dealio Toolbar\FF\chrome\skin\splitter.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\target.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\walmart.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\widgitoolbarplugin.css
c:\program files\Dealio Toolbar\FF\install.rdf
c:\program files\Dealio Toolbar\IE\4.4\config.ini
c:\program files\Dealio Toolbar\IE\4.4\dealioToolbarIE.dll
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\program files\Dealio Toolbar\WidgiHelper.exe
c:\program files\Mozilla Firefox\extensions\dealio@mybrowserbar.com
c:\programdata\AV1
c:\users\Michael\videos\vlc-1.0.1-win32.exe
.
c:\windows\system32\userinit.exe . . . is infected!!
.
Infected copy of c:\windows\System32\autochk.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-05-10 to 2011-06-10 )))))))))))))))))))))))))))))))
.
.
2011-06-10 20:53 . 2011-06-10 20:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-10 20:53 . 2011-06-10 20:53 -------- d-----w- c:\users\Tony\AppData\Local\temp
2011-06-10 20:53 . 2011-06-10 20:53 -------- d-----w- c:\users\Parents\AppData\Local\temp
2011-06-08 09:16 . 2011-03-13 18:42 24376 ----a-w- c:\program files\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll
2011-05-23 02:53 . 2011-05-23 02:53 -------- d-----w- c:\users\Michael\AppData\Roaming\Malwarebytes
2011-05-23 02:52 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-23 02:52 . 2011-05-23 02:52 -------- d-----w- c:\programdata\Malwarebytes
2011-05-23 02:52 . 2011-05-23 02:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-23 02:52 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-22 20:31 . 2011-05-22 20:31 -------- d-----w- c:\users\Michael\AppData\Local\MakeDisc
2011-05-20 04:51 . 2011-05-20 04:51 -------- d-----w- c:\users\Michael\AppData\Roaming\Auslogics
2011-05-18 21:46 . 2011-05-18 21:46 -------- d-----w- c:\program files\Application Updater
2011-05-14 21:47 . 2011-05-14 21:47 -------- d-----w- c:\users\Michael\AppData\Local\{8B3CB555-971C-469C-AD71-916C8C3A922A}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-09 01:13 . 2010-08-16 22:56 44544 ----a-w- c:\windows\system32\agremove.exe
2011-04-26 05:02 . 2011-04-26 05:02 161792 ----a-w- c:\windows\system32\msls31.dll
2011-04-26 05:02 . 2011-04-26 05:02 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-04-26 05:02 . 2011-04-26 05:02 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-26 05:02 . 2011-04-26 05:02 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-26 05:02 . 2011-04-26 05:02 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-26 05:02 . 2011-04-26 05:02 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-26 05:02 . 2011-04-26 05:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-26 05:02 . 2011-04-26 05:02 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-26 05:02 . 2011-04-26 05:02 367104 ----a-w- c:\windows\system32\html.iec
2011-04-26 05:02 . 2011-04-26 05:02 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-26 05:02 . 2011-04-26 05:02 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-26 05:02 . 2011-04-26 05:02 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-26 05:02 . 2011-04-26 05:02 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-26 05:02 . 2011-04-26 05:02 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-26 05:02 . 2011-04-26 05:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-26 05:02 . 2011-04-26 05:02 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-26 05:02 . 2011-04-26 05:02 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-26 05:02 . 2011-04-26 05:02 101888 ----a-w- c:\windows\system32\admparse.dll
2011-04-26 05:02 . 2011-04-26 05:02 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-04-26 05:02 . 2011-04-26 05:02 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-04-26 05:02 . 2011-04-26 05:02 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-03-14 06:43 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-13 18:20 . 2010-09-12 19:20 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-03-13 18:20 . 2010-09-12 19:20 64648 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-03-13 18:20 . 2010-09-12 19:20 163400 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-03-13 18:20 . 2010-09-12 19:20 85984 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-03-13 18:20 . 2010-09-12 19:20 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-03-13 18:20 . 2010-09-12 19:20 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-03-13 18:20 . 2010-09-12 19:20 337912 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-03-13 18:20 . 2010-09-12 19:20 179248 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-03-13 18:20 . 2010-06-01 03:32 459728 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-03-13 18:20 . 2010-06-01 03:32 118784 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-03-12 21:55 . 2011-04-26 18:52 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2010-07-04 02:41 . 2008-08-15 02:00 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2010-10-14 05:28 . 2010-09-12 19:20 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2010-06-04 822384]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATSwpNav"="c:\program files\Fingerprint Sensor\ATSwpNav -run" [X]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-20 4018176]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-26 151552]
"IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2007-02-09 97072]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-11-17 80688]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2006-11-26 260912]
"LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2006-11-12 68400]
"SSUtility"="c:\program files\Fujitsu\SSUtility\FJSSDMN.exe" [2006-11-12 239144]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-14 52832]
"OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2007-01-25 2506752]
"FJUPDNV_Chitose"="c:\program files\Fujitsu\fjdvrupd\updatenv.exe" [2007-02-05 167936]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-05-02 1306216]
"EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2006-10-12 102400]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-05-07 532320]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]
.
c:\users\Parents\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
.
c:\users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
.
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-2-2 2756608]
Clean Access Agent.lnk - c:\program files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe [2007-12-7 28672]
SafeConnect.lnk - c:\program files\SafeConnect\scClient.exe [2009-3-31 297240]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-10-11 02:51 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\Reader_SL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2009-09-15 06:09 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 22:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-07-04 02:41 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-06-17 00:16 136176 ----atw- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\users\Michael\AppData\Roaming\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 22:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-01-27 00:05 15026056 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 18:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-03-13 05:29 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-01-29 07:26 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R0 omnipass;omnipass; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9a39cc5cdf2be;Google Update Service (gupdate1c9a39cc5cdf2be);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 133104]
R3 ADVNTDRV;ADVNTDRV;c:\windows\System32\drivers\ADVNTDRV.SYS [1999-11-18 3872]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-04 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 133104]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-03-13 85984]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-03 25600]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-11-02 30720]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 wtpfiltr;wtpfiltr;c:\windows\system32\drivers\wtpfiltr.sys [2006-12-06 7680]
S0 FBIOSDRV;FBIOSDRV;c:\windows\system32\drivers\FBIOSDRV.SYS [2006-08-28 8960]
S0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\DRIVERS\FJGSDisk.sys [2007-05-11 10368]
S0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2006-10-03 36640]
S0 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2006-10-12 33152]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-03-13 64648]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-03-13 163400]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2011-05-07 393112]
S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2010-03-10 6656]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-28 214904]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-28 214904]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 214904]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-03-13 159832]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-03-13 148520]
S2 SCManager;SafeConnect Manager;c:\program files\SafeConnect\scManager.sys servicestart [x]
S2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\Fujitsu\fjdvrupd\updnvsrv.exe [2007-01-27 11776]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-03-13 57432]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [2006-11-01 5632]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-03-13 337912]
S3 WISDPen;Wacom Penabled MiniDriver;c:\windows\system32\DRIVERS\wisdpen.sys [2007-01-22 34736]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 05:29]
.
2011-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 05:29]
.
2011-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2040697427-3994011182-4157529652-1000Core.job
- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-29 00:16]
.
2011-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2040697427-3994011182-4157529652-1000UA.job
- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-29 00:16]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\McAfee\MSC\McSnIePl.dll
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\nawn8weg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=<html><head><META http-equiv='refresh' content='1;URL=https://secure-tin.resnet.nau.edu/auth/perfigo&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://karoyence.deviantart.com/
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=<html><head><META http-equiv='refresh' content='1;URL=https://secure-tin.resnet.nau.edu/auth/perfigo&tid={3AAB2482-2F4C-A177-F784-B83D9DD119A5}&q=
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=524517&p=
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=524517&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Rikaichan: {0AA9101C-D3C1-4129-A9B7-D778C6A17F82} - %profile%\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Japanese-English Dictionary for rikaichan: {6D898772-AD34-4c16-86BB-9DE787A5DEA0} - %profile%\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}
FF - Ext: My Web Tattoo (Fast Browser Search): {C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB} - %profile%\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\Supertoolbar\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\Supertoolbar\GenericAskToolbar.dll
MSConfigStartUp-doubleTwist - c:\program files\doubleTwist 2.0\DoubleTwist.DeviceHelper.exe
HKLM_ActiveSetup-ccc-core-static - msiexec
AddRemove-doubleTwist - c:\program files\doubleTwist 2.0\uninst.exe
AddRemove-NSS - c:\program files\Norton Security Scan\Engine\2.7.3.34\InstWrap.exe
AddRemove-Trillian - c:\program files\Trillian\Trillian.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5588)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Softex\OmniPass\OmniServ.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\o2flash.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\RioMSC.exe
c:\program files\SafeConnect\scManager.sys
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\Tablet.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\system32\WTablet\TabUserW.exe
c:\windows\system32\Tablet.exe
c:\windows\system32\conime.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\WerCon.exe
.
**************************************************************************
.
Completion time: 2011-06-10 14:13:57 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-10 21:13
.
Pre-Run: 20,611,629,056 bytes free
Post-Run: 22,608,273,408 bytes free
.
- - End Of File - - 11BF30DF0B083458D31939C86E6B3EE5

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:29 AM

Posted 10 June 2011 - 05:01 PM

Hi

Please do the following:

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind
    *userinit*
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt



NEXT


  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

DirLook::
c:\users\Michael\AppData\Local\{8B3CB555-971C-469C-AD71-916C8C3A922A}

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 byte007

byte007
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 10 June 2011 - 08:58 PM

Here is the SystemLook log:
SystemLook 04.09.10 by jpshortstuff
Log created at 17:38 on 10/06/2011 by Michael
Administrator - Elevation successful

========== filefind ==========

Searching for "*userinit*"
C:\Qoobox\Quarantine\C\Windows\System32\userinit.exe.vir --a---- 25088 bytes [19:43 16/09/2008] [07:33 19/01/2008] 0E135526E9785D085BCD9AEDE6FBCBF9
C:\Windows\ERDNT\cache\userinit.exe --a---- 25088 bytes [21:10 10/06/2011] [07:33 19/01/2008] 0E135526E9785D085BCD9AEDE6FBCBF9
C:\Windows\System32\userinit.exe --a---- 25088 bytes [19:43 16/09/2008] [07:33 19/01/2008] 0E135526E9785D085BCD9AEDE6FBCBF9
C:\Windows\System32\en-US\userinit.exe.mui --a---- 4096 bytes [12:41 02/11/2006] [12:41 02/11/2006] F058F2BAE89E70B2A79D5EB820092EEB
C:\Windows\winsxs\Manifests\x86_microsoft-windows-userinit.resources_31bf3856ad364e35_6.0.6000.16386_en-us_8db9e42fd56781f2.manifest --a---- 2488 bytes [12:39 02/11/2006] [12:39 02/11/2006] BCA958F5EA792F001403EE32B5A495C1
C:\Windows\winsxs\Manifests\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737.manifest --a---- 7930 bytes [10:20 02/11/2006] [10:18 02/11/2006] C9E584A3F71B9C8AD059B5A71E09EED0
C:\Windows\winsxs\Manifests\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b.manifest ------- 7930 bytes [18:37 16/09/2008] [07:08 19/01/2008] 0A0BE29C70619676B3F985ADD047FA39
C:\Windows\winsxs\x86_microsoft-windows-userinit.resources_31bf3856ad364e35_6.0.6000.16386_en-us_8db9e42fd56781f2\userinit.exe.mui --a---- 4096 bytes [12:41 02/11/2006] [12:41 02/11/2006] F058F2BAE89E70B2A79D5EB820092EEB
C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe --a---- 24576 bytes [08:43 02/11/2006] [09:45 02/11/2006] 22027835939F86C3E47AD8E3FBDE3D11
C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe --a---- 25088 bytes [19:43 16/09/2008] [07:33 19/01/2008] 0E135526E9785D085BCD9AEDE6FBCBF9

-= EOF =-


Here is the ComboFix (with CFScript) Log:
ComboFix 11-06-10.08 - Michael 06/10/2011 17:54:50.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1981.962 [GMT -7:00]
Running from: c:\users\Michael\Desktop\ComboFix.exe
Command switches used :: c:\users\Michael\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-05-11 to 2011-06-11 )))))))))))))))))))))))))))))))
.
.
2011-06-11 01:10 . 2011-06-11 01:10 -------- d-----w- c:\users\Tony\AppData\Local\temp
2011-06-11 01:10 . 2011-06-11 01:10 -------- d-----w- c:\users\Parents\AppData\Local\temp
2011-06-11 01:10 . 2011-06-11 01:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-11 00:51 . 2011-06-11 00:51 -------- d-----w- C:\32788R22FWJFW
2011-06-10 21:14 . 2011-06-11 01:12 -------- d-----w- c:\users\Michael\AppData\Local\temp
2011-06-08 09:16 . 2011-03-13 18:42 24376 ----a-w- c:\program files\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll
2011-05-23 02:53 . 2011-05-23 02:53 -------- d-----w- c:\users\Michael\AppData\Roaming\Malwarebytes
2011-05-23 02:52 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-23 02:52 . 2011-05-23 02:52 -------- d-----w- c:\programdata\Malwarebytes
2011-05-23 02:52 . 2011-05-23 02:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-23 02:52 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-22 20:31 . 2011-05-22 20:31 -------- d-----w- c:\users\Michael\AppData\Local\MakeDisc
2011-05-20 04:51 . 2011-05-20 04:51 -------- d-----w- c:\users\Michael\AppData\Roaming\Auslogics
2011-05-18 21:46 . 2011-05-18 21:46 -------- d-----w- c:\program files\Application Updater
2011-05-14 21:47 . 2011-05-14 21:47 -------- d-----w- c:\users\Michael\AppData\Local\{8B3CB555-971C-469C-AD71-916C8C3A922A}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-09 01:13 . 2010-08-16 22:56 44544 ----a-w- c:\windows\system32\agremove.exe
2011-04-26 05:02 . 2011-04-26 05:02 161792 ----a-w- c:\windows\system32\msls31.dll
2011-04-26 05:02 . 2011-04-26 05:02 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-04-26 05:02 . 2011-04-26 05:02 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-26 05:02 . 2011-04-26 05:02 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-26 05:02 . 2011-04-26 05:02 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-26 05:02 . 2011-04-26 05:02 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-26 05:02 . 2011-04-26 05:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-26 05:02 . 2011-04-26 05:02 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-26 05:02 . 2011-04-26 05:02 367104 ----a-w- c:\windows\system32\html.iec
2011-04-26 05:02 . 2011-04-26 05:02 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-26 05:02 . 2011-04-26 05:02 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-26 05:02 . 2011-04-26 05:02 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-26 05:02 . 2011-04-26 05:02 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-26 05:02 . 2011-04-26 05:02 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-26 05:02 . 2011-04-26 05:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-26 05:02 . 2011-04-26 05:02 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-26 05:02 . 2011-04-26 05:02 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-26 05:02 . 2011-04-26 05:02 101888 ----a-w- c:\windows\system32\admparse.dll
2011-04-26 05:02 . 2011-04-26 05:02 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-04-26 05:02 . 2011-04-26 05:02 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-04-26 05:02 . 2011-04-26 05:02 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-03-14 06:43 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-13 18:20 . 2010-09-12 19:20 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-03-13 18:20 . 2010-09-12 19:20 64648 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-03-13 18:20 . 2010-09-12 19:20 163400 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-03-13 18:20 . 2010-09-12 19:20 85984 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-03-13 18:20 . 2010-09-12 19:20 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-03-13 18:20 . 2010-09-12 19:20 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-03-13 18:20 . 2010-09-12 19:20 337912 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-03-13 18:20 . 2010-09-12 19:20 179248 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-03-13 18:20 . 2010-06-01 03:32 459728 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-03-13 18:20 . 2010-06-01 03:32 118784 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-07-04 02:41 . 2008-08-15 02:00 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2010-10-14 05:28 . 2010-09-12 19:20 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\Michael\AppData\Local\{8B3CB555-971C-469C-AD71-916C8C3A922A} ----
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2010-06-04 822384]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATSwpNav"="c:\program files\Fingerprint Sensor\ATSwpNav -run" [X]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-20 4018176]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-26 151552]
"IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2007-02-09 97072]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-11-17 80688]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2006-11-26 260912]
"LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2006-11-12 68400]
"SSUtility"="c:\program files\Fujitsu\SSUtility\FJSSDMN.exe" [2006-11-12 239144]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-14 52832]
"OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2007-01-25 2506752]
"FJUPDNV_Chitose"="c:\program files\Fujitsu\fjdvrupd\updatenv.exe" [2007-02-05 167936]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-05-02 1306216]
"EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2006-10-12 102400]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-05-07 532320]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]
.
c:\users\Parents\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
.
c:\users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
.
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-2-2 2756608]
Clean Access Agent.lnk - c:\program files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe [2007-12-7 28672]
SafeConnect.lnk - c:\program files\SafeConnect\scClient.exe [2009-3-31 297240]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-10-11 02:51 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\Reader_SL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2009-09-15 06:09 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 22:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-07-04 02:41 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-06-17 00:16 136176 ----atw- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\users\Michael\AppData\Roaming\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 22:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-01-27 00:05 15026056 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 18:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-03-13 05:29 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-01-29 07:26 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R0 omnipass;omnipass; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9a39cc5cdf2be;Google Update Service (gupdate1c9a39cc5cdf2be);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 133104]
R3 ADVNTDRV;ADVNTDRV;c:\windows\System32\drivers\ADVNTDRV.SYS [1999-11-18 3872]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-04 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 133104]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-03-13 85984]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-03 25600]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-11-02 30720]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 wtpfiltr;wtpfiltr;c:\windows\system32\drivers\wtpfiltr.sys [2006-12-06 7680]
S0 FBIOSDRV;FBIOSDRV;c:\windows\system32\drivers\FBIOSDRV.SYS [2006-08-28 8960]
S0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\DRIVERS\FJGSDisk.sys [2007-05-11 10368]
S0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2006-10-03 36640]
S0 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2006-10-12 33152]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-03-13 64648]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-03-13 163400]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2011-05-07 393112]
S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2010-03-10 6656]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-28 214904]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-28 214904]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 214904]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-03-13 159832]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-03-13 148520]
S2 SCManager;SafeConnect Manager;c:\program files\SafeConnect\scManager.sys servicestart [x]
S2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\Fujitsu\fjdvrupd\updnvsrv.exe [2007-01-27 11776]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-03-13 57432]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [2006-11-01 5632]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-03-13 337912]
S3 WISDPen;Wacom Penabled MiniDriver;c:\windows\system32\DRIVERS\wisdpen.sys [2007-01-22 34736]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-11 05:47]
.
2011-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 05:29]
.
2011-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 05:29]
.
2011-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2040697427-3994011182-4157529652-1000Core.job
- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-29 00:16]
.
2011-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2040697427-3994011182-4157529652-1000UA.job
- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-29 00:16]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\McAfee\MSC\McSnIePl.dll
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\nawn8weg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=<html><head><META http-equiv='refresh' content='1;URL=https://secure-tin.resnet.nau.edu/auth/perfigo&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://karoyence.deviantart.com/
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=<html><head><META http-equiv='refresh' content='1;URL=https://secure-tin.resnet.nau.edu/auth/perfigo&tid={3AAB2482-2F4C-A177-F784-B83D9DD119A5}&q=
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=524517&p=
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=524517&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Rikaichan: {0AA9101C-D3C1-4129-A9B7-D778C6A17F82} - %profile%\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Japanese-English Dictionary for rikaichan: {6D898772-AD34-4c16-86BB-9DE787A5DEA0} - %profile%\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}
FF - Ext: My Web Tattoo (Fast Browser Search): {C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB} - %profile%\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-10 18:12
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3288)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\program files\Softex\OmniPass\SCUREDLL.dll
.
Completion time: 2011-06-10 18:41:58
ComboFix-quarantined-files.txt 2011-06-11 01:41
ComboFix2.txt 2011-06-10 21:13
.
Pre-Run: 22,434,906,112 bytes free
Post-Run: 22,406,385,664 bytes free
.
- - End Of File - - 482FA327387465EF7521E7F4910B7E7B

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:29 AM

Posted 10 June 2011 - 09:21 PM

Hi,

Please do the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 byte007

byte007
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 11 June 2011 - 01:25 AM

Hello again !
Here is the MBAM Log and the ESET Scan log:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6832

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

6/10/2011 8:02:31 PM
mbam-log-2011-06-10 (20-02-31).txt

Scan type: Quick scan
Objects scanned: 185742
Time elapsed: 9 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


- - - - - - - - - - - -
ESET Scan Log:

C:\Program Files\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Adware.Toolbar.Dealio application
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Adware.Toolbar.Dealio application
C:\Qoobox\Quarantine\C\Program Files\Dealio Toolbar\IE\4.4\dealioToolbarIE.dll.vir a variant of Win32/Adware.Toolbar.Dealio application

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:29 AM

Posted 11 June 2011 - 07:19 AM

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

http://www.bleepingcomputer.com/forums/topic400073.html/page__view__findpost__p__2287210

Collect::
C:\Program Files\Application Updater\ApplicationUpdater.exe 
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe 



Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT


Visit ADOBEand download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.

NEXT

Posted Image Your Java is out of date.
Java™ 6 Update 21 can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now.
An update should begin; > follow the prompts.


Clear Java cache

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup) If you do not see the icon, look to your left and click 'Switch to Classic View'.
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 byte007

byte007
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 11 June 2011 - 05:03 PM

I was able to run ComboFix (with CFScript - when it got near the end a box popped up and said "ComboFix needs to submit malware files for further analysis. Please ensure that you're connected to the internet before clicking OK."
At this point I clicked OK and ComboFix uploaded files. I then attempted to go on the internet using Internet Explorer 9 to update Adobe Reader - I got the following error: "C:\Program Files\Internat Explorer\Iexplore.exe
Illegal Operation attempted on a registry key that has been marked for deletion." I then tried opening Mozilla Firefox but that generated a similar error.
I then tried to open the Control Panel to update JAVA but when I clicked START/CONTROL PANEL I got an error from Explorer.exe stating:"Illegal Operation attempted on a registry key that has been marked for deletion."

Here is the ComboFix Log:
ComboFix 11-06-10.08 - Michael 06/11/2011 13:30:53.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1981.855 [GMT -7:00]
Running from: c:\users\Michael\Desktop\ComboFix.exe
Command switches used :: c:\users\Michael\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
file zipped: c:\program files\Application Updater\ApplicationUpdater.exe
file zipped: c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Application Updater\ApplicationUpdater.exe
c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Application Updater
.
.
((((((((((((((((((((((((( Files Created from 2011-05-11 to 2011-06-11 )))))))))))))))))))))))))))))))
.
.
2011-06-11 20:46 . 2011-06-11 20:46 -------- d-----w- c:\users\Tony\AppData\Local\temp
2011-06-11 20:46 . 2011-06-11 20:46 -------- d-----w- c:\users\Parents\AppData\Local\temp
2011-06-11 20:46 . 2011-06-11 20:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-11 03:40 . 2011-06-11 03:40 -------- d-----w- c:\program files\ESET
2011-06-10 21:14 . 2011-06-11 21:15 -------- d-----w- c:\users\Michael\AppData\Local\temp
2011-06-08 09:16 . 2011-03-13 18:42 24376 ----a-w- c:\program files\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll
2011-05-23 02:53 . 2011-05-23 02:53 -------- d-----w- c:\users\Michael\AppData\Roaming\Malwarebytes
2011-05-23 02:52 . 2011-05-29 16:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-23 02:52 . 2011-05-23 02:52 -------- d-----w- c:\programdata\Malwarebytes
2011-05-23 02:52 . 2011-06-11 02:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-23 02:52 . 2011-05-29 16:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-22 20:31 . 2011-05-22 20:31 -------- d-----w- c:\users\Michael\AppData\Local\MakeDisc
2011-05-20 04:51 . 2011-05-20 04:51 -------- d-----w- c:\users\Michael\AppData\Roaming\Auslogics
2011-05-18 21:46 . 2011-06-11 20:41 -------- d-----w- c:\program files\Application Updater
2011-05-14 21:47 . 2011-05-14 21:47 -------- d-----w- c:\users\Michael\AppData\Local\{8B3CB555-971C-469C-AD71-916C8C3A922A}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-09 01:13 . 2010-08-16 22:56 44544 ----a-w- c:\windows\system32\agremove.exe
2011-04-26 05:02 . 2011-04-26 05:02 161792 ----a-w- c:\windows\system32\msls31.dll
2011-04-26 05:02 . 2011-04-26 05:02 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-04-26 05:02 . 2011-04-26 05:02 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-26 05:02 . 2011-04-26 05:02 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-26 05:02 . 2011-04-26 05:02 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-26 05:02 . 2011-04-26 05:02 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-26 05:02 . 2011-04-26 05:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-26 05:02 . 2011-04-26 05:02 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-26 05:02 . 2011-04-26 05:02 367104 ----a-w- c:\windows\system32\html.iec
2011-04-26 05:02 . 2011-04-26 05:02 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-26 05:02 . 2011-04-26 05:02 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-26 05:02 . 2011-04-26 05:02 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-26 05:02 . 2011-04-26 05:02 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-26 05:02 . 2011-04-26 05:02 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-26 05:02 . 2011-04-26 05:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-26 05:02 . 2011-04-26 05:02 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-26 05:02 . 2011-04-26 05:02 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-26 05:02 . 2011-04-26 05:02 101888 ----a-w- c:\windows\system32\admparse.dll
2011-04-26 05:02 . 2011-04-26 05:02 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-04-26 05:02 . 2011-04-26 05:02 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-04-26 05:02 . 2011-04-26 05:02 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-03-14 06:43 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2010-07-04 02:41 . 2008-08-15 02:00 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2010-10-14 05:28 . 2010-09-12 19:20 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2010-06-04 822384]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATSwpNav"="c:\program files\Fingerprint Sensor\ATSwpNav -run" [X]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-20 4018176]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-26 151552]
"IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2007-02-09 97072]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-11-17 80688]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2006-11-26 260912]
"LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2006-11-12 68400]
"SSUtility"="c:\program files\Fujitsu\SSUtility\FJSSDMN.exe" [2006-11-12 239144]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-14 52832]
"OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2007-01-25 2506752]
"FJUPDNV_Chitose"="c:\program files\Fujitsu\fjdvrupd\updatenv.exe" [2007-02-05 167936]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-05-02 1306216]
"EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2006-10-12 102400]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
.
c:\users\Parents\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
.
c:\users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
.
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-2-2 2756608]
Clean Access Agent.lnk - c:\program files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe [2007-12-7 28672]
SafeConnect.lnk - c:\program files\SafeConnect\scClient.exe [2009-3-31 297240]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-10-11 02:51 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\Reader_SL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2009-09-15 06:09 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 22:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-07-04 02:41 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-06-17 00:16 136176 ----atw- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\users\Michael\AppData\Roaming\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 22:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-01-27 00:05 15026056 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 18:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-03-13 05:29 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-01-29 07:26 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R0 omnipass;omnipass; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9a39cc5cdf2be;Google Update Service (gupdate1c9a39cc5cdf2be);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 133104]
R3 ADVNTDRV;ADVNTDRV;c:\windows\System32\drivers\ADVNTDRV.SYS [1999-11-18 3872]
R3 CFcatchme;CFcatchme;c:\users\Michael\AppData\Local\Temp\CFcatchme.sys [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-04 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 133104]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-03-13 85984]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-03 25600]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-11-02 30720]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 wtpfiltr;wtpfiltr;c:\windows\system32\drivers\wtpfiltr.sys [2006-12-06 7680]
S0 FBIOSDRV;FBIOSDRV;c:\windows\system32\drivers\FBIOSDRV.SYS [2006-08-28 8960]
S0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\DRIVERS\FJGSDisk.sys [2007-05-11 10368]
S0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2006-10-03 36640]
S0 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2006-10-12 33152]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-03-13 64648]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-03-13 163400]
S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2010-03-10 6656]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-28 214904]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-28 214904]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 214904]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-03-13 159832]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-03-13 148520]
S2 SCManager;SafeConnect Manager;c:\program files\SafeConnect\scManager.sys servicestart [x]
S2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\Fujitsu\fjdvrupd\updnvsrv.exe [2007-01-27 11776]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-03-13 57432]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [2006-11-01 5632]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-03-13 337912]
S3 WISDPen;Wacom Penabled MiniDriver;c:\windows\system32\DRIVERS\wisdpen.sys [2007-01-22 34736]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-11 05:47]
.
2011-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 05:29]
.
2011-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 05:29]
.
2011-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2040697427-3994011182-4157529652-1000Core.job
- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-29 00:16]
.
2011-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2040697427-3994011182-4157529652-1000UA.job
- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-29 00:16]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\McAfee\MSC\McSnIePl.dll
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\nawn8weg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=<html><head><META http-equiv='refresh' content='1;URL=https://secure-tin.resnet.nau.edu/auth/perfigo&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://karoyence.deviantart.com/
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=<html><head><META http-equiv='refresh' content='1;URL=https://secure-tin.resnet.nau.edu/auth/perfigo&tid={3AAB2482-2F4C-A177-F784-B83D9DD119A5}&q=
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=524517&p=
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=524517&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Rikaichan: {0AA9101C-D3C1-4129-A9B7-D778C6A17F82} - %profile%\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Japanese-English Dictionary for rikaichan: {6D898772-AD34-4c16-86BB-9DE787A5DEA0} - %profile%\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}
FF - Ext: My Web Tattoo (Fast Browser Search): {C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB} - %profile%\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-11 14:15
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(6100)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Softex\OmniPass\OmniServ.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\o2flash.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\RioMSC.exe
c:\program files\SafeConnect\scManager.sys
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\Tablet.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\system32\WTablet\TabUserW.exe
c:\windows\system32\Tablet.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
.
**************************************************************************
.
Completion time: 2011-06-11 14:29:26 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-11 21:29
ComboFix2.txt 2011-06-11 01:42
ComboFix3.txt 2011-06-10 21:13
.
Pre-Run: 22,084,149,248 bytes free
Post-Run: 21,566,468,096 bytes free
.
- - End Of File - - 902DF596D228B15DB67CDA201B2D9391
Upload was successful

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:29 AM

Posted 11 June 2011 - 05:23 PM

Hi,

That message pops up the odd time on Vista machines, not sure why, but just reboot the computer and everything will be back to normal.

Please advise how the computer is running now and if there are any outstanding issues.

Edited by CatByte, 11 June 2011 - 05:24 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 byte007

byte007
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 11 June 2011 - 07:27 PM

Hi CatByte !
I do appreciate your help and I thank you for your time.


I restarted and was then able to get onto internet and open Control Panel.
I updated Adobe Reader to Version 9.
I updated JAVA and cleared the JAVA Cache.

I still have an issue with Windows Vista Search (START/ search box)
I tried doing a Windows Vista Search, the initial search results show in the left pane. When you then click 'Search Everywhere' it now gives a different error than what I was getting before when trying to do a Windows Vista Search. the following is the current Google Chrome error:
This website is not available.
The website at http://127.0.0.1:4664/search?q=flash&flags=68&s=DgpZXk9AOBinCy2wrRx7zJQhp5w might be temporarily down or it may have moved permanently to a new web address.
Error 102 (net: ERR_CONNECTION_REFUSED) The server refused the connection.

Is this a Google Chrome Problem? Is Google Chrome a legitimate browser to use or should it be uninstalled?
Is this a search setting problem?
Is this malware related?

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:29 AM

Posted 11 June 2011 - 07:51 PM

That is probably a McAfee setting:

Open you McAfee Firewall
Check Program Permissions...there should be an entry for Google Chrome.
Set Access to FULL or OUTGOING

make sure there is no proxy set as well:
Click on Start > control panel > internet options > connections > Lan settings > proxy server and uncheck use proxy server for your Lan

Let me know if that helps

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 byte007

byte007
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 11 June 2011 - 09:17 PM

The settings you wanted me to check were already set as you wanted:

McAfee Firewall setting for Google Chrome was already set to FULL.
And "Use proxy server for your lan" was already unchecked.

The Windows search problem would make more sense to me if I was clicking "Search tne Internet" but I'm not; I'm clicking "Search Everywhere" which usually shows you everywhere on your computer.

Is this a Google Chrome Problem? Is Google Chrome a legitimate browser to use or should it be uninstalled?
Is this a search setting problem?
Is this malware related?

I need to get this search problem resolved and I want to be absolutely sure that we are malware/spyware/adware/virus free before we clone the hard drive information on to the new larger drive.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users