Start a Conversation

Unsolved

This post is more than 5 years old

2615

July 8th, 2011 19:00

Help with redirect virus/malware on my Dell Laptop

My dell laptop is infected with a redirect virus/malware. I'm not sure when this occurred. I downloaded Hijack This and will post the results. Any help with this issue would be appreciated. Thanks in advance.

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:50:46 PM, on 7/8/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Martins\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110512164001.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [EPSON854669] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIA.EXE /FU "C:\Windows\TEMP\E_SD635.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} (DVM_IPCam2 Control) - http://192.168.1.84/codebase/DVM_IPCam2.ocx
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HideMyIpSRV - Hide My IP - C:\Program Files (x86)\Hide My IP\HideMyIpSrv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
O23 - Service: McciCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

62 Posts

July 10th, 2011 05:00

Hello martman05 and welcome to the Forums,

My name is George and I will be assisting you with your problem. Please be patient while I determine my first set of instructions.

Please follow all my instructions carefully in the order that I give them.

Please give a VERY clear description of the problem you are having. The more detailed, the quicker we will be able to work through the problem together.

Do not install any updates until I tell you to do so. Updating an infected computer can have disastrous effects.

Do not attempt any other fixes than what I give you here. Using other tools might interfere with the cleaning process. It may also damage your computer.

Either print or save to Notepad all the instructions that I give you. If there is anything you are unsure of or any instructions you feel lack clarity, please do not hesitate to ask.

Some of the logs I may ask for are very long and complex. As is analysing these logs. My responses to you may take longer than you would expect. I assure you that I will work through your problem and a solution as quick as I can.

I am currently an advanced trainee in Malware removal at SpywareHammer Academy. My posts have to be approved by a Mentor before posting, so my responses may take longer than expected; all I ask is that you please be patient.


Please be patient while I analyse your log and devise my first set of instructions.

62 Posts

July 10th, 2011 09:00

Step 1
ATF Cleaner
Please download ATF Cleaner by Atribune.

This program is for Windows 98/ME/2K/XP and Vista

 

  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

 

If you use Firefox browser

  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click
  • No at the prompt.

 

If you use Opera browser

  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

 

Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu.

Step 2
Run Malwarebytes

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ieSpybot'sTeatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
Step 3
DDS
We need to see some additional information about what is happening in your machine.
Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.
    • DDS.com
    • DDS.scr
    • DDS.pif

       

       

    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explanation about the tool.
    • When done, DDS will open two (2) logs
      1. DDS.txt
      2. Attach.txt
    • Save both reports to your desktop.
    • The instructions here ask you to attach the Attach.txt.
      DDS.jpg

    • Instead of attaching, please copy/paste both logs into your next reply.

       

      Please note: You may have to disable any script protection running if the scan fails to run.
      After downloading the tool, disconnect from the internet and disable all antivirus protection.
      Run the scan, enable your A/V and reconnect to the internet.
      Information on A/V control here

      In your next reply can I have:

      DDS.txt
      Attach.txt
      The MBAM log and any issues you may have had.

     

7 Posts

July 12th, 2011 11:00

Gahixon1,

Here are the files you requested. Let me know if you need additional information.

Martman05

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-06-23.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 7/17/2010 1:09:57 PM

System Uptime: 7/10/2011 1:01:33 PM (3 hours ago)

.

Motherboard: Dell Inc. |  | 0G848F

Processor: Pentium(R) Dual-Core CPU       T4500  @ 2.30GHz | Microprocessor | 2300/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 218 GiB total, 186.56 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft Virtual WiFi Miniport Adapter

Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&E498086&0&01

Manufacturer: Microsoft

Name: Microsoft Virtual WiFi Miniport Adapter

PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&E498086&0&01

Service: vwifimp

.

==== System Restore Points ===================

.

RP146: 7/3/2011 6:09:13 PM - Revo Uninstaller's restore point - RealArcade

RP148: 7/9/2011 10:00:56 AM - Removed service pack backup files

RP149: 7/9/2011 6:43:22 PM - Made by Regsofts

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Photoshop Elements 8.0

Adobe Reader 9.4.5

Apple Application Support

Apple Software Update

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Compatibility Pack for the 2007 Office system

Consumer In-Home Service Agreement

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell Driver Download Manager

Epson Event Manager

EPSON Scan

EpsonNet Print

EpsonNet Setup

Feedback Tool

FileRestorePlus™ 3.0.1.1111

Free Window Registry Repair

Glary Utilities 2.34.0.1190

Google Chrome

Google Earth

Google Update Helper

IDT Audio

IrfanView (remove only)

Java Auto Updater

Java(TM) 6 Update 26

Malwarebytes' Anti-Malware version 1.51.0.1200

McAfee SecurityCenter

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Move Media Player

Mozilla Firefox (3.6.18)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

OBD2Spy V2.05

OpenOffice.org 3.3

PowerDVD DX

QuickTime

Realtek USB 2.0 Card Reader

Revo Uninstaller 1.92

Roxio Burn

Safari

ScanTool.net for Windows v1.13

Secunia PSI (2.0.0.3003)

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2509488)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft Office 2007 System (KB2541012)

Security Update for Microsoft Office Excel 2007 (KB2541007)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2535818)

Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Spybot - Search & Destroy 2

TomTom HOME 2.8.2.2264

TomTom HOME Visual Studio Merge Modules

Update for 2007 Microsoft Office System (KB2284654)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VLC media player 1.1.10

Windows Media Player Firefox Plugin

WYO Home Inventory 4.15

.

==== Event Viewer Messages From Past Week ========

.

7/9/2011 6:46:35 PM, Error: Service Control Manager [7043]  - The McShield service did not shut down properly after receiving a preshutdown control.

7/8/2011 7:50:07 PM, Error: bowser [8003]  - The master browser has received a server announcement from the computer MARTINSLAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{907FBB65-19A3-43FA-B8E0-64CBD4C2D913}. The master browser is stopping or an election is being forced.

7/3/2011 8:35:18 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

7/10/2011 8:38:57 AM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

7/10/2011 8:38:23 AM, Error: VDS Basic Provider [1]  - Unexpected failure. Error code: D@01010004

7/10/2011 8:38:09 AM, Error: Service Control Manager [7003]  - The Spybot-S&D 2 Security Center Service service depends the following service: wscsvc. This service might not be installed.

.

==== End Of File

.

DDS (Ver_2011-06-23.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_26

Run by Martins at 16:43:35 on 2011-07-10

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2008.961 [GMT -5:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe

c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE

C:\Windows\system32\Dwm.exe

C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Windows\system32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\system32\mfevtps.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\Secunia\PSI\PSIA.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Secunia\PSI\sua.exe

C:\Program Files\Common Files\McAfee\Core\mchost.exe

C:\Windows\system32\cleanmgr.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110512164001.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [EPSON854669] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIA.EXE /FU "C:\Windows\TEMP\E_SD635.tmp" /EF "HKCU"

uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

StartupFolder: C:\Users\Martins\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll

Trusted Zone: internet

Trusted Zone: mcafee.com

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} - hxxp://192.168.1.84/codebase/DVM_IPCam2.ocx

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{907FBB65-19A3-43FA-B8E0-64CBD4C2D913} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{907FBB65-19A3-43FA-B8E0-64CBD4C2D913}\2456C6B696E6 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{907FBB65-19A3-43FA-B8E0-64CBD4C2D913}\35072796E64702D49664962323030302932444 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{907FBB65-19A3-43FA-B8E0-64CBD4C2D913}\84F6F6B656D6D27657563747 : DhcpNameServer = 68.87.85.102 68.87.69.150

TCP: Interfaces\{907FBB65-19A3-43FA-B8E0-64CBD4C2D913}\86F6F6B656D6 : DhcpNameServer = 68.87.85.102 68.87.69.150

TCP: Interfaces\{907FBB65-19A3-43FA-B8E0-64CBD4C2D913}\C696E6B6379737 : DhcpNameServer = 68.87.85.102 68.87.69.150

TCP: Interfaces\{907FBB65-19A3-43FA-B8E0-64CBD4C2D913}\D4F626965737 : DhcpNameServer = 192.168.1.1

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Notify: SDWinLogon - SDWinLogon.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64:     AcroIEHelperStub - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110512164001.dll

BHO-X64:     scriptproxy - No File

BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe

mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Martins\AppData\Roaming\Mozilla\Firefox\Profiles\9g3tv11p.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.type - 0

FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor\components\McFFPlg.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Real\RealArcade\Plugins\Mozilla\npracplug.dll

FF - plugin: C:\Users\Martins\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll

FF - plugin: C:\Users\Martins\AppData\Roaming\Mozilla\Firefox\Profiles\9g3tv11p.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com

FF - Ext: IP Cam PTZ: {7c402354-dd42-4ef3-8d2d-8aa1645b6999} - %profile%\extensions\{7c402354-dd42-4ef3-8d2d-8aa1645b6999}

FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - C:\Program Files (x86)\McAfee\SiteAdvisor

FF - Ext: Move Media Player: moveplayer@movenetworks.com - C:\Users\Martins\AppData\Roaming\Move Networks

FF - Ext: XULRunner: {CF8ED9A2-F8DB-4787-B716-5E11D31C5906} - C:\Users\Martins\AppData\Local\{CF8ED9A2-F8DB-4787-B716-5E11D31C5906}

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]

R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

R1 SDHookDriver;Spybot-S&D 2 Hook Driver;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [2011-7-8 48888]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-18 169312]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [2010-11-10 89600]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2011-4-27 101048]

R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2010-12-2 517632]

R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-3-1 355440]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-3-1 355440]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-3-1 355440]

R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-3-1 200056]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-3-1 245352]

R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]

R2 SDHookService;Spybot-S&D 2 Hooks Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-7-8 130976]

R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-7-8 1060272]

R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-7-8 909224]

R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-4-19 993848]

R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-4-19 399416]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-5-25 705856]

R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-4-22 92592]

R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]

R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-2 136176]

S2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-7-8 169624]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-2 136176]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

S3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]

.

=============== Created Last 30 ================

.

2011-07-09 23:54:46 12872 ----a-w- C:\Windows\System32\bootdelete.exe

2011-07-09 23:34:28 -------- d-----w- C:\Program Files (x86)\Free Window Registry Repair

2011-07-09 20:11:09 -------- d-----w- C:\Users\Martins\AppData\Roaming\VSRevoGroup

2011-07-09 17:48:34 23112 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys

2011-07-09 17:46:38 -------- d-----w- C:\ProgramData\Hitman Pro

2011-07-09 03:21:50 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2011-07-09 03:21:31 17272 ----a-w- C:\Windows\System32\sdnclean64.exe

2011-07-09 03:21:27 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2

2011-07-05 01:36:48 424296 ----a-w- C:\Windows\System32\HMIPCore64.dll

2011-07-05 01:36:47 330600 ----a-w- C:\Windows\SysWow64\HMIPCore.dll

2011-07-03 23:04:57 -------- d-----w- C:\My Games

2011-07-03 23:04:40 -------- d-----w- C:\My Download Files

2011-07-03 23:01:28 774144 ----a-w- C:\Program Files (x86)\RngInterstitial.dll

2011-07-03 23:01:17 -------- d-----w- C:\Program Files (x86)\Common Files\Real

2011-07-03 23:01:02 569397 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\RichFX\Player\nprfxins.dll

2011-07-03 22:59:59 -------- d-----w- C:\Program Files (x86)\_ArcadeDownloadFolder

2011-06-24 21:22:19 -------- d-----w- C:\Windows\System32\SPReview

2011-06-24 19:49:11 48976 ----a-w- C:\Windows\System32\netfxperf.dll

2011-06-24 19:49:10 1942856 ----a-w- C:\Windows\System32\dfshim.dll

2011-06-24 19:49:02 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll

2011-06-24 19:47:59 630272 ----a-w- C:\Windows\System32\evr.dll

2011-06-24 19:46:59 610304 ----a-w- C:\Program Files (x86)\Common Files\System\Ole DB\msdasql.dll

2011-06-24 19:45:48 209920 ----a-w- C:\Windows\SysWow64\PkgMgr.exe

2011-06-24 19:45:48 189952 ----a-w- C:\Windows\SysWow64\wdscore.dll

2011-06-24 19:45:13 323072 ----a-w- C:\Windows\SysWow64\drvstore.dll

2011-06-24 19:45:12 257024 ----a-w- C:\Windows\SysWow64\dpx.dll

2011-06-24 19:45:00 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll

2011-06-24 19:45:00 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll

2011-06-24 19:39:20 529408 ----a-w- C:\Windows\System32\wbemcomn.dll

2011-06-24 19:39:20 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll

2011-06-24 19:39:20 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll

2011-06-24 19:38:52 933376 ----a-w- C:\Windows\System32\SmiEngine.dll

2011-06-24 19:38:36 199168 ----a-w- C:\Windows\System32\PkgMgr.exe

2011-06-24 19:37:29 422912 ----a-w- C:\Windows\System32\drvstore.dll

2011-06-24 19:37:29 399872 ----a-w- C:\Windows\System32\dpx.dll

2011-06-22 01:52:46 -------- d-s---w- C:\Windows\SysWow64\Microsoft

2011-06-22 00:33:12 -------- d-----w- C:\Program Files\Linksys

2011-06-22 00:30:56 -------- d-----w- C:\ProgramData\Pure Networks

2011-06-17 12:13:09 499200 ----a-w- C:\Windows\System32\drivers\afd.sys

2011-06-17 12:13:09 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-06-17 12:13:08 288640 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2011-06-17 12:13:03 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-06-17 12:13:02 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys

2011-06-17 12:13:02 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys

2011-06-17 12:12:57 3135488 ----a-w- C:\Windows\System32\win32k.sys

2011-06-17 12:12:53 467456 ----a-w- C:\Windows\System32\drivers\srv.sys

2011-06-17 12:12:53 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys

2011-06-17 12:12:53 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2011-06-17 12:12:51 861696 ----a-w- C:\Windows\System32\oleaut32.dll

2011-06-17 12:12:50 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2011-06-17 12:12:46 976896 ----a-w- C:\Windows\System32\inetcomm.dll

2011-06-17 12:12:46 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll

.

==================== Find3M  ====================

.

2011-07-03 22:54:34 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-06-24 21:34:34 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2011-06-24 21:34:33 175616 ----a-w- C:\Windows\System32\msclmd.dll

2011-06-20 13:37:36 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-05-29 14:11:30 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-05-29 14:11:20 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll

2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll

2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll

2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll

2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe

2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll

2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll

2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll

2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll

2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll

2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll

2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe

2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe

2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe

2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll

2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll

2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll

2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll

2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll

2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll

2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe

2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe

2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe

2011-04-23 01:29:25 2303488 ----a-w- C:\Windows\System32\jscript9.dll

2011-04-23 01:19:19 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-04-22 23:35:56 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-04-22 23:25:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-04-22 22:15:29 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys

2011-04-14 19:01:38 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys

2011-04-14 19:01:38 94992 ----a-w- C:\Windows\System32\drivers\mferkdet.sys

2011-04-14 19:01:38 75160 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys

2011-04-14 19:01:38 63056 ----a-w- C:\Windows\System32\drivers\cfwids.sys

2011-04-14 19:01:38 530304 ----a-w- C:\Windows\System32\drivers\mfehidk.sys

2011-04-14 19:01:38 441840 ----a-w- C:\Windows\System32\drivers\mfefirek.sys

2011-04-14 19:01:38 283744 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys

2011-04-14 19:01:38 190520 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys

2011-04-14 19:01:38 149032 ----a-w- C:\Windows\System32\mfevtps.exe

2011-04-14 19:01:38 121376 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys

.

============= FINISH: 16:44:13.11

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 7050

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

7/10/2011 4:19:19 PM

mbam-log-2011-07-10 (16-19-19).txt

Scan type: Quick scan

Objects scanned: 167218

Time elapsed: 5 minute(s), 54 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

62 Posts

July 15th, 2011 08:00

Hi martman05,

Let's see if this tool will kill your redirect problem.

Step 1
TDSSKiller

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

     

    TDSSKillermain.png

     

  • If an infected file is detected, the default action will be Cure, click on Continue.

     

    TDSSKillerMal-1.png

     

  • If a suspicious file is detected, the default action will be Skip, click on Continue.

     

    TDSSKillerSuspicious-1.png

     

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

     

    TDSSKillerCompleted.png

     

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

 

Don't worry if not there is a large array of tools in our arsenal.

In your next reply:
TDSSKiller.txt

7 Posts

July 15th, 2011 12:00

Gahixon1,

Here is the file. It didn't seem find anything.

 

2011/07/15 12:44:27.0406 0840    TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/15 12:44:28.0508 0840    ================================================================================
2011/07/15 12:44:28.0508 0840    SystemInfo:
2011/07/15 12:44:28.0508 0840   
2011/07/15 12:44:28.0509 0840    OS Version: 6.1.7601 ServicePack: 1.0
2011/07/15 12:44:28.0509 0840    Product type: Workstation
2011/07/15 12:44:28.0509 0840    ComputerName: MARTINS-PC
2011/07/15 12:44:28.0509 0840    UserName: Martins
2011/07/15 12:44:28.0509 0840    Windows directory: C:\Windows
2011/07/15 12:44:28.0509 0840    System windows directory: C:\Windows
2011/07/15 12:44:28.0509 0840    Running under WOW64
2011/07/15 12:44:28.0509 0840    Processor architecture: Intel x64
2011/07/15 12:44:28.0509 0840    Number of processors: 2
2011/07/15 12:44:28.0509 0840    Page size: 0x1000
2011/07/15 12:44:28.0509 0840    Boot type: Normal boot
2011/07/15 12:44:28.0509 0840    ================================================================================
2011/07/15 12:44:29.0018 0840    Initialize success
2011/07/15 12:44:33.0532 5340    ================================================================================
2011/07/15 12:44:33.0532 5340    Scan started
2011/07/15 12:44:33.0532 5340    Mode: Manual;
2011/07/15 12:44:33.0532 5340    ================================================================================
2011/07/15 12:44:34.0246 5340    1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/07/15 12:44:34.0455 5340    ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/07/15 12:44:34.0619 5340    AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/07/15 12:44:34.0825 5340    adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/15 12:44:34.0974 5340    adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/15 12:44:35.0137 5340    adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/15 12:44:35.0340 5340    AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
2011/07/15 12:44:35.0460 5340    agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/07/15 12:44:35.0599 5340    aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/07/15 12:44:35.0826 5340    amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/07/15 12:44:35.0943 5340    AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/15 12:44:36.0058 5340    AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/15 12:44:36.0172 5340    amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
2011/07/15 12:44:36.0386 5340    amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/15 12:44:36.0509 5340    amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
2011/07/15 12:44:36.0681 5340    ApfiltrService  (98449a2957778a6f025c418438a380f4) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/07/15 12:44:36.0846 5340    AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/07/15 12:44:37.0035 5340    arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/07/15 12:44:37.0160 5340    arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/15 12:44:37.0278 5340    AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/15 12:44:37.0414 5340    atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/07/15 12:44:37.0594 5340    b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/07/15 12:44:37.0746 5340    b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/07/15 12:44:37.0860 5340    BCM42RLY        (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
2011/07/15 12:44:38.0042 5340    BCM43XX         (37394d3553e220fb732c21e217e1bd8b) C:\Windows\system32\DRIVERS\bcmwl664.sys
2011/07/15 12:44:38.0239 5340    Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/07/15 12:44:38.0386 5340    blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/15 12:44:38.0532 5340    bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/15 12:44:38.0689 5340    BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/15 12:44:38.0800 5340    BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/15 12:44:38.0940 5340    Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/07/15 12:44:39.0069 5340    BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/15 12:44:39.0196 5340    BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/15 12:44:39.0318 5340    BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/15 12:44:39.0455 5340    BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/15 12:44:39.0603 5340    cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/15 12:44:39.0729 5340    cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
2011/07/15 12:44:39.0905 5340    cfwids          (676535b3156fecf7133cf80b4d2f6cf7) C:\Windows\system32\drivers\cfwids.sys
2011/07/15 12:44:40.0015 5340    circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/15 12:44:40.0114 5340    CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/07/15 12:44:40.0253 5340    CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/15 12:44:40.0361 5340    cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/07/15 12:44:40.0497 5340    CNG             (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/07/15 12:44:40.0671 5340    Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/15 12:44:40.0788 5340    CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/07/15 12:44:40.0957 5340    crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/15 12:44:41.0100 5340    DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/07/15 12:44:41.0263 5340    discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/07/15 12:44:41.0386 5340    Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/07/15 12:44:41.0526 5340    drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/07/15 12:44:41.0677 5340    DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/15 12:44:41.0937 5340    ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/07/15 12:44:42.0156 5340    elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/15 12:44:42.0297 5340    ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/07/15 12:44:42.0417 5340    exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/07/15 12:44:42.0523 5340    fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/07/15 12:44:42.0631 5340    fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/15 12:44:42.0682 5340    FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/07/15 12:44:42.0821 5340    FileMonitor     (2b609f74fa2884c36471743322652a16) C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys
2011/07/15 12:44:42.0962 5340    Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/07/15 12:44:43.0008 5340    flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/15 12:44:43.0131 5340    FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/07/15 12:44:43.0291 5340    FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/07/15 12:44:43.0405 5340    Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/15 12:44:43.0528 5340    FTDIBUS         (ed07200cff78facfb66ebb0b89f503a4) C:\Windows\system32\drivers\ftdibus.sys
2011/07/15 12:44:43.0688 5340    FTSER2K         (9980e7584484a009e77e9bfa14c0c18a) C:\Windows\system32\drivers\ftser2k.sys
2011/07/15 12:44:43.0866 5340    fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/15 12:44:43.0964 5340    gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/07/15 12:44:44.0100 5340    GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/07/15 12:44:44.0308 5340    hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/15 12:44:44.0440 5340    HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/07/15 12:44:44.0479 5340    HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/15 12:44:44.0577 5340    HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/15 12:44:44.0603 5340    HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/15 12:44:44.0731 5340    HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
2011/07/15 12:44:44.0901 5340    HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/07/15 12:44:45.0082 5340    HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/07/15 12:44:45.0199 5340    hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/15 12:44:45.0315 5340    i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/07/15 12:44:45.0458 5340    iaStor          (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
2011/07/15 12:44:45.0587 5340    iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
2011/07/15 12:44:45.0923 5340    igfx            (babd5f9b2bcc82ce556a0baf1ae208a7) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/07/15 12:44:46.0273 5340    iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/15 12:44:46.0420 5340    intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/07/15 12:44:46.0522 5340    intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/15 12:44:46.0646 5340    IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/15 12:44:46.0805 5340    IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/07/15 12:44:46.0901 5340    IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/07/15 12:44:47.0063 5340    IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/07/15 12:44:47.0184 5340    isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/07/15 12:44:47.0307 5340    iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/07/15 12:44:47.0465 5340    kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
2011/07/15 12:44:47.0584 5340    kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
2011/07/15 12:44:47.0737 5340    KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/15 12:44:47.0890 5340    KSecPkg         (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/15 12:44:48.0044 5340    ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/07/15 12:44:48.0226 5340    lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/15 12:44:48.0360 5340    LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/15 12:44:48.0480 5340    LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/15 12:44:48.0598 5340    LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/07/15 12:44:48.0727 5340    LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/07/15 12:44:48.0839 5340    luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/07/15 12:44:49.0153 5340    megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/15 12:44:49.0198 5340    MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/15 12:44:49.0368 5340    mfeapfk         (31338e489314ae2a29534fbaa7ad2f1b) C:\Windows\system32\drivers\mfeapfk.sys
2011/07/15 12:44:49.0495 5340    mfeavfk         (5822e70233218bcf22a65fcea74d012d) C:\Windows\system32\drivers\mfeavfk.sys
2011/07/15 12:44:49.0799 5340    mfefirek        (5a24e7c834576313d8c5eaf0825da844) C:\Windows\system32\drivers\mfefirek.sys
2011/07/15 12:44:50.0000 5340    mfehidk         (a2607740bb18d631da01e01dcb81843b) C:\Windows\system32\drivers\mfehidk.sys
2011/07/15 12:44:50.0174 5340    mfenlfk         (50c3a9d7465d385061c0601deefb5a8e) C:\Windows\system32\DRIVERS\mfenlfk.sys
2011/07/15 12:44:50.0352 5340    mferkdet        (edf5ee799a0b3ed6dce8bb16a51f3d1f) C:\Windows\system32\drivers\mferkdet.sys
2011/07/15 12:44:50.0549 5340    mfewfpk         (9182faf9addd5ea6308d155ceb502c6f) C:\Windows\system32\drivers\mfewfpk.sys
2011/07/15 12:44:50.0699 5340    Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/07/15 12:44:50.0811 5340    monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/15 12:44:50.0924 5340    mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
2011/07/15 12:44:51.0044 5340    mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/15 12:44:51.0161 5340    mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/07/15 12:44:51.0272 5340    mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/07/15 12:44:51.0427 5340    mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/15 12:44:51.0551 5340    MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/07/15 12:44:51.0647 5340    mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/15 12:44:51.0797 5340    mrxsmb10        (2086d463bd371d8a37d153897430916d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/15 12:44:51.0938 5340    mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/15 12:44:52.0085 5340    msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/07/15 12:44:52.0246 5340    msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/07/15 12:44:52.0411 5340    Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/07/15 12:44:52.0444 5340    mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/15 12:44:52.0539 5340    msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/07/15 12:44:52.0668 5340    MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/15 12:44:52.0774 5340    MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/15 12:44:52.0895 5340    MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/07/15 12:44:53.0009 5340    MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/07/15 12:44:53.0151 5340    mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/07/15 12:44:53.0280 5340    MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/07/15 12:44:53.0323 5340    MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/07/15 12:44:53.0435 5340    Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/07/15 12:44:53.0570 5340    NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/15 12:44:53.0724 5340    NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/07/15 12:44:53.0842 5340    NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/15 12:44:53.0963 5340    NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/15 12:44:54.0087 5340    Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/15 12:44:54.0241 5340    NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/15 12:44:54.0414 5340    NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/07/15 12:44:54.0575 5340    NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/15 12:44:54.0636 5340    NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/15 12:44:54.0764 5340    nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/15 12:44:54.0895 5340    Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/07/15 12:44:54.0999 5340    nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/15 12:44:55.0102 5340    Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
2011/07/15 12:44:55.0264 5340    Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/07/15 12:44:55.0397 5340    nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
2011/07/15 12:44:55.0594 5340    nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
2011/07/15 12:44:55.0757 5340    nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/07/15 12:44:55.0887 5340    ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/07/15 12:44:56.0016 5340    Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/07/15 12:44:56.0136 5340    partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/07/15 12:44:56.0306 5340    pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/07/15 12:44:56.0451 5340    pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/07/15 12:44:56.0569 5340    pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/15 12:44:56.0668 5340    pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/07/15 12:44:56.0721 5340    PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/07/15 12:44:56.0936 5340    PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/15 12:44:57.0069 5340    Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/07/15 12:44:57.0211 5340    Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/15 12:44:57.0342 5340    PSI             (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
2011/07/15 12:44:57.0444 5340    PxHlpa64        (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/07/15 12:44:57.0643 5340    ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/15 12:44:57.0804 5340    ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/15 12:44:57.0913 5340    QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/15 12:44:58.0025 5340    RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/15 12:44:58.0156 5340    RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/15 12:44:58.0281 5340    Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/15 12:44:58.0446 5340    RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/15 12:44:58.0563 5340    RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/15 12:44:58.0690 5340    rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/15 12:44:58.0833 5340    rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/15 12:44:58.0876 5340    RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/15 12:44:58.0995 5340    RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/15 12:44:59.0100 5340    RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/15 12:44:59.0154 5340    RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/07/15 12:44:59.0320 5340    rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/07/15 12:44:59.0513 5340    RegFilter       (8ccf1201a14d5ad7568e192b835abb7e) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys
2011/07/15 12:44:59.0701 5340    rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/15 12:44:59.0874 5340    RSUSBSTOR       (4a25dc970c58104602ed274dacafd784) C:\Windows\system32\Drivers\RtsUStor.sys
2011/07/15 12:45:00.0025 5340    sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/07/15 12:45:00.0172 5340    scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/15 12:45:00.0347 5340    SDHookDriver    (2eca646db25f4049af31e1ff04213601) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys
2011/07/15 12:45:00.0536 5340    secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/07/15 12:45:00.0680 5340    Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/15 12:45:00.0792 5340    Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/07/15 12:45:00.0904 5340    sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/07/15 12:45:01.0036 5340    sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/07/15 12:45:01.0077 5340    sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/15 12:45:01.0177 5340    sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/15 12:45:01.0274 5340    sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/15 12:45:01.0433 5340    SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/07/15 12:45:01.0544 5340    SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/07/15 12:45:01.0667 5340    Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/07/15 12:45:01.0801 5340    spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/07/15 12:45:01.0959 5340    srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
2011/07/15 12:45:02.0117 5340    srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/15 12:45:02.0256 5340    srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/15 12:45:02.0424 5340    stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/07/15 12:45:02.0545 5340    STHDA           (f3f6c17f70eba268cdbe4f9704e3eac5) C:\Windows\system32\DRIVERS\stwrt64.sys
2011/07/15 12:45:02.0707 5340    swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/07/15 12:45:02.0923 5340    Tcpip           (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\drivers\tcpip.sys
2011/07/15 12:45:03.0145 5340    TCPIP6          (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/15 12:45:03.0280 5340    tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/15 12:45:03.0427 5340    TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/07/15 12:45:03.0549 5340    TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/07/15 12:45:03.0686 5340    tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/15 12:45:03.0829 5340    TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/07/15 12:45:04.0042 5340    tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/15 12:45:04.0229 5340    TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/07/15 12:45:04.0427 5340    tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/15 12:45:04.0617 5340    uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/15 12:45:04.0803 5340    udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/15 12:45:05.0045 5340    uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/15 12:45:05.0192 5340    umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
2011/07/15 12:45:05.0281 5340    UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/15 12:45:05.0407 5340    UrlFilter       (1aa6ca6b150f85f07804cba5f814d9b2) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys
2011/07/15 12:45:05.0564 5340    USBAAPL64       (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
2011/07/15 12:45:05.0708 5340    usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys
2011/07/15 12:45:05.0965 5340    usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/07/15 12:45:06.0078 5340    usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/15 12:45:06.0250 5340    usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/15 12:45:06.0419 5340    usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
2011/07/15 12:45:06.0575 5340    usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/15 12:45:06.0688 5340    USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/15 12:45:06.0831 5340    usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/15 12:45:06.0997 5340    vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/07/15 12:45:07.0138 5340    vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/15 12:45:07.0247 5340    VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/07/15 12:45:07.0302 5340    vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/07/15 12:45:07.0454 5340    viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/07/15 12:45:07.0565 5340    volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/07/15 12:45:07.0747 5340    volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/07/15 12:45:07.0865 5340    volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/07/15 12:45:08.0023 5340    vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/15 12:45:08.0143 5340    vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/07/15 12:45:08.0264 5340    vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/07/15 12:45:08.0384 5340    vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/07/15 12:45:08.0513 5340    WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/07/15 12:45:08.0653 5340    WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/15 12:45:08.0727 5340    Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/15 12:45:08.0857 5340    Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/07/15 12:45:08.0994 5340    Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/15 12:45:09.0177 5340    WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/15 12:45:09.0320 5340    WimFltr         (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
2011/07/15 12:45:09.0407 5340    WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/07/15 12:45:09.0588 5340    WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/07/15 12:45:09.0758 5340    WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/07/15 12:45:09.0905 5340    ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/15 12:45:10.0048 5340    WSDPrintDevice  (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
2011/07/15 12:45:10.0088 5340    WSDScan         (4a2a5c50dd1a63577d3aca94269fbc7f) C:\Windows\system32\DRIVERS\WSDScan.sys
2011/07/15 12:45:10.0207 5340    WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/07/15 12:45:10.0360 5340    WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/15 12:45:10.0555 5340    yukonw7         (64f88af327aa74e03658ae32b48ccb8b) C:\Windows\system32\DRIVERS\yk62x64.sys
2011/07/15 12:45:10.0651 5340    MBR (0x1B8)     (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
2011/07/15 12:45:10.0669 5340    Boot (0x1200)   (85af29dac008a8545c9ba2eaad7df661) \Device\Harddisk0\DR0\Partition0
2011/07/15 12:45:10.0709 5340    Boot (0x1200)   (8e262b0897b67ac6ca8a559ae67b582b) \Device\Harddisk0\DR0\Partition1
2011/07/15 12:45:10.0715 5340    ================================================================================
2011/07/15 12:45:10.0715 5340    Scan finished
2011/07/15 12:45:10.0715 5340    ==============

62 Posts

July 15th, 2011 18:00

Hi martman05,

It seems it didn't find the infection I was hoping for. Lets run Combofix and see what nasties that finds.

Step 1
ComboFix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

* Double click on combofix.exe & follow the prompts.
* When finished, it will produce a logfile located at C:\ComboFix.txt.
* Post the contents of that log in your next reply with a new DDS log.

Note: ComboFix will open a window which will detail its progress. It may take several minutes to complete. Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.

*Note: Combofix is an extremely powerful tool and should not be used unsupervised. If used inappropriately it can cause irreparable damage to your computer.*

In your next reply:

 

Combofix.txt

7 Posts

July 18th, 2011 19:00

Gahixon1,

Here are the files you requested. I was unable to completely turn off McAfee. I ran combo fix. I wasn't sure if it ran correctly without completely shutting off McAfee so I uninstalled MacAfee and ran combo fix again. I am attaching both combo fix files along with the dds file.

ComboFix 11-07-15.03 - Martins 07/16/2011  10:07:32.1.2 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2008.1158 [GMT -5:00]

Running from: c:\users\Martins\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

* Resident AV is active

.

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\users\Martins\AppData\Local\{CF8ED9A2-F8DB-4787-B716-5E11D31C5906}

c:\users\Martins\AppData\Local\{CF8ED9A2-F8DB-4787-B716-5E11D31C5906}\chrome.manifest

c:\users\Martins\AppData\Local\{CF8ED9A2-F8DB-4787-B716-5E11D31C5906}\chrome\content\_cfg.js

c:\users\Martins\AppData\Local\{CF8ED9A2-F8DB-4787-B716-5E11D31C5906}\chrome\content\overlay.xul

c:\users\Martins\AppData\Local\{CF8ED9A2-F8DB-4787-B716-5E11D31C5906}\install.rdf

c:\users\Martins\AppData\Local\ivg.exe

c:\windows\security\Database\tmp.edb

.

.

(((((((((((((((((((((((((   Files Created from 2011-06-16 to 2011-07-16  )))))))))))))))))))))))))))))))

.

.

2011-07-16 15:25 . 2011-07-16 15:25 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-07-13 19:51 . 2011-07-13 19:51 -------- d-----w- c:\users\Martins\AppData\Local\Apple

2011-07-13 14:34 . 2011-07-13 14:34 -------- d-----w- c:\users\Martins\AppData\Roaming\IObit

2011-07-13 14:34 . 2011-07-13 14:34 -------- d-----w- c:\program files (x86)\IObit

2011-07-12 17:56 . 2011-07-12 17:56 -------- d-----w- c:\users\Martins\AppData\Local\Adobe

2011-07-09 23:54 . 2011-07-09 23:54 12872 ----a-w- c:\windows\system32\bootdelete.exe

2011-07-09 23:34 . 2011-07-09 23:44 -------- d-----w- c:\program files (x86)\Free Window Registry Repair

2011-07-09 20:11 . 2011-07-09 20:11 -------- d-----w- c:\users\Martins\AppData\Roaming\VSRevoGroup

2011-07-09 17:48 . 2011-07-10 14:42 23112 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-07-09 17:46 . 2011-07-09 23:54 -------- d-----w- c:\programdata\Hitman Pro

2011-07-09 03:21 . 2011-07-09 04:00 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-07-09 03:21 . 2009-01-25 18:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe

2011-07-09 03:21 . 2011-07-09 03:21 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2

2011-07-05 01:36 . 2011-06-04 06:56 424296 ----a-w- c:\windows\system32\HMIPCore64.dll

2011-07-05 01:36 . 2011-06-04 06:56 330600 ----a-w- c:\windows\SysWow64\HMIPCore.dll

2011-07-03 23:04 . 2011-07-03 23:04 -------- d-----w- C:\My Games

2011-07-03 23:04 . 2011-07-03 23:04 -------- d-----w- C:\My Download Files

2011-07-03 23:01 . 2011-07-03 23:01 774144 ----a-w- c:\program files (x86)\RngInterstitial.dll

2011-07-03 23:01 . 2011-07-03 23:11 -------- d-----w- c:\program files (x86)\Common Files\Real

2011-07-03 23:01 . 2011-07-03 23:04 -------- d-----w- c:\program files (x86)\Real

2011-07-03 23:01 . 2011-07-03 23:01 569397 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\RichFX\Player\nprfxins.dll

2011-07-03 22:59 . 2011-07-03 22:59 -------- d-----w- c:\program files (x86)\_ArcadeDownloadFolder

2011-07-03 22:55 . 2011-07-03 22:55 -------- d-----w- c:\program files (x86)\Common Files\Java

2011-06-24 21:22 . 2011-06-24 21:22 -------- d-----w- c:\windows\system32\SPReview

2011-06-24 19:49 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll

2011-06-24 19:49 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll

2011-06-24 19:49 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll

2011-06-24 19:47 . 2010-11-20 13:27 220672 ----a-w- c:\windows\system32\wintrust.dll

2011-06-24 19:46 . 2010-11-20 13:27 270848 ----a-w- c:\windows\system32\srrstr.dll

2011-06-24 19:45 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll

2011-06-24 19:45 . 2010-11-20 12:17 209920 ----a-w- c:\windows\SysWow64\PkgMgr.exe

2011-06-24 19:45 . 2010-11-20 12:18 323072 ----a-w- c:\windows\SysWow64\drvstore.dll

2011-06-24 19:45 . 2010-11-20 12:18 257024 ----a-w- c:\windows\SysWow64\dpx.dll

2011-06-24 19:45 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll

2011-06-24 19:45 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll

2011-06-24 19:39 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll

2011-06-24 19:39 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll

2011-06-24 19:39 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll

2011-06-24 19:38 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll

2011-06-24 19:38 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe

2011-06-24 19:37 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll

2011-06-24 19:37 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll

2011-06-22 01:52 . 2011-06-22 01:52 -------- d-s---w- c:\windows\SysWow64\Microsoft

2011-06-22 00:33 . 2011-06-22 00:44 -------- d-----w- c:\program files\Linksys

2011-06-22 00:30 . 2011-06-22 01:59 -------- d-----w- c:\programdata\Pure Networks

2011-06-17 12:13 . 2011-04-25 05:33 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-06-17 12:13 . 2011-04-25 02:34 499200 ----a-w- c:\windows\system32\drivers\afd.sys

2011-06-17 12:13 . 2010-11-20 13:33 288640 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2011-06-17 12:13 . 2011-04-27 02:39 289280 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-06-17 12:13 . 2011-04-27 02:40 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-06-17 12:13 . 2011-04-27 02:39 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-06-17 12:12 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys

2011-06-17 12:12 . 2011-04-29 03:05 410112 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-06-17 12:12 . 2011-04-29 03:05 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-06-17 12:12 . 2011-02-25 06:22 861696 ----a-w- c:\windows\system32\oleaut32.dll

2011-06-17 12:12 . 2011-02-25 05:34 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll

2011-06-17 12:12 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll

2011-06-17 12:12 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-03 22:54 . 2010-07-17 18:41 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-06-24 21:34 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2011-06-24 21:34 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2011-06-20 13:37 . 2011-05-15 12:58 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-06-03 05:57 . 2011-07-13 12:52 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2011-05-29 14:11 . 2011-05-18 18:57 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-05-29 14:11 . 2011-05-12 20:08 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-29 12:27 . 2011-04-23 18:12 0 ----a-w- c:\users\Martins\AppData\Local\Xrewuzeqijiwawan.bin

2011-04-22 22:15 . 2011-05-25 12:22 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1486392]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

.

c:\users\Martins\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 136176]

R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-07-06 169624]

R3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2011-04-28 20336]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 136176]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys

R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2011-03-23 33184]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys

R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2011-03-23 21328]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys

S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys

S1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [2011-07-06 48888]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys

S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-18 169312]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [2009-03-03 89600]

S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2011-06-01 821080]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [2011-02-16 101048]

S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-11-18 517632]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 245352]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe

S2 SDHookService;Spybot-S&D 2 Hooks Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-07-06 130976]

S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-07-06 1060272]

S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-07-06 909224]

S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-04-19 993848]

S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-04-19 399416]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys

S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys

S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-16 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job

- c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2011-07-09 16:21]

.

2011-07-16 c:\windows\Tasks\GlaryInitialize.job

- c:\program files (x86)\Glary Utilities\initialize.exe [2010-07-17 13:25]

.

2011-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 04:12]

.

2011-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 04:12]

.

2011-07-16 c:\windows\Tasks\ParetoLogic Registration.job

- c:\windows\system32\rundll32.exe [2009-07-13 01:14]

.

2011-07-16 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job

- c:\program files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2011-07-09 16:20]

.

2011-07-16 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job

- c:\program files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2011-07-09 16:21]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 384296]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]

"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]

"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-06-09 3216544]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-02-26 487424]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: internet

Trusted Zone: mcafee.com

TCP: DhcpNameServer = 192.168.1.254

DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} - hxxp://192.168.1.84/codebase/DVM_IPCam2.ocx

FF - ProfilePath - c:\users\Martins\AppData\Roaming\Mozilla\Firefox\Profiles\9g3tv11p.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com

FF - Ext: IP Cam PTZ: {7c402354-dd42-4ef3-8d2d-8aa1645b6999} - %profile%\extensions\{7c402354-dd42-4ef3-8d2d-8aa1645b6999}

FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files (x86)\McAfee\SiteAdvisor

FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Martins\AppData\Roaming\Move Networks

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Notify-SDWinLogon - SDWinLogon.dll

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Common Files\Motive\McciCMService.exe

c:\windows\SysWOW64\rundll32.exe

c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

.

**************************************************************************

.

Completion time: 2011-07-16  10:34:19 - machine was rebooted

ComboFix-quarantined-files.txt  2011-07-16 15:34

.

Pre-Run: 195,380,264,960 bytes free

Post-Run: 195,112,017,920 bytes free

.

- - End Of File - - A5668A5D7445A95C68874AFC9D9A1A65

ComboFix 11-07-15.03 - Martins 07/16/2011  10:49:40.2.2 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2008.1055 [GMT -5:00]

Running from: c:\users\Martins\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((   Files Created from 2011-06-16 to 2011-07-16  )))))))))))))))))))))))))))))))

.

.

2011-07-16 15:55 . 2011-07-16 15:55 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-07-13 19:51 . 2011-07-13 19:51 -------- d-----w- c:\users\Martins\AppData\Local\Apple

2011-07-13 14:34 . 2011-07-13 14:34 -------- d-----w- c:\users\Martins\AppData\Roaming\IObit

2011-07-13 14:34 . 2011-07-13 14:34 -------- d-----w- c:\program files (x86)\IObit

2011-07-12 17:56 . 2011-07-12 17:56 -------- d-----w- c:\users\Martins\AppData\Local\Adobe

2011-07-09 23:54 . 2011-07-09 23:54 12872 ----a-w- c:\windows\system32\bootdelete.exe

2011-07-09 23:34 . 2011-07-09 23:44 -------- d-----w- c:\program files (x86)\Free Window Registry Repair

2011-07-09 20:11 . 2011-07-09 20:11 -------- d-----w- c:\users\Martins\AppData\Roaming\VSRevoGroup

2011-07-09 17:48 . 2011-07-10 14:42 23112 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-07-09 17:46 . 2011-07-09 23:54 -------- d-----w- c:\programdata\Hitman Pro

2011-07-09 03:21 . 2011-07-09 04:00 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-07-09 03:21 . 2009-01-25 18:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe

2011-07-09 03:21 . 2011-07-09 03:21 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2

2011-07-05 01:36 . 2011-06-04 06:56 424296 ----a-w- c:\windows\system32\HMIPCore64.dll

2011-07-05 01:36 . 2011-06-04 06:56 330600 ----a-w- c:\windows\SysWow64\HMIPCore.dll

2011-07-03 23:04 . 2011-07-03 23:04 -------- d-----w- C:\My Games

2011-07-03 23:04 . 2011-07-03 23:04 -------- d-----w- C:\My Download Files

2011-07-03 23:01 . 2011-07-03 23:01 774144 ----a-w- c:\program files (x86)\RngInterstitial.dll

2011-07-03 23:01 . 2011-07-03 23:11 -------- d-----w- c:\program files (x86)\Common Files\Real

2011-07-03 23:01 . 2011-07-03 23:04 -------- d-----w- c:\program files (x86)\Real

2011-07-03 23:01 . 2011-07-03 23:01 569397 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\RichFX\Player\nprfxins.dll

2011-07-03 22:59 . 2011-07-03 22:59 -------- d-----w- c:\program files (x86)\_ArcadeDownloadFolder

2011-07-03 22:55 . 2011-07-03 22:55 -------- d-----w- c:\program files (x86)\Common Files\Java

2011-06-24 21:22 . 2011-06-24 21:22 -------- d-----w- c:\windows\system32\SPReview

2011-06-24 19:49 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll

2011-06-24 19:49 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll

2011-06-24 19:49 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll

2011-06-24 19:47 . 2010-11-20 13:27 220672 ----a-w- c:\windows\system32\wintrust.dll

2011-06-24 19:46 . 2010-11-20 13:27 270848 ----a-w- c:\windows\system32\srrstr.dll

2011-06-24 19:45 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll

2011-06-24 19:45 . 2010-11-20 12:17 209920 ----a-w- c:\windows\SysWow64\PkgMgr.exe

2011-06-24 19:45 . 2010-11-20 12:18 323072 ----a-w- c:\windows\SysWow64\drvstore.dll

2011-06-24 19:45 . 2010-11-20 12:18 257024 ----a-w- c:\windows\SysWow64\dpx.dll

2011-06-24 19:45 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll

2011-06-24 19:45 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll

2011-06-24 19:39 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll

2011-06-24 19:39 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll

2011-06-24 19:39 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll

2011-06-24 19:38 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll

2011-06-24 19:38 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe

2011-06-24 19:37 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll

2011-06-24 19:37 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll

2011-06-22 01:52 . 2011-06-22 01:52 -------- d-s---w- c:\windows\SysWow64\Microsoft

2011-06-22 00:33 . 2011-06-22 00:44 -------- d-----w- c:\program files\Linksys

2011-06-22 00:30 . 2011-06-22 01:59 -------- d-----w- c:\programdata\Pure Networks

2011-06-17 12:13 . 2011-04-25 05:33 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-06-17 12:13 . 2011-04-25 02:34 499200 ----a-w- c:\windows\system32\drivers\afd.sys

2011-06-17 12:13 . 2010-11-20 13:33 288640 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2011-06-17 12:13 . 2011-04-27 02:39 289280 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-06-17 12:13 . 2011-04-27 02:40 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-06-17 12:13 . 2011-04-27 02:39 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-06-17 12:12 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys

2011-06-17 12:12 . 2011-04-29 03:05 410112 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-06-17 12:12 . 2011-04-29 03:05 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-06-17 12:12 . 2011-02-25 06:22 861696 ----a-w- c:\windows\system32\oleaut32.dll

2011-06-17 12:12 . 2011-02-25 05:34 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll

2011-06-17 12:12 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll

2011-06-17 12:12 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-03 22:54 . 2010-07-17 18:41 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-06-24 21:34 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2011-06-24 21:34 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2011-06-20 13:37 . 2011-05-15 12:58 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-06-03 05:57 . 2011-07-13 12:52 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2011-05-29 14:11 . 2011-05-18 18:57 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-05-29 14:11 . 2011-05-12 20:08 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-29 12:27 . 2011-04-23 18:12 0 ----a-w- c:\users\Martins\AppData\Local\Xrewuzeqijiwawan.bin

2011-04-22 22:15 . 2011-05-25 12:22 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

.

c:\users\Martins\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDWinLogon]

SDWinLogon.dll [BU]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 136176]

R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-07-06 169624]

R3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2011-04-28 20336]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 136176]

R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2011-03-23 33184]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys

R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2011-03-23 21328]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys

S1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [2011-07-06 48888]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys

S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-18 169312]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [2009-03-03 89600]

S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2011-06-01 821080]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [2011-02-16 101048]

S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-11-18 517632]

S2 SDHookService;Spybot-S&D 2 Hooks Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-07-06 130976]

S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-07-06 1060272]

S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-07-06 909224]

S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-04-19 993848]

S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-04-19 399416]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]

S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys

S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-16 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job

- c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2011-07-09 16:21]

.

2011-07-16 c:\windows\Tasks\GlaryInitialize.job

- c:\program files (x86)\Glary Utilities\initialize.exe [2010-07-17 13:25]

.

2011-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 04:12]

.

2011-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 04:12]

.

2011-07-16 c:\windows\Tasks\ParetoLogic Registration.job

- c:\windows\system32\rundll32.exe [2009-07-13 01:14]

.

2011-07-16 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job

- c:\program files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2011-07-09 16:20]

.

2011-07-16 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job

- c:\program files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2011-07-09 16:21]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 384296]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]

"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-02-26 487424]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: internet

Trusted Zone: mcafee.com

TCP: DhcpNameServer = 192.168.1.254

DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} - hxxp://192.168.1.84/codebase/DVM_IPCam2.ocx

FF - ProfilePath - c:\users\Martins\AppData\Roaming\Mozilla\Firefox\Profiles\9g3tv11p.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com

FF - Ext: IP Cam PTZ: {7c402354-dd42-4ef3-8d2d-8aa1645b6999} - %profile%\extensions\{7c402354-dd42-4ef3-8d2d-8aa1645b6999}

FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files (x86)\McAfee\SiteAdvisor

FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Martins\AppData\Roaming\Move Networks

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Common Files\Motive\McciCMService.exe

c:\windows\SysWOW64\rundll32.exe

c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files (x86)\Dell DataSafe Local Backup\Toaster.exe

.

**************************************************************************

.

Completion time: 2011-07-16  11:02:12 - machine was rebooted

ComboFix-quarantined-files.txt  2011-07-16 16:02

ComboFix2.txt  2011-07-16 15:34

.

Pre-Run: 195,439,583,232 bytes free

Post-Run: 195,373,219,840 bytes free

.

- - End Of File - - E819C480CDAC182A222F2209F7475AB4

DDS (Ver_2011-07-14.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_26

Run by Martins at 11:20:01 on 2011-07-17

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2008.932 [GMT -5:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe

C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe

c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE

C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\mfevtps.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

C:\Program Files (x86)\Secunia\PSI\PSIA.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\System32\igfxtray.exe

C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Secunia\PSI\sua.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\explorer.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll

BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110716124354.dll

BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

StartupFolder: C:\Users\Martins\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll

Trusted Zone: internet

Trusted Zone: mcafee.com

Trusted Zone: mcafee.com

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} - hxxp://192.168.1.84/codebase/DVM_IPCam2.ocx

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{907FBB65-19A3-43FA-B8E0-64CBD4C2D913} : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{907FBB65-19A3-43FA-B8E0-64CBD4C2D913}\2456C6B696E6 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{907FBB65-19A3-43FA-B8E0-64CBD4C2D913}\35072796E64702D49664962323030302932444 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{907FBB65-19A3-43FA-B8E0-64CBD4C2D913}\84F6F6B656D6D27657563747 : DHCPNameServer = 68.87.85.102 68.87.69.150

TCP: Interfaces\{907FBB65-19A3-43FA-B8E0-64CBD4C2D913}\86F6F6B656D6 : DHCPNameServer = 68.87.85.102 68.87.69.150

TCP: Interfaces\{907FBB65-19A3-43FA-B8E0-64CBD4C2D913}\C696E6B6379737 : DHCPNameServer = 68.87.85.102 68.87.69.150

TCP: Interfaces\{907FBB65-19A3-43FA-B8E0-64CBD4C2D913}\D4F626965737 : DHCPNameServer = 192.168.1.1

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

Notify: SDWinLogon - SDWinLogon.dll

x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110716124354.dll

x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -

x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe

x64-Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe

x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Martins\AppData\Roaming\Mozilla\Firefox\Profiles\9g3tv11p.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npracplug.dll

FF - plugin: C:\Program Files (x86)\Real\RealArcade\Plugins\Mozilla\npracplug.dll

FF - plugin: C:\Users\Martins\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-3-13 639216]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-7-16 283744]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-5-25 55280]

R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2011-7-16 75160]

R1 SDHookDriver;Spybot-S&D 2 Hook Driver;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [2011-7-8 48888]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]

R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-18 169312]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [2010-11-10 89600]

R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2011-7-13 821080]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-7-16 355440]

R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2010-12-2 517632]

R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-7-16 355440]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-7-16 355440]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-7-16 355440]

R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-7-16 200056]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-7-16 245352]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2011-7-16 158832]

R2 SDHookService;Spybot-S&D 2 Hooks Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-7-8 130976]

R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-7-8 1060272]

R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-7-8 909224]

R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-4-19 993848]

R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-4-19 399416]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-5-25 705856]

R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-4-22 92592]

R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-7-16 63056]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-7-16 190520]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-7-16 441840]

R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-5-3 215552]

R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\System32\drivers\WSDPrint.sys [2009-7-13 23040]

R3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-2 136176]

S2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-7-8 169624]

S3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2011-7-13 20336]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-2 136176]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-7-16 94992]

S3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2011-7-13 33184]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-24 59392]

S3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2011-7-13 21328]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-7-18 1255736]

.

=============== Created Last 30 ================

.

2011-07-16 17:44:00 -------- d-----w- C:\Program Files (x86)\McAfee.com

2011-07-16 17:43:54 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys

2011-07-16 17:43:54 24376 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\Scriptff.dll

2011-07-16 17:43:46 94992 ----a-w- C:\Windows\System32\drivers\mferkdet.sys

2011-07-16 17:43:46 75160 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys

2011-07-16 17:43:46 63056 ----a-w- C:\Windows\System32\drivers\cfwids.sys

2011-07-16 17:43:46 441840 ----a-w- C:\Windows\System32\drivers\mfefirek.sys

2011-07-16 17:43:46 283744 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys

2011-07-16 17:43:46 190520 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys

2011-07-16 17:43:42 -------- d-----w- C:\Program Files\McAfee.com

2011-07-16 17:43:42 -------- d-----w- C:\Program Files\Common Files\McAfee

2011-07-16 17:43:41 -------- d-----w- C:\Program Files\McAfee

2011-07-16 17:43:25 158832 ----a-w- C:\Windows\System32\mfevtps.exe

2011-07-16 17:14:48 89048 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll

2011-07-16 17:14:48 781272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll

2011-07-16 17:14:48 465880 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll

2011-07-16 17:14:48 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll

2011-07-16 17:14:48 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll

2011-07-16 17:14:48 1850328 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

2011-07-16 17:14:48 15832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll

2011-07-16 17:14:48 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll

2011-07-16 17:09:30 -------- d-sh--w- C:\$RECYCLE.BIN

2011-07-16 15:05:22 208896 ----a-w- C:\Windows\MBR.exe

2011-07-16 15:05:19 98816 ----a-w- C:\Windows\sed.exe

2011-07-16 15:05:19 256000 ----a-w- C:\Windows\PEV.exe

2011-07-13 19:51:16 -------- d-----w- C:\Users\Martins\AppData\Local\Apple

2011-07-13 14:34:17 -------- d-----w- C:\Users\Martins\AppData\Roaming\IObit

2011-07-13 14:34:14 -------- d-----w- C:\Program Files (x86)\IObit

2011-07-12 17:56:11 -------- d-----w- C:\Users\Martins\AppData\Local\Adobe

2011-07-09 23:54:46 12872 ----a-w- C:\Windows\System32\bootdelete.exe

2011-07-09 23:34:28 -------- d-----w- C:\Program Files (x86)\Free Window Registry Repair

2011-07-09 20:11:09 -------- d-----w- C:\Users\Martins\AppData\Roaming\VSRevoGroup

2011-07-09 17:48:34 23112 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys

2011-07-09 17:46:38 -------- d-----w- C:\ProgramData\Hitman Pro

2011-07-09 03:21:50 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2011-07-09 03:21:31 17272 ----a-w- C:\Windows\System32\sdnclean64.exe

2011-07-09 03:21:27 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2

2011-07-05 01:36:48 424296 ----a-w- C:\Windows\System32\HMIPCore64.dll

2011-07-05 01:36:47 330600 ----a-w- C:\Windows\SysWow64\HMIPCore.dll

2011-07-03 23:04:57 -------- d-----w- C:\My Games

2011-07-03 23:04:40 -------- d-----w- C:\My Download Files

2011-07-03 23:01:28 774144 ----a-w- C:\Program Files (x86)\RngInterstitial.dll

2011-07-03 23:01:17 -------- d-----w- C:\Program Files (x86)\Common Files\Real

2011-07-03 23:01:02 569397 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\RichFX\Player\nprfxins.dll

2011-07-03 22:59:59 -------- d-----w- C:\Program Files (x86)\_ArcadeDownloadFolder

2011-06-24 21:22:19 -------- d-----w- C:\Windows\System32\SPReview

2011-06-24 19:49:11 48976 ----a-w- C:\Windows\System32\netfxperf.dll

2011-06-24 19:49:10 1942856 ----a-w- C:\Windows\System32\dfshim.dll

2011-06-24 19:49:02 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll

2011-06-24 19:47:59 630272 ----a-w- C:\Windows\System32\evr.dll

2011-06-24 19:46:59 610304 ----a-w- C:\Program Files (x86)\Common Files\System\Ole DB\msdasql.dll

2011-06-24 19:45:48 209920 ----a-w- C:\Windows\SysWow64\PkgMgr.exe

2011-06-24 19:45:48 189952 ----a-w- C:\Windows\SysWow64\wdscore.dll

2011-06-24 19:45:13 323072 ----a-w- C:\Windows\SysWow64\drvstore.dll

2011-06-24 19:45:12 257024 ----a-w- C:\Windows\SysWow64\dpx.dll

2011-06-24 19:45:00 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll

2011-06-24 19:45:00 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll

2011-06-24 19:39:20 529408 ----a-w- C:\Windows\System32\wbemcomn.dll

2011-06-24 19:39:20 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll

2011-06-24 19:39:20 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll

2011-06-24 19:38:52 933376 ----a-w- C:\Windows\System32\SmiEngine.dll

2011-06-24 19:38:36 199168 ----a-w- C:\Windows\System32\PkgMgr.exe

2011-06-24 19:37:29 422912 ----a-w- C:\Windows\System32\drvstore.dll

2011-06-24 19:37:29 399872 ----a-w- C:\Windows\System32\dpx.dll

2011-06-22 01:52:46 -------- d-s---w- C:\Windows\SysWow64\Microsoft

2011-06-22 00:33:12 -------- d-----w- C:\Program Files\Linksys

2011-06-22 00:30:56 -------- d-----w- C:\ProgramData\Pure Networks

.

==================== Find3M  ====================

.

2011-07-03 22:54:34 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-06-24 21:34:34 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2011-06-24 21:34:33 175616 ----a-w- C:\Windows\System32\msclmd.dll

2011-06-20 13:37:36 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys

2011-06-03 06:57:45 362496 ----a-w- C:\Windows\System32\wow64win.dll

2011-06-03 06:57:45 243200 ----a-w- C:\Windows\System32\wow64.dll

2011-06-03 06:57:45 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2011-06-03 06:57:44 214528 ----a-w- C:\Windows\System32\winsrv.dll

2011-06-03 06:57:38 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll

2011-06-03 06:53:33 338944 ----a-w- C:\Windows\System32\conhost.exe

2011-06-03 06:00:53 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2011-06-03 05:57:33 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2011-06-03 05:56:12 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2011-06-03 03:53:31 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2011-06-03 03:53:31 2048 ----a-w- C:\Windows\SysWow64\user.exe

2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-05-29 14:11:30 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-05-29 14:11:20 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll

2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll

2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll

2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll

2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe

2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll

2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll

2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll

2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll

2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll

2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll

2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe

2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe

2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe

2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll

2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll

2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll

2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll

2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll

2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll

2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe

2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe

2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe

2011-05-03 05:29:29 976896 ----a-w- C:\Windows\System32\inetcomm.dll

2011-05-03 04:30:02 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll

2011-04-29 03:06:10 467456 ----a-w- C:\Windows\System32\drivers\srv.sys

2011-04-29 03:05:49 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys

2011-04-29 03:05:37 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2011-04-27 02:40:40 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys

2011-04-27 02:39:40 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-04-27 02:39:37 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys

2011-04-25 05:33:51 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-04-25 02:34:03 499200 ----a-w- C:\Windows\System32\drivers\afd.sys

2011-04-23 01:29:25 2303488 ----a-w- C:\Windows\System32\jscript9.dll

2011-04-23 01:19:19 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-04-22 23:35:56 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-04-22 23:25:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-04-22 22:15:29 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys

.

============= FINISH: 11:20:40.80 ===============

62 Posts

July 20th, 2011 14:00

Hi martman05,

Please run this script for me next. After this can you please tell me if the redirects have stopped on your computer. It's very important that you tell me this.

Step 1
CFScript

Please open Notepad and copy/paste the text in between the two lines, into the notepad:
===============================================

KillAll::


Folder::
c:\users\Martins\AppData\Roaming\IObit
c:\program files (x86)\IObit
c:\program files (x86)\Free Window Registry Repair


File::
c:\users\Martins\AppData\Local\Xrewuzeqijiwawan.bin
c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys
c:\program files (x86)\Glary Utilities\initialize.exe
c:\windows\Tasks\GlaryInitialize.job



Driver::
FileMonitor



=====================================================

Save this as CFScript.txt and change the 'Save as type' to 'All Files' and place it on your desktop. Make sure your AV is disabled while we do this.

CFScriptB-4.gif
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.

ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

In your next reply
Combofix.txt
Have the redirects stopped?

7 Posts

July 25th, 2011 15:00

As per your request, here is the file. I had some difficulty running the program as I can't completely shut down mcafee. With that said it appears that the redirect issue is resolved. Thanks for the all the help.

ComboFix 11-07-20.05 - Martins 07/20/2011  17:58:09.3.2 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2008.1089 [GMT -5:00]

Running from: c:\users\Martins\Downloads\ComboFix.exe

Command switches used :: c:\users\Martins\Desktop\CFScript.txt

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

* Resident AV is active

.

.

FILE ::

"c:\program files (x86)\Glary Utilities\initialize.exe"

"c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys"

"c:\users\Martins\AppData\Local\Xrewuzeqijiwawan.bin"

"c:\windows\Tasks\GlaryInitialize.job"

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Free Window Registry Repair

c:\program files (x86)\Free Window Registry Repair\Backup\2011_07_09_184346.reg

c:\program files (x86)\Free Window Registry Repair\INSTALL.LOG

c:\program files (x86)\Free Window Registry Repair\MSN.ssk

c:\program files (x86)\Free Window Registry Repair\Regpair.exe

c:\program files (x86)\Free Window Registry Repair\Regpair.url

c:\program files (x86)\Free Window Registry Repair\Settings.dat

c:\program files (x86)\Free Window Registry Repair\Silver.ssk

c:\program files (x86)\Free Window Registry Repair\UNWISE.EXE

c:\program files (x86)\Glary Utilities\initialize.exe

c:\program files (x86)\IObit

c:\program files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe

c:\program files (x86)\IObit\IObit Malware Fighter\datastate.dll

c:\program files (x86)\IObit\IObit Malware Fighter\db\core000.def

c:\program files (x86)\IObit\IObit Malware Fighter\db\core001.def

c:\program files (x86)\IObit\IObit Malware Fighter\db\core002.def

c:\program files (x86)\IObit\IObit Malware Fighter\db\core003.def

c:\program files (x86)\IObit\IObit Malware Fighter\db\core004.def

c:\program files (x86)\IObit\IObit Malware Fighter\db\core005.def

c:\program files (x86)\IObit\IObit Malware Fighter\db\core006.def

c:\program files (x86)\IObit\IObit Malware Fighter\db\core007.def

c:\program files (x86)\IObit\IObit Malware Fighter\db\core008.def

c:\program files (x86)\IObit\IObit Malware Fighter\db\core009.def

c:\program files (x86)\IObit\IObit Malware Fighter\db\core010.def

c:\program files (x86)\IObit\IObit Malware Fighter\db\core011.def

c:\program files (x86)\IObit\IObit Malware Fighter\db\core012.def

c:\program files (x86)\IObit\IObit Malware Fighter\DebugOutput_IMF.exe.txt

c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys

c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys

c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys

c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_ia64\FileMonitor.sys

c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_ia64\RegFilter.sys

c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_ia64\UrlFilter.sys

c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys

c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_x86\RegFilter.sys

c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_x86\UrlFilter.sys

c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_amd64\FileMonitor.sys

c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_amd64\RegFilter.sys

c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_amd64\UrlFilter.sys

c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_ia64\FileMonitor.sys

c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_ia64\RegFilter.sys

c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_ia64\UrlFilter.sys

c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys

c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_x86\RegFilter.sys

c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_x86\UrlFilter.sys

c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\wnet_amd64\FileMonitor.sys

c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\wnet_amd64\RegFilter.sys

c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\wnet_amd64\UrlFilter.sys

c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\wnet_ia64\FileMonitor.sys

c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\wnet_ia64\RegFilter.sys

c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\wnet_ia64\UrlFilter.sys

c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\wnet_x86\FileMonitor.sys

c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\wnet_x86\RegFilter.sys

c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\wnet_x86\UrlFilter.sys

c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\wxp_ia64\UrlFilter.sys

c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys

c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys

c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys

c:\program files (x86)\IObit\IObit Malware Fighter\EULA.rtf

c:\program files (x86)\IObit\IObit Malware Fighter\fav.ico

c:\program files (x86)\IObit\IObit Malware Fighter\FileMonitor.dll

c:\program files (x86)\IObit\IObit Malware Fighter\Freeware\Check.dll

c:\program files (x86)\IObit\IObit Malware Fighter\Freeware\IMF_FreeSoftwareDownloader.exe

c:\program files (x86)\IObit\IObit Malware Fighter\help\help.html

c:\program files (x86)\IObit\IObit Malware Fighter\help\img\cloud.png

c:\program files (x86)\IObit\IObit Malware Fighter\help\img\main-cloud.png

c:\program files (x86)\IObit\IObit Malware Fighter\help\img\main-free.png

c:\program files (x86)\IObit\IObit Malware Fighter\help\img\main-pro.png

c:\program files (x86)\IObit\IObit Malware Fighter\help\img\main-protect.png

c:\program files (x86)\IObit\IObit Malware Fighter\help\img\main-scan.png

c:\program files (x86)\IObit\IObit Malware Fighter\help\img\overview.png

c:\program files (x86)\IObit\IObit Malware Fighter\help\img\protect.png

c:\program files (x86)\IObit\IObit Malware Fighter\help\img\scan.png

c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe

c:\program files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll

c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe

c:\program files (x86)\IObit\IObit Malware Fighter\IMFUpdater.exe

c:\program files (x86)\IObit\IObit Malware Fighter\IntegrateFilter.dll

c:\program files (x86)\IObit\IObit Malware Fighter\IObitUninstal.exe

c:\program files (x86)\IObit\IObit Malware Fighter\Language\Arabic.lng

c:\program files (x86)\IObit\IObit Malware Fighter\Language\cache

c:\program files (x86)\IObit\IObit Malware Fighter\Language\ChineseSimp.lng

c:\program files (x86)\IObit\IObit Malware Fighter\Language\ChineseTrad.lng

c:\program files (x86)\IObit\IObit Malware Fighter\Language\Czech.lng

c:\program files (x86)\IObit\IObit Malware Fighter\Language\English.lng

c:\program files (x86)\IObit\IObit Malware Fighter\Language\French.lng

c:\program files (x86)\IObit\IObit Malware Fighter\Language\German.lng

c:\program files (x86)\IObit\IObit Malware Fighter\Language\Hungarian.lng

c:\program files (x86)\IObit\IObit Malware Fighter\Language\Italian.lng

c:\program files (x86)\IObit\IObit Malware Fighter\Language\Japanese.lng

c:\program files (x86)\IObit\IObit Malware Fighter\Language\Korean.lng

c:\program files (x86)\IObit\IObit Malware Fighter\Language\Polish.lng

c:\program files (x86)\IObit\IObit Malware Fighter\Language\PortugueseBR.lng

c:\program files (x86)\IObit\IObit Malware Fighter\Language\Russian.lng

c:\program files (x86)\IObit\IObit Malware Fighter\Language\Spanish.lng

c:\program files (x86)\IObit\IObit Malware Fighter\Language\Turkish.lng

c:\program files (x86)\IObit\IObit Malware Fighter\Language\Vietnamese.lng

c:\program files (x86)\IObit\IObit Malware Fighter\LatestNews\LatestNews.ini

c:\program files (x86)\IObit\IObit Malware Fighter\license.dat

c:\program files (x86)\IObit\IObit Malware Fighter\Quarantine Zone\info.db

c:\program files (x86)\IObit\IObit Malware Fighter\RegFilter.dll

c:\program files (x86)\IObit\IObit Malware Fighter\rtl120.bpl

c:\program files (x86)\IObit\IObit Malware Fighter\Scan.dll

c:\program files (x86)\IObit\IObit Malware Fighter\ScriptScan.dll

c:\program files (x86)\IObit\IObit Malware Fighter\StartMenu.exe

c:\program files (x86)\IObit\IObit Malware Fighter\Suspicious.dll

c:\program files (x86)\IObit\IObit Malware Fighter\taskmgr.dll

c:\program files (x86)\IObit\IObit Malware Fighter\TaskSchedule.exe

c:\program files (x86)\IObit\IObit Malware Fighter\unins000.dat

c:\program files (x86)\IObit\IObit Malware Fighter\unins000.exe

c:\program files (x86)\IObit\IObit Malware Fighter\unins000.msg

c:\program files (x86)\IObit\IObit Malware Fighter\unrar.dll

c:\program files (x86)\IObit\IObit Malware Fighter\URLFilter.dll

c:\program files (x86)\IObit\IObit Malware Fighter\vcl120.bpl

c:\program files (x86)\IObit\IObit Malware Fighter\vclx120.bpl

c:\program files (x86)\IObit\IObit Malware Fighter\zlibwapi.dll

c:\users\Martins\AppData\Local\Xrewuzeqijiwawan.bin

c:\users\Martins\AppData\Roaming\IObit

c:\users\Martins\AppData\Roaming\IObit\IObit Malware Fighter\config.ini

c:\users\Martins\AppData\Roaming\IObit\IObit Malware Fighter\ignore.ini

c:\users\Martins\AppData\Roaming\IObit\IObit Malware Fighter\remember.ini

c:\windows\Tasks\GlaryInitialize.job

.

.

(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_FILEMONITOR

-------\Service_FileMonitor

-------\Legacy_RegFilter

-------\Legacy_UrlFilter

-------\Legacy_RegFilter

-------\Legacy_UrlFilter

-------\Service_IMFservice

-------\Service_RegFilter

-------\Service_UrlFilter

-------\Service_IMFservice

-------\Service_RegFilter

-------\Service_UrlFilter

.

.

(((((((((((((((((((((((((   Files Created from 2011-06-20 to 2011-07-20  )))))))))))))))))))))))))))))))

.

.

2011-07-20 23:11 . 2011-07-20 23:11 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-07-20 00:08 . 2011-07-20 00:08 -------- d-----w- c:\users\Martins\AppData\Local\ElevatedDiagnostics

2011-07-16 17:44 . 2011-07-16 17:44 -------- d-----w- c:\program files (x86)\McAfee.com

2011-07-16 17:43 . 2011-04-14 19:01 9984 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-07-16 17:43 . 2011-04-14 19:01 24376 ----a-w- c:\program files (x86)\Mozilla Firefox\components\Scriptff.dll

2011-07-16 17:43 . 2011-04-14 19:01 94992 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-07-16 17:43 . 2011-04-14 19:01 75160 ----a-w- c:\windows\system32\drivers\mfenlfk.sys

2011-07-16 17:43 . 2011-04-14 19:01 63056 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-07-16 17:43 . 2011-04-14 19:01 441840 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-07-16 17:43 . 2011-04-14 19:01 283744 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2011-07-16 17:43 . 2011-04-14 19:01 190520 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-07-16 17:43 . 2011-07-16 17:44 -------- d-----w- c:\program files\Common Files\McAfee

2011-07-16 17:43 . 2011-07-16 17:44 -------- d-----w- c:\program files\McAfee

2011-07-16 17:43 . 2011-03-13 16:45 158832 ----a-w- c:\windows\system32\mfevtps.exe

2011-07-16 17:14 . 2011-07-08 07:16 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll

2011-07-16 17:14 . 2011-07-08 07:16 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll

2011-07-16 17:14 . 2011-07-08 07:16 465880 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll

2011-07-16 17:14 . 2011-07-08 07:16 1850328 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll

2011-07-16 17:14 . 2011-07-08 07:16 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll

2011-07-16 17:14 . 2011-07-08 07:16 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll

2011-07-16 17:14 . 2010-01-01 08:00 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll

2011-07-16 17:14 . 2010-01-01 08:00 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll

2011-07-13 19:51 . 2011-07-13 19:51 -------- d-----w- c:\users\Martins\AppData\Local\Apple

2011-07-12 17:56 . 2011-07-12 17:56 -------- d-----w- c:\users\Martins\AppData\Local\Adobe

2011-07-09 23:54 . 2011-07-09 23:54 12872 ----a-w- c:\windows\system32\bootdelete.exe

2011-07-09 20:11 . 2011-07-09 20:11 -------- d-----w- c:\users\Martins\AppData\Roaming\VSRevoGroup

2011-07-09 17:48 . 2011-07-10 14:42 23112 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-07-09 17:46 . 2011-07-09 23:54 -------- d-----w- c:\programdata\Hitman Pro

2011-07-09 03:21 . 2011-07-09 04:00 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-07-09 03:21 . 2009-01-25 18:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe

2011-07-09 03:21 . 2011-07-09 03:21 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2

2011-07-05 01:36 . 2011-06-04 06:56 424296 ----a-w- c:\windows\system32\HMIPCore64.dll

2011-07-05 01:36 . 2011-06-04 06:56 330600 ----a-w- c:\windows\SysWow64\HMIPCore.dll

2011-07-03 23:04 . 2011-07-03 23:04 -------- d-----w- C:\My Games

2011-07-03 23:04 . 2011-07-03 23:04 -------- d-----w- C:\My Download Files

2011-07-03 23:01 . 2011-07-03 23:01 774144 ----a-w- c:\program files (x86)\RngInterstitial.dll

2011-07-03 23:01 . 2011-07-03 23:11 -------- d-----w- c:\program files (x86)\Common Files\Real

2011-07-03 23:01 . 2011-07-03 23:04 -------- d-----w- c:\program files (x86)\Real

2011-07-03 23:01 . 2011-07-03 23:01 569397 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\RichFX\Player\nprfxins.dll

2011-07-03 22:59 . 2011-07-03 22:59 -------- d-----w- c:\program files (x86)\_ArcadeDownloadFolder

2011-07-03 22:55 . 2011-07-03 22:55 -------- d-----w- c:\program files (x86)\Common Files\Java

2011-06-24 21:22 . 2011-06-24 21:22 -------- d-----w- c:\windows\system32\SPReview

2011-06-24 19:49 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll

2011-06-24 19:49 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll

2011-06-24 19:49 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll

2011-06-24 19:47 . 2010-11-20 13:27 220672 ----a-w- c:\windows\system32\wintrust.dll

2011-06-24 19:46 . 2010-11-20 13:27 270848 ----a-w- c:\windows\system32\srrstr.dll

2011-06-24 19:45 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll

2011-06-24 19:45 . 2010-11-20 12:17 209920 ----a-w- c:\windows\SysWow64\PkgMgr.exe

2011-06-24 19:45 . 2010-11-20 12:18 323072 ----a-w- c:\windows\SysWow64\drvstore.dll

2011-06-24 19:45 . 2010-11-20 12:18 257024 ----a-w- c:\windows\SysWow64\dpx.dll

2011-06-24 19:45 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll

2011-06-24 19:45 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll

2011-06-24 19:39 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll

2011-06-24 19:39 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll

2011-06-24 19:39 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll

2011-06-24 19:38 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll

2011-06-24 19:38 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe

2011-06-24 19:37 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll

2011-06-24 19:37 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll

2011-06-22 01:52 . 2011-06-22 01:52 -------- d-s---w- c:\windows\SysWow64\Microsoft

2011-06-22 00:33 . 2011-06-22 00:44 -------- d-----w- c:\program files\Linksys

2011-06-22 00:30 . 2011-06-22 01:59 -------- d-----w- c:\programdata\Pure Networks

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-03 22:54 . 2010-07-17 18:41 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-06-24 21:34 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2011-06-24 21:34 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2011-06-20 13:37 . 2011-05-15 12:58 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-06-03 05:57 . 2011-07-13 12:52 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2011-05-29 14:11 . 2011-05-18 18:57 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-05-29 14:11 . 2011-05-12 20:08 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-03 05:29 . 2011-06-17 12:12 976896 ----a-w- c:\windows\system32\inetcomm.dll

2011-05-03 04:30 . 2011-06-17 12:12 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll

2011-04-29 03:06 . 2011-06-17 12:12 467456 ----a-w- c:\windows\system32\drivers\srv.sys

2011-04-29 03:05 . 2011-06-17 12:12 410112 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-04-29 03:05 . 2011-06-17 12:12 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-04-27 02:40 . 2011-06-17 12:13 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-27 02:39 . 2011-06-17 12:13 289280 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-04-27 02:39 . 2011-06-17 12:13 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-04-25 05:33 . 2011-06-17 12:13 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-04-25 02:34 . 2011-06-17 12:13 499200 ----a-w- c:\windows\system32\drivers\afd.sys

2011-04-23 01:29 . 2011-06-17 12:07 2303488 ----a-w- c:\windows\system32\jscript9.dll

2011-04-23 01:19 . 2011-06-17 12:07 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-04-22 23:35 . 2011-06-17 12:07 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll

2011-04-22 23:25 . 2011-06-17 12:07 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2011-04-22 22:15 . 2011-05-25 12:22 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys

.

.

(((((((((((((((((((((((((((((   SnapShot@2011-07-16_15.57.16   )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:54 . 2011-07-16 15:56 32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2011-07-20 23:13 32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2011-07-20 23:13 32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2011-07-16 15:56 32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2011-07-20 23:13 16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2011-07-16 15:56 16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-05-25 09:29 . 2011-07-20 22:01 68566              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-07-20 22:01 49114              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-07-17 18:30 . 2011-07-20 22:01 19778              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2431965064-2589247221-2864847985-1001_UserData.bin

- 2009-07-14 05:30 . 2011-07-16 15:38 86016              c:\windows\system32\DriverStore\infpub.dat

+ 2009-07-14 05:30 . 2011-07-16 17:43 86016              c:\windows\system32\DriverStore\infpub.dat

+ 2011-07-16 17:43 . 2011-04-14 19:01 75160              c:\windows\system32\DriverStore\FileRepository\mfenlfk.inf_amd64_neutral_0f6d560ba05e8c16\mfenlfk.sys

- 2010-07-17 18:06 . 2011-07-16 15:26 32768              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-07-17 18:06 . 2011-07-20 23:13 32768              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-07-17 18:06 . 2011-07-20 23:13 32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-07-17 18:06 . 2011-07-16 15:26 32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2011-07-16 15:26 16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2011-07-20 23:13 16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:46 . 2011-07-19 21:38 89704              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

- 2011-07-16 15:56 . 2011-07-16 15:56 2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-07-20 23:12 . 2011-07-20 23:12 2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-07-20 23:12 . 2011-07-20 23:12 2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-07-16 15:56 . 2011-07-16 15:56 2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2010-07-18 00:27 . 2011-07-19 21:58 275484              c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

- 2009-07-14 02:36 . 2011-07-13 18:04 624178              c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-07-20 14:19 624178              c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-07-20 14:19 106522              c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2011-07-13 18:04 106522              c:\windows\system32\perfc009.dat

+ 2009-07-14 05:30 . 2011-07-16 17:43 143360              c:\windows\system32\DriverStore\infstrng.dat

- 2009-07-14 05:30 . 2011-07-16 15:38 143360              c:\windows\system32\DriverStore\infstrng.dat

+ 2009-07-14 05:30 . 2011-07-16 17:43 143360              c:\windows\system32\DriverStore\infstor.dat

- 2009-07-14 05:30 . 2011-07-16 15:38 143360              c:\windows\system32\DriverStore\infstor.dat

+ 2011-03-13 16:20 . 2011-03-13 16:20 639216              c:\windows\system32\drivers\mfehidk.sys

+ 2011-03-13 16:20 . 2011-03-13 16:20 156792              c:\windows\system32\drivers\mfeapfk.sys

- 2009-07-14 05:01 . 2011-07-16 15:56 358916              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2011-07-20 23:11 358916              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2010-12-14 14:44 . 2011-07-20 23:12 3492108              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2431965064-2589247221-2864847985-1001-8192.dat

- 2010-12-14 04:33 . 2011-07-13 13:46 4757592              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2431965064-2589247221-2864847985-1001-4096.dat

+ 2010-12-14 04:33 . 2011-07-16 17:37 4757592              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2431965064-2589247221-2864847985-1001-4096.dat

+ 2010-12-27 01:05 . 2011-07-16 19:39 2696821              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2431965064-2589247221-2864847985-1001-12288.dat

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-05-05 1486392]

.

c:\users\Martins\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDWinLogon]

SDWinLogon.dll [BU]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 136176]

R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-07-06 169624]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 136176]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys

R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys

R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys

S1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [2011-07-06 48888]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys

S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-18 169312]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [2009-03-03 89600]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]

S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-11-18 517632]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 245352]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe

S2 SDHookService;Spybot-S&D 2 Hooks Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-07-06 130976]

S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-07-06 1060272]

S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-07-06 909224]

S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-04-19 993848]

S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-04-19 399416]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-20 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job

- c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2011-07-09 16:21]

.

2011-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 04:12]

.

2011-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 04:12]

.

2011-07-20 c:\windows\Tasks\ParetoLogic Registration.job

- c:\windows\system32\rundll32.exe [2009-07-13 01:14]

.

2011-07-20 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job

- c:\program files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2011-07-09 16:20]

.

2011-07-20 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job

- c:\program files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2011-07-09 16:21]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"combofix"="c:\combofix\CF7944.cfxxe"

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 384296]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]

"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-02-26 487424]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: internet

Trusted Zone: mcafee.com

TCP: DhcpNameServer = 192.168.1.254

DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} - hxxp://192.168.1.84/codebase/DVM_IPCam2.ocx

FF - ProfilePath - c:\users\Martins\AppData\Roaming\Mozilla\Firefox\Profiles\9g3tv11p.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

SafeBoot-IMFservice

AddRemove-Free Window Registry Repair - c:\progra~2\FREEWI~1\UNWISE.EXE

AddRemove-IObit Malware Fighter_is1 - c:\program files (x86)\IObit\IObit Malware Fighter\unins000.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Common Files\Motive\McciCMService.exe

c:\windows\SysWOW64\rundll32.exe

c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files (x86)\Dell DataSafe Local Backup\Toaster.exe

.

**************************************************************************

.

Completion time: 2011-07-20  18:20:25 - machine was rebooted

ComboFix-quarantined-files.txt  2011-07-20 23:20

ComboFix2.txt  2011-07-16 16:02

ComboFix3.txt  2011-07-16 15:34

.

Pre-Run: 192,549,646,336 bytes free

Post-Run: 191,961,673,728 bytes free

.

- - End Of File - - DCAA2451722FC3EA8EA54FE7B9513FE4

No Events found!

Top