TechSpot

Google search results being redirected in Firefox

Solved
By zymosis01
Jun 1, 2011
  1. Hi,

    I know there's already a few threads on this issue, but I'm heistant to follow the advice in any of them in case it doesn't apply to me.

    I got several viruses on my computer yesterday. McAfee found nothing, but MalwareBytes found 14 threats, which were promptly removed. Among them were Qhexia.exe and Qfc.exe. Can't remember the others..

    However, in Firefox, Google and Yahoo search results are redirected to blank pages.

    E.g. I'll search for "blue", go to the Wiki entry on it and end up on a blank page with this address: ht tp://www.thewebtimes.net/?n=1306894928

    I've run MalwareBytes again and nothing was found. I downloaded and ran SuperAntiSpyware and IObit Security 360 and a bunch of tracking cookies were found, but removing them has not helped. I've uninstalled Firefox completely and reinstalled and yet I'm still having the same problem

    Can anyone help me with this frustrating problem?

    Thanks!
     
  2. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. zymosis01

    zymosis01 TS Rookie Topic Starter Posts: 19

    Thanks for your prompt reply. I'll follow all the steps in that link and paste the logs ASAP.
     
  4. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    OK :)...........
     
  5. zymosis01

    zymosis01 TS Rookie Topic Starter Posts: 19

    Here is the MalwareBytes log:


    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6729

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 8.0.7601.17514

    01/06/2011 14:29:04
    mbam-log-2011-06-01 (14-29-04).txt

    Scan type: Quick scan
    Objects scanned: 158595
    Time elapsed: 6 minute(s), 30 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)



    Gmer didn't come up with anything. Don't know if I was doing it wrong? The logs were empty each time I tried....


    The DDS logs:


    .
    DDS (Ver_11-05-19.01) - NTFSx86
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24
    Run by cat at 15:00:43 on 2011-06-01
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2023.685 [GMT 10:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\IObit\IObit Security 360\IS360srv.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\Windows\system32\mfevtps.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files (x86)\Internode\mum.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files (x86)\McAfee Online Backup\MOBKstat.exe
    C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
    C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
    C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\taskmgr.exe
    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
    c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Program Files\Common Files\McAfee\Core\mchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\cat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7A49BRJX\dds[1].scr
    C:\Windows\SysWOW64\WSCRIPT.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
    BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110525152908.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
    TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    uRun: [InternodeUsage] C:\PROGRA~2\INTERN~2\mum.exe
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun: [IObit Security 360] "C:\Program Files (x86)\IObit\IObit Security 360\IS360tray.exe" /autostart
    StartupFolder: C:\Users\cat\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~2.LNK - C:\Program Files (x86)\McAfee Online Backup\MOBKstat.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
    BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL
    BHO-X64: McAfee Phishing Filter - No File
    BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110525152909.dll
    BHO-X64: scriptproxy - No File
    BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
    TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
    TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
    mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
    mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\cat\AppData\Roaming\Mozilla\Firefox\Profiles\qd58jxsc.default\
    FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
    R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
    R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
    R1 MOBKFilter;MOBKFilter;C:\Windows\system32\DRIVERS\MOBK.sys --> C:\Windows\system32\DRIVERS\MOBK.sys [?]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-18 14920]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-18 12360]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-5 128384]
    R2 IS360service;IS360service;C:\Program Files (x86)\IObit\IObit Security 360\is360srv.exe [2011-6-1 312152]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2011-5-25 249936]
    R2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2011-5-25 249936]
    R2 McNaiAnn;McAfee VirusScan Announcer;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2011-5-25 249936]
    R2 McProxy;McAfee Proxy Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2011-5-25 249936]
    R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-12-25 197960]
    R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-12-25 208272]
    R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
    R2 MOBKbackup;McAfee Online Backup;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224]
    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-5-20 2026304]
    R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
    R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-2-10 11856]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-21 136176]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-21 136176]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2011-06-01 02:00:31 -------- d-----w- C:\Program Files (x86)\ESET
    2011-06-01 01:30:24 36160 ----a-w- C:\Windows\System32\uxtuneup.dll
    2011-06-01 01:30:24 29504 ----a-w- C:\Windows\SysWow64\uxtuneup.dll
    2011-06-01 01:30:24 25920 ----a-w- C:\Windows\System32\authuitu.dll
    2011-06-01 01:30:23 21312 ----a-w- C:\Windows\SysWow64\authuitu.dll
    2011-06-01 01:27:04 34624 ----a-w- C:\Windows\System32\TURegOpt.exe
    2011-06-01 01:26:04 -------- d-----w- C:\Users\cat\AppData\Roaming\TuneUp Software
    2011-06-01 01:25:52 -------- d-----w- C:\Program Files (x86)\TuneUp Utilities 2011
    2011-06-01 01:25:46 -------- d-----w- C:\ProgramData\TuneUp Software
    2011-06-01 01:24:34 -------- d-sh--w- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
    2011-06-01 01:16:16 -------- d-----w- C:\Users\cat\AppData\Roaming\IObit
    2011-06-01 00:15:58 -------- d-----w- C:\Users\cat\AppData\Roaming\SUPERAntiSpyware.com
    2011-06-01 00:15:58 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
    2011-06-01 00:15:50 -------- d-----w- C:\ProgramData\!SASCORE
    2011-06-01 00:15:43 -------- d-----w- C:\Program Files\SUPERAntiSpyware
    2011-05-31 07:30:13 -------- d-----w- C:\Users\cat\AppData\Roaming\Malwarebytes
    2011-05-31 07:29:49 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-05-31 07:29:40 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-05-31 07:29:33 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-05-31 07:29:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-05-31 07:22:49 -------- d-----w- C:\ProgramData\IObit
    2011-05-31 07:22:35 -------- d-----w- C:\Program Files (x86)\IObit
    2011-05-31 06:36:36 120832 --sha-r- C:\Windows\SysWow64\hdwwiz5.dll
    2011-05-31 06:26:02 -------- d-----w- C:\Users\cat\AppData\Roaming\GrabPro
    2011-05-31 06:25:49 -------- d-----w- C:\Downloads
    2011-05-31 06:25:48 -------- d-----w- C:\Users\cat\AppData\Roaming\ProgSense
    2011-05-29 22:59:31 -------- d-----w- C:\Users\cat\AppData\Roaming\EAC
    2011-05-29 22:59:23 -------- d-----w- C:\Users\cat\AppData\Roaming\AccurateRip
    2011-05-29 22:59:04 -------- d-----w- C:\Program Files (x86)\Exact Audio Copy
    2011-05-28 15:09:00 -------- d-----w- C:\Program Files (x86)\VideoLAN
    2011-05-28 00:13:14 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5BE31BF9-02D3-493E-A7FE-0F1615F9DA55}\mpengine.dll
    2011-05-25 22:50:15 -------- d-----w- C:\Users\cat\AppData\Roaming\McAfee
    2011-05-25 22:14:06 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-05-25 12:24:47 -------- d-----w- C:\Users\cat\AppData\Local\MediaMonkey
    2011-05-25 12:24:43 -------- d-----w- C:\Program Files (x86)\MediaMonkey
    2011-05-25 11:48:13 -------- d-----w- C:\Users\cat\AppData\Roaming\Internode
    2011-05-25 11:48:08 -------- d-----w- C:\Program Files (x86)\Internode
    2011-05-25 05:59:50 -------- d-----w- C:\ProgramData\Easy CD-DA Extractor
    2011-05-25 05:56:35 -------- d-----w- C:\Program Files\Easy CD-DA Extractor 2011
    2011-05-25 05:29:08 24376 ----a-w- C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll
    2011-05-25 02:17:57 142336 ----a-w- C:\Windows\System32\poqexec.exe
    2011-05-25 02:17:57 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
    2011-05-25 02:17:53 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2011-05-25 02:17:51 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2011-05-25 02:17:51 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2011-05-08 04:03:02 -------- d-----w- C:\Users\cat\screensaver
    2011-05-08 03:37:49 -------- d-----w- C:\Users\cat\wallpapers
    .
    ==================== Find3M ====================
    .
    2011-04-11 13:18:06 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2011-04-11 13:18:06 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2011-04-06 06:26:58 96544 ----a-w- C:\Windows\System32\dnssd.dll
    2011-04-06 06:26:58 69408 ----a-w- C:\Windows\System32\jdns_sd.dll
    2011-04-06 06:26:58 237856 ----a-w- C:\Windows\System32\dnssdX.dll
    2011-04-06 06:26:58 119584 ----a-w- C:\Windows\System32\dns-sd.exe
    2011-04-06 06:20:16 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll
    2011-04-06 06:20:16 75040 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
    2011-04-06 06:20:16 197920 ----a-w- C:\Windows\SysWow64\dnssdX.dll
    2011-04-06 06:20:16 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe
    2011-03-13 01:45:12 158832 ----a-w- C:\Windows\System32\mfevtps.exe
    2011-03-13 01:20:10 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
    2011-03-13 01:20:10 98728 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
    2011-03-13 01:20:10 75672 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
    2011-03-13 01:20:10 65128 ----a-w- C:\Windows\System32\drivers\cfwids.sys
    2011-03-13 01:20:10 639216 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
    2011-03-13 01:20:10 481376 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
    2011-03-13 01:20:10 281928 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
    2011-03-13 01:20:10 227856 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
    2011-03-13 01:20:10 156792 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
    2011-03-11 06:34:51 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
    2011-03-11 06:34:50 1395712 ----a-w- C:\Windows\System32\mfc42.dll
    2011-03-11 05:33:59 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
    2011-03-11 05:33:59 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
    2011-03-08 06:29:32 976896 ----a-w- C:\Windows\System32\inetcomm.dll
    2011-03-08 05:28:29 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
    2011-03-07 06:31:44 1188864 ----a-w- C:\Windows\System32\wininet.dll
    2011-03-07 05:33:13 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-03-07 04:24:34 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-03-07 03:52:25 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-03-03 06:24:16 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
    2011-03-03 06:21:57 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
    2011-03-03 05:36:16 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
    .
    ============= FINISH: 15:01:40.28 ===============










    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-05-19.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 23/12/2010 10:04:36
    System Uptime: 01/06/2011 11:49:18 (4 hours ago)
    .
    Motherboard: Hewlett-Packard | | 0A54h
    Processor: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz | XU1 PROCESSOR | 1578/1066mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 75 GiB total, 42.559 GiB free.
    D: is CDROM ()
    F: is FIXED (NTFS) - 466 GiB total, 71.386 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: PCI Simple Communications Controller
    Device ID: PCI\VEN_8086&DEV_2994&SUBSYS_2801103C&REV_02\3&33FD14CA&0&18
    Manufacturer:
    Name: PCI Simple Communications Controller
    PNP Device ID: PCI\VEN_8086&DEV_2994&SUBSYS_2801103C&REV_02\3&33FD14CA&0&18
    Service:
    .
    Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
    Description: PS/2 Compatible Mouse
    Device ID: ACPI\PNP0F13\4&2BA03272&0
    Manufacturer: Microsoft
    Name: PS/2 Compatible Mouse
    PNP Device ID: ACPI\PNP0F13\4&2BA03272&0
    Service: i8042prt
    .
    Class GUID:
    Description: USB Network Interface
    Device ID: USB\VID_069A&PID_0317\0060644BFE42
    Manufacturer:
    Name: USB Network Interface
    PNP Device ID: USB\VID_069A&PID_0317\0060644BFE42
    Service:
    .
    ==== System Restore Points ===================
    .
    RP49: 31/05/2011 02:42:11 - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Reader X (10.0.1)
    Apple Application Support
    Apple Software Update
    ĀµTorrent
    Conduit Engine
    e-tax 2010
    Easy CD-DA Extractor 2011
    ESET Online Scanner v3
    Exact Audio Copy 1.0beta2
    Google Earth Plug-in
    Google Update Helper
    Internode Monthly Usage Meter 8.2a
    IObit Security 360
    Java Auto Updater
    Java(TM) 6 Update 22
    Java(TM) 6 Update 24
    Malwarebytes' Anti-Malware
    McAfee Online Backup
    McAfee Security Scan Plus
    McAfee Total Protection
    McAfee Virtual Technician
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mozilla Firefox 4.0.1 (x86 en-GB)
    OpenOffice.org 3.3
    PandoraRecovery (Remove Only)
    QuickTime
    TuneUp Utilities 2011
    TuneUp Utilities Language Pack (en-US)
    uTorrentBar Toolbar
    VLC media player 1.1.9
    VSO Image Resizer 4.0.3.2
    Windows Live installer
    Windows Live Messenger
    .
    ==== Event Viewer Messages From Past Week ========
    .
    31/05/2011 17:44:16, Error: Service Control Manager [7034] - The IS360service service terminated unexpectedly. It has done this 1 time(s).
    29/05/2011 17:00:32, Error: Ntfs [137] - The default transaction resource manager on volume G: encountered a non-retryable error and could not start. The data contains the error code.
    29/05/2011 16:04:13, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    29/05/2011 02:55:38, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    27/05/2011 12:46:40, Error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).
    27/05/2011 12:46:40, Error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    27/05/2011 12:46:40, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    27/05/2011 12:46:40, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    27/05/2011 12:46:40, Error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    27/05/2011 12:46:40, Error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    27/05/2011 12:46:40, Error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    26/05/2011 09:06:55, Error: Service Control Manager [7043] - The McAfee McShield service did not shut down properly after receiving a preshutdown control.
    26/05/2011 08:40:15, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee VirusScan Announcer service, but this action failed with the following error: An instance of the service is already running.
    26/05/2011 08:40:15, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee Services service, but this action failed with the following error: An instance of the service is already running.
    26/05/2011 08:07:54, Error: Service Control Manager [7023] -
    25/05/2011 15:55:40, Error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 1 time(s).
    01/06/2011 11:50:08, Error: Service Control Manager [7023] - The TuneUp Utilities Service service terminated with the following error: %%-2147022986
    01/06/2011 11:30:31, Error: Service Control Manager [7000] - The TuneUp Theme Extension service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.
    .
    ==== End Of File ===========================


    Hope this helps....
     
  6. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    You did fine. GMER won't produce any log, if no changes have been found.

    Please download Rootkit Unhooker from one of the following links and save it to your desktop.
    In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

    • Double-click on RKUnhookerLE.exe to start the program.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • Click the Report tab, then click Scan.
    • Check Drivers, Stealth, and uncheck the rest.
    • Click OK.
    • Wait until it's finished and then go to File > Save Report.
    • Save the report to your Desktop.
    • Copy and paste the contents of the report into your next reply.
    -- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

    ====================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  7. zymosis01

    zymosis01 TS Rookie Topic Starter Posts: 19

    When trying to run Rootkit Unhooker (the .exe), I got the following message:

    "Sorry, but unhandled exception has occurred
    Program will be terminated
    Exception code: 0xC0000005
    Instruction address: 0x00402Eaa
    Attempt to read address: 0xFFFFFFF

    Error log generated, please report to developers"

    The error log:

    "Exception code : 0xC0000005
    Instruction address : 0x00402EAA
    Attempt to read at address : 0xFFFFFFFF"


    I downloaded the .rar file instead and unzipped it, then trying running the app (named VRe3s5157x.exe) and got the following error:

    "Error loading driver, NTSTATUS code: 0xC00036B


    The ComboFix error log:

    ComboFix 11-06-01.04 - cat 02/06/2011 11:35:09.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2023.724 [GMT 10:00]
    Running from: c:\users\cat\Desktop\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_usnjsvc
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-05-02 to 2011-06-02 )))))))))))))))))))))))))))))))
    .
    .
    2011-06-02 01:40 . 2011-06-02 01:40 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-06-02 01:17 . 2011-06-02 01:25 34560 ----a-w- c:\windows\SysWow64\drivers\Normandy.sys
    2011-06-02 01:15 . 2011-06-02 01:18 35712 ----a-w- c:\windows\SysWow64\drivers\BlackBox.sys
    2011-06-01 10:07 . 2011-06-01 10:07 -------- d-----w- c:\users\cat\AppData\Local\Opera
    2011-06-01 10:07 . 2011-06-01 10:07 -------- d-----w- c:\program files (x86)\Opera
    2011-06-01 02:00 . 2011-06-01 02:00 -------- d-----w- c:\program files (x86)\ESET
    2011-06-01 01:26 . 2011-06-01 01:26 -------- d-----w- c:\users\cat\AppData\Roaming\TuneUp Software
    2011-06-01 01:25 . 2011-06-01 01:27 -------- d-----w- c:\programdata\TuneUp Software
    2011-06-01 01:24 . 2011-06-01 01:24 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
    2011-06-01 01:16 . 2011-06-01 01:16 -------- d-----w- c:\users\cat\AppData\Roaming\IObit
    2011-06-01 00:15 . 2011-06-01 00:15 -------- d-----w- c:\users\cat\AppData\Roaming\SUPERAntiSpyware.com
    2011-06-01 00:15 . 2011-06-01 00:15 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2011-06-01 00:15 . 2011-06-01 00:15 -------- d-----w- c:\programdata\!SASCORE
    2011-06-01 00:15 . 2011-06-01 00:16 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-05-31 07:30 . 2011-05-31 07:30 -------- d-----w- c:\users\cat\AppData\Roaming\Malwarebytes
    2011-05-31 07:29 . 2010-12-20 08:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-05-31 07:29 . 2011-05-31 07:29 -------- d-----w- c:\programdata\Malwarebytes
    2011-05-31 07:29 . 2010-12-20 08:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-31 07:29 . 2011-05-31 07:30 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-05-31 07:22 . 2011-05-31 07:22 -------- d-----w- c:\programdata\IObit
    2011-05-31 07:22 . 2011-05-31 07:22 -------- d-----w- c:\program files (x86)\IObit
    2011-05-31 07:13 . 2011-05-31 07:13 -------- d-----w- c:\windows\Sun
    2011-05-31 06:36 . 2011-05-31 06:36 120832 --sha-r- c:\windows\SysWow64\hdwwiz5.dll
    2011-05-31 06:26 . 2011-05-31 06:26 -------- d-----w- c:\users\cat\AppData\Roaming\GrabPro
    2011-05-31 06:25 . 2011-05-31 06:35 -------- d-----w- C:\Downloads
    2011-05-31 06:25 . 2011-05-31 06:25 -------- d-----w- c:\users\cat\AppData\Roaming\ProgSense
    2011-05-31 06:25 . 2011-05-31 06:48 -------- d-----w- c:\users\cat\AppData\Roaming\Orbit
    2011-05-29 22:59 . 2011-05-29 22:59 -------- d-----w- c:\users\cat\AppData\Roaming\EAC
    2011-05-29 22:59 . 2011-05-31 01:53 -------- d-----w- c:\users\cat\AppData\Roaming\AccurateRip
    2011-05-29 22:59 . 2011-05-29 22:59 -------- d-----w- c:\program files (x86)\Exact Audio Copy
    2011-05-28 15:10 . 2011-06-01 07:19 -------- d-----w- c:\users\cat\AppData\Roaming\vlc
    2011-05-28 15:09 . 2011-05-28 15:09 -------- d-----w- c:\program files (x86)\VideoLAN
    2011-05-28 00:13 . 2011-05-18 02:37 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5BE31BF9-02D3-493E-A7FE-0F1615F9DA55}\mpengine.dll
    2011-05-25 22:50 . 2011-05-25 22:50 -------- d-----w- c:\users\cat\AppData\Roaming\McAfee
    2011-05-25 22:14 . 2011-05-25 22:14 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-05-25 12:24 . 2011-05-31 08:03 -------- d-----w- c:\users\cat\AppData\Local\MediaMonkey
    2011-05-25 12:24 . 2011-05-31 08:03 -------- d-----w- c:\program files (x86)\MediaMonkey
    2011-05-25 11:48 . 2011-05-25 22:08 -------- d-----w- c:\users\cat\AppData\Roaming\Internode
    2011-05-25 11:48 . 2011-05-25 11:48 -------- d-----w- c:\program files (x86)\Internode
    2011-05-25 05:59 . 2011-05-25 05:59 -------- d-----w- c:\programdata\Easy CD-DA Extractor
    2011-05-25 05:56 . 2011-05-25 05:58 -------- d-----w- c:\program files\Easy CD-DA Extractor 2011
    2011-05-25 05:29 . 2011-03-13 01:42 24376 ----a-w- c:\program files (x86)\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll
    2011-05-25 02:17 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
    2011-05-25 02:17 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
    2011-05-25 02:17 . 2011-04-09 07:02 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-05-25 02:17 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2011-05-25 02:17 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2011-05-08 04:03 . 2011-05-08 04:03 -------- d-----w- c:\users\cat\screensaver
    2011-05-08 03:37 . 2011-05-08 04:02 -------- d-----w- c:\users\cat\wallpapers
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-04-11 13:18 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
    2011-04-11 13:18 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
    2011-04-06 06:26 . 2011-04-06 06:26 96544 ----a-w- c:\windows\system32\dnssd.dll
    2011-04-06 06:26 . 2011-04-06 06:26 69408 ----a-w- c:\windows\system32\jdns_sd.dll
    2011-04-06 06:26 . 2011-04-06 06:26 237856 ----a-w- c:\windows\system32\dnssdX.dll
    2011-04-06 06:26 . 2011-04-06 06:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
    2011-04-06 06:20 . 2011-04-06 06:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
    2011-04-06 06:20 . 2011-04-06 06:20 75040 ----a-w- c:\windows\SysWow64\jdns_sd.dll
    2011-04-06 06:20 . 2011-04-06 06:20 197920 ----a-w- c:\windows\SysWow64\dnssdX.dll
    2011-04-06 06:20 . 2011-04-06 06:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
    2011-03-13 01:45 . 2010-12-25 11:45 158832 ----a-w- c:\windows\system32\mfevtps.exe
    2011-03-13 01:20 . 2010-12-25 11:57 9984 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2011-03-13 01:20 . 2010-12-25 11:56 98728 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2011-03-13 01:20 . 2010-12-25 11:56 75672 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
    2011-03-13 01:20 . 2010-12-25 11:56 65128 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2011-03-13 01:20 . 2010-12-25 11:56 481376 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2011-03-13 01:20 . 2010-12-25 11:56 281928 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
    2011-03-13 01:20 . 2010-12-25 11:56 227856 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2011-03-13 01:20 . 2010-10-13 11:28 639216 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2011-03-13 01:20 . 2010-10-13 11:28 156792 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2011-03-11 06:34 . 2011-04-15 02:00 1359872 ----a-w- c:\windows\system32\mfc42u.dll
    2011-03-11 06:34 . 2011-04-15 02:00 1395712 ----a-w- c:\windows\system32\mfc42.dll
    2011-03-11 05:33 . 2011-04-15 02:00 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
    2011-03-11 05:33 . 2011-04-15 02:00 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
    2011-03-08 06:29 . 2011-04-15 01:59 976896 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-08 05:28 . 2011-04-15 01:59 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
    2011-03-07 06:31 . 2011-04-15 02:00 1188864 ----a-w- c:\windows\system32\wininet.dll
    2011-03-07 05:33 . 2011-04-15 02:00 981504 ----a-w- c:\windows\SysWow64\wininet.dll
    2011-03-07 04:24 . 2011-04-15 02:00 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-03-07 03:52 . 2011-04-15 02:00 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
    .
    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2010-12-09 01:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    2010-12-09 01:51 3911776 ----a-w- c:\program files (x86)\uTorrentBar\tbuTor.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
    .
    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "InternodeUsage"="c:\progra~2\INTERN~2\mum.exe" [2011-02-19 1361408]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-23 2988928]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-05-02 1658440]
    "IObit Security 360"="c:\program files (x86)\IObit\IObit Security 360\IS360tray.exe" [2010-06-11 1280344]
    .
    c:\users\cat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Online Backup Status.lnk - c:\program files (x86)\McAfee Online Backup\MOBKstat.exe [2010-4-13 4178744]
    McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
    .
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-21 136176]
    R3 BlackBox;BlackBox SR2; [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-21 136176]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
    R3 Normandy;Normandy SR2; [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
    S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
    S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384]
    S2 IS360service;IS360service;c:\program files (x86)\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-03-13 208272]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
    S2 MOBKbackup;McAfee Online Backup;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-04-13 231224]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mfeavfk01
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-21 04:21]
    .
    2011-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-21 04:21]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
    @="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
    [HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
    2010-04-13 09:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
    @="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
    [HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
    2010-04-13 09:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
    @="{b4caf489-1eec-c617-49ad-8d7088598c06}"
    [HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
    2010-04-13 09:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "combofix"="c:\combofix\CF9031.cfxxe" [X]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 165912]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 385560]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 363544]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    TCP: DhcpNameServer = 192.168.1.1
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\McAfee\MSC\McSnIePl.dll
    FF - ProfilePath - c:\users\cat\AppData\Roaming\Mozilla\Firefox\Profiles\qd58jxsc.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\windows\SysWOW64\rundll32.exe
    c:\windows\SysWOW64\rundll32.exe
    .
    **************************************************************************
    .
    Completion time: 2011-06-02 11:47:37 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-06-02 01:47
    .
    Pre-Run: 46,542,086,144 bytes free
    Post-Run: 46,573,109,248 bytes free
    .
    - - End Of File - - 36AB43F2D1734D5998D35412E894D386


    Thanks for all your help. :)
     
  8. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.
    Upload following files to http://www.virustotal.com/ for security check:
    - c:\windows\SysWow64\hdwwiz5.dll
    If the file is listed as already analyzed, click on Reanalyse file now button.
    Post scan results.

    ===================================================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    =======================================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]
     
  9. zymosis01

    zymosis01 TS Rookie Topic Starter Posts: 19

    I was unable to find the hdwwiz5.dll file, so skipped that step. The was an hdwwiz application and hdwwiz.cpl file, but I don't kniw if they're the same. I would guess not...


    Here's the TDDSKiller log:

    2011/06/02 12:23:19.0691 4804 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
    2011/06/02 12:23:21.0694 4804 ================================================================================
    2011/06/02 12:23:21.0696 4804 SystemInfo:
    2011/06/02 12:23:21.0696 4804
    2011/06/02 12:23:21.0696 4804 OS Version: 6.1.7601 ServicePack: 1.0
    2011/06/02 12:23:21.0696 4804 Product type: Workstation
    2011/06/02 12:23:21.0696 4804 ComputerName: PUTEY
    2011/06/02 12:23:21.0696 4804 UserName: cat
    2011/06/02 12:23:21.0696 4804 Windows directory: C:\Windows
    2011/06/02 12:23:21.0696 4804 System windows directory: C:\Windows
    2011/06/02 12:23:21.0696 4804 Running under WOW64
    2011/06/02 12:23:21.0696 4804 Processor architecture: Intel x64
    2011/06/02 12:23:21.0696 4804 Number of processors: 2
    2011/06/02 12:23:21.0696 4804 Page size: 0x1000
    2011/06/02 12:23:21.0696 4804 Boot type: Normal boot
    2011/06/02 12:23:21.0696 4804 ================================================================================
    2011/06/02 12:23:23.0624 4804 Initialize success
    2011/06/02 12:23:29.0731 2568 ================================================================================
    2011/06/02 12:23:29.0731 2568 Scan started
    2011/06/02 12:23:29.0731 2568 Mode: Manual;
    2011/06/02 12:23:29.0731 2568 ================================================================================
    2011/06/02 12:23:31.0331 2568 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    2011/06/02 12:23:31.0456 2568 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    2011/06/02 12:23:31.0491 2568 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    2011/06/02 12:23:31.0606 2568 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/06/02 12:23:31.0654 2568 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/06/02 12:23:31.0694 2568 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/06/02 12:23:31.0786 2568 AFD (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys
    2011/06/02 12:23:31.0886 2568 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    2011/06/02 12:23:32.0079 2568 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    2011/06/02 12:23:32.0139 2568 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    2011/06/02 12:23:32.0219 2568 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/06/02 12:23:32.0256 2568 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    2011/06/02 12:23:32.0334 2568 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
    2011/06/02 12:23:32.0444 2568 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    2011/06/02 12:23:32.0489 2568 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
    2011/06/02 12:23:32.0639 2568 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    2011/06/02 12:23:32.0786 2568 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    2011/06/02 12:23:32.0849 2568 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    2011/06/02 12:23:32.0924 2568 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/06/02 12:23:32.0966 2568 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    2011/06/02 12:23:33.0071 2568 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    2011/06/02 12:23:33.0194 2568 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    2011/06/02 12:23:33.0289 2568 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    2011/06/02 12:23:33.0496 2568 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/06/02 12:23:33.0584 2568 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    2011/06/02 12:23:33.0754 2568 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2011/06/02 12:23:33.0784 2568 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2011/06/02 12:23:33.0834 2568 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    2011/06/02 12:23:33.0876 2568 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/06/02 12:23:33.0919 2568 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/06/02 12:23:33.0966 2568 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/06/02 12:23:34.0054 2568 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/06/02 12:23:34.0091 2568 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/06/02 12:23:34.0204 2568 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/06/02 12:23:34.0356 2568 cfwids (e8ddaaf635a4ea6f24927544e97c6de8) C:\Windows\system32\drivers\cfwids.sys
    2011/06/02 12:23:34.0466 2568 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    2011/06/02 12:23:34.0524 2568 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    2011/06/02 12:23:34.0619 2568 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/06/02 12:23:34.0676 2568 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    2011/06/02 12:23:34.0724 2568 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
    2011/06/02 12:23:34.0829 2568 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/06/02 12:23:34.0901 2568 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    2011/06/02 12:23:35.0021 2568 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    2011/06/02 12:23:35.0141 2568 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    2011/06/02 12:23:35.0211 2568 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    2011/06/02 12:23:35.0276 2568 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    2011/06/02 12:23:35.0419 2568 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    2011/06/02 12:23:35.0479 2568 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/06/02 12:23:35.0614 2568 e1express (416a2007878ed1d6fc5dddb9e1f6db3e) C:\Windows\system32\DRIVERS\e1e6032e.sys
    2011/06/02 12:23:35.0764 2568 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    2011/06/02 12:23:35.0981 2568 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    2011/06/02 12:23:36.0029 2568 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    2011/06/02 12:23:36.0109 2568 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    2011/06/02 12:23:36.0161 2568 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    2011/06/02 12:23:36.0251 2568 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    2011/06/02 12:23:36.0304 2568 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    2011/06/02 12:23:36.0331 2568 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    2011/06/02 12:23:36.0416 2568 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/06/02 12:23:36.0499 2568 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    2011/06/02 12:23:36.0576 2568 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    2011/06/02 12:23:36.0634 2568 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/06/02 12:23:36.0786 2568 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/06/02 12:23:36.0876 2568 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2011/06/02 12:23:36.0976 2568 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    2011/06/02 12:23:37.0196 2568 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    2011/06/02 12:23:37.0269 2568 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    2011/06/02 12:23:37.0386 2568 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    2011/06/02 12:23:37.0431 2568 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/06/02 12:23:37.0484 2568 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/06/02 12:23:37.0519 2568 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    2011/06/02 12:23:37.0589 2568 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/06/02 12:23:37.0671 2568 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    2011/06/02 12:23:37.0856 2568 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    2011/06/02 12:23:38.0046 2568 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    2011/06/02 12:23:38.0174 2568 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    2011/06/02 12:23:38.0279 2568 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
    2011/06/02 12:23:38.0561 2568 igfx (24cc43ecdeefd4c19fbbee4951b647f1) C:\Windows\system32\DRIVERS\igdkmd64.sys
    2011/06/02 12:23:38.0951 2568 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    2011/06/02 12:23:39.0119 2568 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    2011/06/02 12:23:39.0186 2568 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/06/02 12:23:39.0234 2568 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/06/02 12:23:39.0316 2568 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    2011/06/02 12:23:39.0381 2568 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    2011/06/02 12:23:39.0459 2568 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    2011/06/02 12:23:39.0594 2568 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    2011/06/02 12:23:39.0654 2568 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    2011/06/02 12:23:39.0759 2568 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
    2011/06/02 12:23:39.0831 2568 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
    2011/06/02 12:23:39.0929 2568 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
    2011/06/02 12:23:39.0994 2568 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/06/02 12:23:40.0079 2568 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    2011/06/02 12:23:40.0239 2568 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/06/02 12:23:40.0371 2568 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2011/06/02 12:23:40.0441 2568 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2011/06/02 12:23:40.0471 2568 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2011/06/02 12:23:40.0511 2568 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2011/06/02 12:23:40.0576 2568 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    2011/06/02 12:23:40.0756 2568 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    2011/06/02 12:23:40.0811 2568 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    2011/06/02 12:23:40.0886 2568 mfeapfk (fb752feb1ed4e660ff51712892905c04) C:\Windows\system32\drivers\mfeapfk.sys
    2011/06/02 12:23:41.0019 2568 mfeavfk (3257cf681999a47d8c552dfbbeb7844e) C:\Windows\system32\drivers\mfeavfk.sys
    2011/06/02 12:23:41.0504 2568 mfefirek (00016d7ed29a95d6f7e7b6a3f591fd2d) C:\Windows\system32\drivers\mfefirek.sys
    2011/06/02 12:23:41.0909 2568 mfehidk (39030c98198f02a2f3a1c3166bf56253) C:\Windows\system32\drivers\mfehidk.sys
    2011/06/02 12:23:42.0224 2568 mfenlfk (217fa02439de74844b6a39aebeed24e1) C:\Windows\system32\DRIVERS\mfenlfk.sys
    2011/06/02 12:23:42.0314 2568 mferkdet (8474e6ee0b5eab108cf005c6c4956e75) C:\Windows\system32\drivers\mferkdet.sys
    2011/06/02 12:23:42.0424 2568 mfewfpk (d4cf36f1eba374fcc35903ae4f4e46bc) C:\Windows\system32\drivers\mfewfpk.sys
    2011/06/02 12:23:42.0651 2568 MOBKFilter (3800c23d0d90c59aafcdefdc82b5c4af) C:\Windows\system32\DRIVERS\MOBK.sys
    2011/06/02 12:23:42.0739 2568 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    2011/06/02 12:23:42.0816 2568 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    2011/06/02 12:23:42.0901 2568 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/06/02 12:23:42.0989 2568 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/06/02 12:23:43.0034 2568 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    2011/06/02 12:23:43.0159 2568 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    2011/06/02 12:23:43.0271 2568 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    2011/06/02 12:23:43.0321 2568 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    2011/06/02 12:23:43.0399 2568 mrxsmb (c2b4651001a867ff3f8865863b592991) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/06/02 12:23:43.0482 2568 mrxsmb10 (7e79946afc5f799ab62982282be5ac13) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/06/02 12:23:43.0557 2568 mrxsmb20 (5fb954100cea2bfec6446fbbecaa3f79) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/06/02 12:23:43.0629 2568 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    2011/06/02 12:23:43.0714 2568 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    2011/06/02 12:23:43.0807 2568 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    2011/06/02 12:23:43.0832 2568 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/06/02 12:23:43.0924 2568 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    2011/06/02 12:23:44.0014 2568 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/06/02 12:23:44.0097 2568 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/06/02 12:23:44.0157 2568 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    2011/06/02 12:23:44.0202 2568 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    2011/06/02 12:23:44.0274 2568 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    2011/06/02 12:23:44.0289 2568 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    2011/06/02 12:23:44.0322 2568 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    2011/06/02 12:23:44.0392 2568 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    2011/06/02 12:23:44.0507 2568 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/06/02 12:23:44.0622 2568 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    2011/06/02 12:23:44.0729 2568 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    2011/06/02 12:23:44.0804 2568 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/06/02 12:23:44.0879 2568 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/06/02 12:23:44.0964 2568 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/06/02 12:23:45.0097 2568 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    2011/06/02 12:23:45.0197 2568 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    2011/06/02 12:23:45.0234 2568 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    2011/06/02 12:23:45.0349 2568 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    2011/06/02 12:23:45.0479 2568 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    2011/06/02 12:23:45.0517 2568 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    2011/06/02 12:23:45.0599 2568 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
    2011/06/02 12:23:45.0777 2568 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    2011/06/02 12:23:45.0817 2568 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
    2011/06/02 12:23:45.0919 2568 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
    2011/06/02 12:23:45.0989 2568 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    2011/06/02 12:23:46.0019 2568 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    2011/06/02 12:23:46.0112 2568 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    2011/06/02 12:23:46.0152 2568 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    2011/06/02 12:23:46.0222 2568 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    2011/06/02 12:23:46.0314 2568 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    2011/06/02 12:23:46.0409 2568 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/06/02 12:23:46.0442 2568 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    2011/06/02 12:23:46.0479 2568 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    2011/06/02 12:23:46.0617 2568 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/06/02 12:23:46.0692 2568 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    2011/06/02 12:23:46.0797 2568 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    2011/06/02 12:23:46.0869 2568 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    2011/06/02 12:23:47.0002 2568 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    2011/06/02 12:23:47.0047 2568 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    2011/06/02 12:23:47.0097 2568 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/06/02 12:23:47.0164 2568 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/06/02 12:23:47.0212 2568 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/06/02 12:23:47.0284 2568 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/06/02 12:23:47.0357 2568 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/06/02 12:23:47.0407 2568 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/06/02 12:23:47.0537 2568 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/06/02 12:23:47.0562 2568 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/06/02 12:23:47.0589 2568 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    2011/06/02 12:23:47.0642 2568 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    2011/06/02 12:23:47.0677 2568 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
    2011/06/02 12:23:47.0794 2568 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    2011/06/02 12:23:47.0939 2568 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/06/02 12:23:48.0059 2568 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    2011/06/02 12:23:48.0137 2568 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    2011/06/02 12:23:48.0272 2568 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    2011/06/02 12:23:48.0364 2568 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/06/02 12:23:48.0449 2568 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    2011/06/02 12:23:48.0522 2568 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    2011/06/02 12:23:48.0592 2568 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    2011/06/02 12:23:48.0624 2568 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    2011/06/02 12:23:48.0674 2568 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    2011/06/02 12:23:48.0699 2568 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/06/02 12:23:48.0729 2568 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    2011/06/02 12:23:48.0862 2568 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/06/02 12:23:48.0924 2568 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2011/06/02 12:23:48.0964 2568 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    2011/06/02 12:23:49.0024 2568 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    2011/06/02 12:23:49.0072 2568 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    2011/06/02 12:23:49.0132 2568 srv (65bbf4920148c2ee279055da7228fc7b) C:\Windows\system32\DRIVERS\srv.sys
    2011/06/02 12:23:49.0204 2568 srv2 (da939f762a1ccc2d77428621ddbd40a7) C:\Windows\system32\DRIVERS\srv2.sys
    2011/06/02 12:23:49.0272 2568 srvnet (3f847c9dc87299516f7dc82fb6572865) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/06/02 12:23:49.0439 2568 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    2011/06/02 12:23:49.0509 2568 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    2011/06/02 12:23:49.0662 2568 Tcpip (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys
    2011/06/02 12:23:49.0849 2568 TCPIP6 (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/06/02 12:23:49.0904 2568 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    2011/06/02 12:23:50.0047 2568 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    2011/06/02 12:23:50.0067 2568 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    2011/06/02 12:23:50.0144 2568 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    2011/06/02 12:23:50.0227 2568 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    2011/06/02 12:23:50.0354 2568 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
    2011/06/02 12:23:50.0412 2568 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/06/02 12:23:50.0534 2568 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    2011/06/02 12:23:50.0714 2568 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/06/02 12:23:50.0802 2568 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/06/02 12:23:50.0849 2568 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    2011/06/02 12:23:50.0944 2568 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    2011/06/02 12:23:51.0017 2568 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    2011/06/02 12:23:51.0129 2568 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    2011/06/02 12:23:51.0172 2568 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
    2011/06/02 12:23:51.0249 2568 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/06/02 12:23:51.0359 2568 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    2011/06/02 12:23:51.0404 2568 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/06/02 12:23:51.0542 2568 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
    2011/06/02 12:23:51.0622 2568 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
    2011/06/02 12:23:51.0642 2568 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/06/02 12:23:51.0672 2568 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/06/02 12:23:51.0697 2568 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/06/02 12:23:51.0742 2568 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    2011/06/02 12:23:51.0809 2568 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/06/02 12:23:51.0837 2568 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    2011/06/02 12:23:51.0879 2568 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    2011/06/02 12:23:51.0944 2568 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    2011/06/02 12:23:51.0982 2568 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    2011/06/02 12:23:52.0144 2568 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    2011/06/02 12:23:52.0234 2568 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    2011/06/02 12:23:52.0334 2568 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    2011/06/02 12:23:52.0369 2568 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
    2011/06/02 12:23:52.0407 2568 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    2011/06/02 12:23:52.0539 2568 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/06/02 12:23:52.0614 2568 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/06/02 12:23:52.0684 2568 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    2011/06/02 12:23:52.0727 2568 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    2011/06/02 12:23:52.0882 2568 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/06/02 12:23:52.0907 2568 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    2011/06/02 12:23:53.0047 2568 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    2011/06/02 12:23:53.0134 2568 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/06/02 12:23:53.0199 2568 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    2011/06/02 12:23:53.0324 2568 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/06/02 12:23:53.0439 2568 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    2011/06/02 12:23:53.0469 2568 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
    2011/06/02 12:23:53.0474 2568 ================================================================================
    2011/06/02 12:23:53.0474 2568 Scan finished
    2011/06/02 12:23:53.0474 2568 ================================================================================
    2011/06/02 12:23:53.0487 3164 Detected object count: 0
    2011/06/02 12:23:53.0487 3164 Actual detected object count: 0



    Here's the awrMBR log:

    aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
    Run date: 2011-06-02 12:24:37
    -----------------------------
    12:24:37.765 OS Version: Windows x64 6.1.7601 Service Pack 1
    12:24:37.765 Number of processors: 2 586 0xF02
    12:24:37.767 ComputerName: PUTEY UserName: cat
    12:24:38.167 Initialize success
    12:24:51.205 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    12:24:51.208 Disk 0 Vendor: WDC_WD800JD-60LSA5 10.01E03 Size: 76319MB BusType: 3
    12:24:51.210 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000006c
    12:24:51.213 Disk 1 Vendor: Size: 76319MB BusType: 0
    12:24:53.228 Disk 0 MBR read successfully
    12:24:53.230 Disk 0 MBR scan
    12:24:53.233 Disk 0 Windows 7 default MBR code
    12:24:53.238 Service scanning
    12:24:54.895 Disk 0 trace - called modules:
    12:24:54.900 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8001b3ac10]<<
    12:24:54.905 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800279d5d0]
    12:24:54.908 Scan finished successfully
    12:27:24.639 Disk 0 MBR has been saved successfully to "C:\Users\cat\Desktop\MBR.dat"
    12:27:24.639 The log file has been saved successfully to "C:\Users\cat\Desktop\aswMBR.txt"
     
  10. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    In addition to enable hidden files viewing, you have enable system files view, as the file is listed as system file.

    [​IMG]
     
  11. zymosis01

    zymosis01 TS Rookie Topic Starter Posts: 19

    Alright, it's visible now, but it's saying I don't have permission to use the file and that I need to contact the administrator to do so...but that's me.
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    Open Windows Explorer, navigate to that file, copy it, paste it to some other location (like desktop) and upload it from there for scanning.
     
  13. zymosis01

    zymosis01 TS Rookie Topic Starter Posts: 19

    Same problem, it's saying I need admin privileges.
     
  14. Broni

    Broni Malware Annihilator Posts: 47,015   +255

  15. zymosis01

    zymosis01 TS Rookie Topic Starter Posts: 19

    Many thanks, that did the trick. Here are the scan results:

    Antivirus Version Last Update Result
    AhnLab-V3 2011.06.02.00 2011.06.01 -
    AntiVir 7.11.8.241 2011.06.02 TR/Vundo.Gen2
    Antiy-AVL 2.0.3.7 2011.06.02 -
    Avast 4.8.1351.0 2011.06.01 Win32:Vundo-JN
    Avast5 5.0.677.0 2011.06.01 Win32:Vundo-JN
    AVG 10.0.0.1190 2011.06.01 -
    BitDefender 7.2 2011.06.02 -
    CAT-QuickHeal 11.00 2011.06.01 -
    ClamAV 0.97.0.0 2011.06.01 -
    Commtouch 5.3.2.6 2011.06.02 -
    Comodo 8917 2011.06.02 -
    DrWeb 5.0.2.03300 2011.06.02 -
    Emsisoft 5.1.0.5 2011.06.02 Trojan.Win32.Pirminay!IK
    eSafe 7.0.17.0 2011.05.31 -
    eTrust-Vet 36.1.8361 2011.06.01 -
    F-Prot 4.6.2.117 2011.06.01 -
    F-Secure 9.0.16440.0 2011.06.02 -
    Fortinet 4.2.257.0 2011.06.01 -
    GData 22 2011.06.02 Win32:Vundo-JN
    Ikarus T3.1.1.104.0 2011.06.02 Trojan.Win32.Pirminay
    Jiangmin 13.0.900 2011.06.01 -
    K7AntiVirus 9.104.4750 2011.06.01 -
    Kaspersky 9.0.0.837 2011.06.02 -
    McAfee 5.400.0.1158 2011.06.02 -
    McAfee-GW-Edition 2010.1D 2011.06.02 -
    Microsoft 1.6903 2011.06.01 -
    NOD32 6172 2011.06.02 -
    Norman 6.07.07 2011.06.01 -
    nProtect 2011-06-01.01 2011.06.01 -
    Panda 10.0.3.5 2011.06.01 Suspicious file
    PCTools 7.0.3.5 2011.06.01 -
    Prevx 3.0 2011.06.02 -
    Rising 23.60.02.03 2011.06.01 -
    Sophos 4.65.0 2011.06.02 -
    SUPERAntiSpyware 4.40.0.1006 2011.06.02 Trojan.Agent/Gen-Falcomp[RE]
    Symantec 20111.1.0.186 2011.06.02 -
    TheHacker 6.7.0.1.215 2011.06.01 -
    TrendMicro 9.200.0.1012 2011.06.01 -
    TrendMicro-HouseCall 9.200.0.1012 2011.06.02 -
    VBA32 3.12.16.0 2011.06.01 -
    VIPRE 9460 2011.06.02 Trojan.Win32.Kryptik.laq (v)
    ViRobot 2011.6.1.4490 2011.06.01 -
    VirusBuster 14.0.62.0 2011.06.01 -

    Additional information
    Show all
    MD5 : 57a3df152c24891b8c03ed008c647458
    SHA1 : 4e969a17679dce98f8ebd0fd74ff6f024d739c38
    SHA256: a95d5aced7a7f9c7d5a7de098d039a90a7f2fa098ae5ac7f9dbbd2f051d4acae
     
  16. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    Cool :)

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box
    • Click OK
    Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\SysWow64\hdwwiz5.dll
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  17. zymosis01

    zymosis01 TS Rookie Topic Starter Posts: 19

    Here's the log:

    ComboFix 11-06-01.04 - cat 02/06/2011 13:33:40.2.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2023.708 [GMT 10:00]
    Running from: c:\users\cat\Desktop\ComboFix.exe
    Command switches used :: c:\users\cat\Desktop\CFScript.txt
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-05-02 to 2011-06-02 )))))))))))))))))))))))))))))))
    .
    .
    2011-06-02 03:39 . 2011-06-02 03:39 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-06-02 01:17 . 2011-06-02 01:25 34560 ----a-w- c:\windows\SysWow64\drivers\Normandy.sys
    2011-06-02 01:15 . 2011-06-02 01:18 35712 ----a-w- c:\windows\SysWow64\drivers\BlackBox.sys
    2011-06-01 10:07 . 2011-06-01 10:07 -------- d-----w- c:\users\cat\AppData\Local\Opera
    2011-06-01 10:07 . 2011-06-01 10:07 -------- d-----w- c:\program files (x86)\Opera
    2011-06-01 02:00 . 2011-06-01 02:00 -------- d-----w- c:\program files (x86)\ESET
    2011-06-01 01:26 . 2011-06-01 01:26 -------- d-----w- c:\users\cat\AppData\Roaming\TuneUp Software
    2011-06-01 01:25 . 2011-06-01 01:27 -------- d-----w- c:\programdata\TuneUp Software
    2011-06-01 01:24 . 2011-06-01 01:24 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
    2011-06-01 01:16 . 2011-06-01 01:16 -------- d-----w- c:\users\cat\AppData\Roaming\IObit
    2011-06-01 00:15 . 2011-06-01 00:15 -------- d-----w- c:\users\cat\AppData\Roaming\SUPERAntiSpyware.com
    2011-06-01 00:15 . 2011-06-01 00:15 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2011-06-01 00:15 . 2011-06-01 00:15 -------- d-----w- c:\programdata\!SASCORE
    2011-06-01 00:15 . 2011-06-01 00:16 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-05-31 07:30 . 2011-05-31 07:30 -------- d-----w- c:\users\cat\AppData\Roaming\Malwarebytes
    2011-05-31 07:29 . 2010-12-20 08:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-05-31 07:29 . 2011-05-31 07:29 -------- d-----w- c:\programdata\Malwarebytes
    2011-05-31 07:29 . 2010-12-20 08:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-31 07:29 . 2011-05-31 07:30 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-05-31 07:22 . 2011-05-31 07:22 -------- d-----w- c:\programdata\IObit
    2011-05-31 07:22 . 2011-05-31 07:22 -------- d-----w- c:\program files (x86)\IObit
    2011-05-31 07:13 . 2011-05-31 07:13 -------- d-----w- c:\windows\Sun
    2011-05-31 06:36 . 2011-05-31 06:36 120832 --sha-r- c:\windows\SysWow64\hdwwiz5.dll
    2011-05-31 06:26 . 2011-05-31 06:26 -------- d-----w- c:\users\cat\AppData\Roaming\GrabPro
    2011-05-31 06:25 . 2011-05-31 06:35 -------- d-----w- C:\Downloads
    2011-05-31 06:25 . 2011-05-31 06:25 -------- d-----w- c:\users\cat\AppData\Roaming\ProgSense
    2011-05-31 06:25 . 2011-05-31 06:48 -------- d-----w- c:\users\cat\AppData\Roaming\Orbit
    2011-05-29 22:59 . 2011-05-29 22:59 -------- d-----w- c:\users\cat\AppData\Roaming\EAC
    2011-05-29 22:59 . 2011-05-31 01:53 -------- d-----w- c:\users\cat\AppData\Roaming\AccurateRip
    2011-05-29 22:59 . 2011-05-29 22:59 -------- d-----w- c:\program files (x86)\Exact Audio Copy
    2011-05-28 15:10 . 2011-06-01 07:19 -------- d-----w- c:\users\cat\AppData\Roaming\vlc
    2011-05-28 15:09 . 2011-05-28 15:09 -------- d-----w- c:\program files (x86)\VideoLAN
    2011-05-28 00:13 . 2011-05-18 02:37 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5BE31BF9-02D3-493E-A7FE-0F1615F9DA55}\mpengine.dll
    2011-05-25 22:50 . 2011-05-25 22:50 -------- d-----w- c:\users\cat\AppData\Roaming\McAfee
    2011-05-25 22:14 . 2011-05-25 22:14 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-05-25 12:24 . 2011-05-31 08:03 -------- d-----w- c:\users\cat\AppData\Local\MediaMonkey
    2011-05-25 12:24 . 2011-05-31 08:03 -------- d-----w- c:\program files (x86)\MediaMonkey
    2011-05-25 11:48 . 2011-05-25 22:08 -------- d-----w- c:\users\cat\AppData\Roaming\Internode
    2011-05-25 11:48 . 2011-05-25 11:48 -------- d-----w- c:\program files (x86)\Internode
    2011-05-25 05:59 . 2011-05-25 05:59 -------- d-----w- c:\programdata\Easy CD-DA Extractor
    2011-05-25 05:56 . 2011-05-25 05:58 -------- d-----w- c:\program files\Easy CD-DA Extractor 2011
    2011-05-25 05:29 . 2011-03-13 01:42 24376 ----a-w- c:\program files (x86)\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll
    2011-05-25 02:17 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
    2011-05-25 02:17 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
    2011-05-25 02:17 . 2011-04-09 07:02 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-05-25 02:17 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2011-05-25 02:17 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2011-05-08 04:03 . 2011-05-08 04:03 -------- d-----w- c:\users\cat\screensaver
    2011-05-08 03:37 . 2011-05-08 04:02 -------- d-----w- c:\users\cat\wallpapers
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-04-11 13:18 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
    2011-04-11 13:18 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
    2011-04-06 06:26 . 2011-04-06 06:26 96544 ----a-w- c:\windows\system32\dnssd.dll
    2011-04-06 06:26 . 2011-04-06 06:26 69408 ----a-w- c:\windows\system32\jdns_sd.dll
    2011-04-06 06:26 . 2011-04-06 06:26 237856 ----a-w- c:\windows\system32\dnssdX.dll
    2011-04-06 06:26 . 2011-04-06 06:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
    2011-04-06 06:20 . 2011-04-06 06:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
    2011-04-06 06:20 . 2011-04-06 06:20 75040 ----a-w- c:\windows\SysWow64\jdns_sd.dll
    2011-04-06 06:20 . 2011-04-06 06:20 197920 ----a-w- c:\windows\SysWow64\dnssdX.dll
    2011-04-06 06:20 . 2011-04-06 06:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
    2011-03-13 01:45 . 2010-12-25 11:45 158832 ----a-w- c:\windows\system32\mfevtps.exe
    2011-03-13 01:20 . 2010-12-25 11:57 9984 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2011-03-13 01:20 . 2010-12-25 11:56 98728 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2011-03-13 01:20 . 2010-12-25 11:56 75672 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
    2011-03-13 01:20 . 2010-12-25 11:56 65128 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2011-03-13 01:20 . 2010-12-25 11:56 481376 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2011-03-13 01:20 . 2010-12-25 11:56 281928 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
    2011-03-13 01:20 . 2010-12-25 11:56 227856 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2011-03-13 01:20 . 2010-10-13 11:28 639216 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2011-03-13 01:20 . 2010-10-13 11:28 156792 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2011-03-11 06:34 . 2011-04-15 02:00 1359872 ----a-w- c:\windows\system32\mfc42u.dll
    2011-03-11 06:34 . 2011-04-15 02:00 1395712 ----a-w- c:\windows\system32\mfc42.dll
    2011-03-11 05:33 . 2011-04-15 02:00 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
    2011-03-11 05:33 . 2011-04-15 02:00 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
    2011-03-08 06:29 . 2011-04-15 01:59 976896 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-08 05:28 . 2011-04-15 01:59 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
    2011-03-07 06:31 . 2011-04-15 02:00 1188864 ----a-w- c:\windows\system32\wininet.dll
    2011-03-07 05:33 . 2011-04-15 02:00 981504 ----a-w- c:\windows\SysWow64\wininet.dll
    2011-03-07 04:24 . 2011-04-15 02:00 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-03-07 03:52 . 2011-04-15 02:00 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-06-02_01.43.54 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-12-24 20:41 . 2011-06-01 23:04 36718 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2011-06-02 01:52 33870 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2010-12-23 21:15 . 2011-06-02 01:52 10000 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3919450576-3435590440-1623751830-1001_UserData.bin
    - 2010-12-23 10:00 . 2011-06-02 01:43 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-12-23 10:00 . 2011-06-02 01:50 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-12-23 10:00 . 2011-06-02 01:43 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2010-12-23 10:00 . 2011-06-02 01:50 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2011-06-02 01:43 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2011-06-02 01:50 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-12-23 21:14 . 2011-06-02 01:51 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-12-23 21:14 . 2011-06-01 23:03 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-12-23 21:14 . 2011-06-02 01:51 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2010-12-23 21:14 . 2011-06-01 23:03 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2010-12-23 21:14 . 2011-06-01 23:03 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-12-23 21:14 . 2011-06-02 01:51 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2010-12-23 21:14 . 2011-06-02 01:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-12-23 21:14 . 2011-06-02 03:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-12-23 21:14 . 2011-06-02 03:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2010-12-23 21:14 . 2011-06-02 01:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-06-02 01:43 . 2011-06-02 01:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-06-02 01:50 . 2011-06-02 01:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2011-06-02 01:43 . 2011-06-02 01:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-06-02 01:50 . 2011-06-02 01:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2009-07-14 05:12 . 2011-06-02 01:43 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2009-07-14 05:12 . 2011-06-02 01:44 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2009-07-14 05:01 . 2011-06-02 01:49 275056 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2011-06-02 01:41 275056 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
    .
    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2010-12-09 01:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    2010-12-09 01:51 3911776 ----a-w- c:\program files (x86)\uTorrentBar\tbuTor.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
    .
    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "InternodeUsage"="c:\progra~2\INTERN~2\mum.exe" [2011-02-19 1361408]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-23 2988928]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-05-02 1658440]
    "IObit Security 360"="c:\program files (x86)\IObit\IObit Security 360\IS360tray.exe" [2010-06-11 1280344]
    .
    c:\users\cat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Online Backup Status.lnk - c:\program files (x86)\McAfee Online Backup\MOBKstat.exe [2010-4-13 4178744]
    McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
    .
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-21 136176]
    R3 BlackBox;BlackBox SR2; [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-21 136176]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
    R3 Normandy;Normandy SR2; [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
    S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
    S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384]
    S2 IS360service;IS360service;c:\program files (x86)\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-03-13 208272]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
    S2 MOBKbackup;McAfee Online Backup;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-04-13 231224]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 82206160
    *NewlyCreated* - ASWMBR
    *Deregistered* - 82206160
    *Deregistered* - aswMBR
    *Deregistered* - mfeavfk01
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-21 04:21]
    .
    2011-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-21 04:21]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
    @="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
    [HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
    2010-04-13 09:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
    @="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
    [HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
    2010-04-13 09:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
    @="{b4caf489-1eec-c617-49ad-8d7088598c06}"
    [HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
    2010-04-13 09:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 165912]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 385560]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 363544]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    TCP: DhcpNameServer = 192.168.1.1
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\McAfee\MSC\McSnIePl.dll
    FF - ProfilePath - c:\users\cat\AppData\Roaming\Mozilla\Firefox\Profiles\qd58jxsc.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
    AddRemove-{E1E502E2-C006-49DB-9C0C-F2196E51826F}_is1 - c:\users\cat\Desktop\MustBeRandomlyNamed\unins000.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-06-02 13:41:49
    ComboFix-quarantined-files.txt 2011-06-02 03:41
    ComboFix2.txt 2011-06-02 01:47
    .
    Pre-Run: 46,628,519,936 bytes free
    Post-Run: 46,580,973,568 bytes free
    .
    - - End Of File - - 903422AD60117556D6109F8F4D94DC51


    Thanks again :)
     
  18. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    It doesn't look like you ran my script.
    Please, redo.
     
  19. zymosis01

    zymosis01 TS Rookie Topic Starter Posts: 19

    Sorry, I must have done something wrong. How's this one?

    ComboFix 11-06-01.05 - cat 02/06/2011 13:51:58.3.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2023.502 [GMT 10:00]
    Running from: c:\users\cat\Desktop\ComboFix.exe
    Command switches used :: c:\users\cat\Desktop\CFScript.txt
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\windows\SysWow64\hdwwiz5.dll"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\SysWow64\hdwwiz5.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-05-02 to 2011-06-02 )))))))))))))))))))))))))))))))
    .
    .
    2011-06-02 03:56 . 2011-06-02 03:56 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-06-02 01:17 . 2011-06-02 01:25 34560 ----a-w- c:\windows\SysWow64\drivers\Normandy.sys
    2011-06-02 01:15 . 2011-06-02 01:18 35712 ----a-w- c:\windows\SysWow64\drivers\BlackBox.sys
    2011-06-01 10:07 . 2011-06-01 10:07 -------- d-----w- c:\users\cat\AppData\Local\Opera
    2011-06-01 10:07 . 2011-06-01 10:07 -------- d-----w- c:\program files (x86)\Opera
    2011-06-01 02:00 . 2011-06-01 02:00 -------- d-----w- c:\program files (x86)\ESET
    2011-06-01 01:26 . 2011-06-01 01:26 -------- d-----w- c:\users\cat\AppData\Roaming\TuneUp Software
    2011-06-01 01:25 . 2011-06-01 01:27 -------- d-----w- c:\programdata\TuneUp Software
    2011-06-01 01:24 . 2011-06-01 01:24 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
    2011-06-01 01:16 . 2011-06-01 01:16 -------- d-----w- c:\users\cat\AppData\Roaming\IObit
    2011-06-01 00:15 . 2011-06-01 00:15 -------- d-----w- c:\users\cat\AppData\Roaming\SUPERAntiSpyware.com
    2011-06-01 00:15 . 2011-06-01 00:15 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2011-06-01 00:15 . 2011-06-01 00:15 -------- d-----w- c:\programdata\!SASCORE
    2011-06-01 00:15 . 2011-06-01 00:16 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-05-31 07:30 . 2011-05-31 07:30 -------- d-----w- c:\users\cat\AppData\Roaming\Malwarebytes
    2011-05-31 07:29 . 2010-12-20 08:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-05-31 07:29 . 2011-05-31 07:29 -------- d-----w- c:\programdata\Malwarebytes
    2011-05-31 07:29 . 2010-12-20 08:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-31 07:29 . 2011-05-31 07:30 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-05-31 07:22 . 2011-05-31 07:22 -------- d-----w- c:\programdata\IObit
    2011-05-31 07:22 . 2011-05-31 07:22 -------- d-----w- c:\program files (x86)\IObit
    2011-05-31 07:13 . 2011-05-31 07:13 -------- d-----w- c:\windows\Sun
    2011-05-31 06:26 . 2011-05-31 06:26 -------- d-----w- c:\users\cat\AppData\Roaming\GrabPro
    2011-05-31 06:25 . 2011-05-31 06:35 -------- d-----w- C:\Downloads
    2011-05-31 06:25 . 2011-05-31 06:25 -------- d-----w- c:\users\cat\AppData\Roaming\ProgSense
    2011-05-31 06:25 . 2011-05-31 06:48 -------- d-----w- c:\users\cat\AppData\Roaming\Orbit
    2011-05-29 22:59 . 2011-05-29 22:59 -------- d-----w- c:\users\cat\AppData\Roaming\EAC
    2011-05-29 22:59 . 2011-05-31 01:53 -------- d-----w- c:\users\cat\AppData\Roaming\AccurateRip
    2011-05-29 22:59 . 2011-05-29 22:59 -------- d-----w- c:\program files (x86)\Exact Audio Copy
    2011-05-28 15:10 . 2011-06-01 07:19 -------- d-----w- c:\users\cat\AppData\Roaming\vlc
    2011-05-28 15:09 . 2011-05-28 15:09 -------- d-----w- c:\program files (x86)\VideoLAN
    2011-05-28 00:13 . 2011-05-18 02:37 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5BE31BF9-02D3-493E-A7FE-0F1615F9DA55}\mpengine.dll
    2011-05-25 22:50 . 2011-05-25 22:50 -------- d-----w- c:\users\cat\AppData\Roaming\McAfee
    2011-05-25 22:14 . 2011-05-25 22:14 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-05-25 12:24 . 2011-05-31 08:03 -------- d-----w- c:\users\cat\AppData\Local\MediaMonkey
    2011-05-25 12:24 . 2011-05-31 08:03 -------- d-----w- c:\program files (x86)\MediaMonkey
    2011-05-25 11:48 . 2011-05-25 22:08 -------- d-----w- c:\users\cat\AppData\Roaming\Internode
    2011-05-25 11:48 . 2011-05-25 11:48 -------- d-----w- c:\program files (x86)\Internode
    2011-05-25 05:59 . 2011-05-25 05:59 -------- d-----w- c:\programdata\Easy CD-DA Extractor
    2011-05-25 05:56 . 2011-05-25 05:58 -------- d-----w- c:\program files\Easy CD-DA Extractor 2011
    2011-05-25 05:29 . 2011-03-13 01:42 24376 ----a-w- c:\program files (x86)\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll
    2011-05-25 02:17 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
    2011-05-25 02:17 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
    2011-05-25 02:17 . 2011-04-09 07:02 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-05-25 02:17 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2011-05-25 02:17 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2011-05-08 04:03 . 2011-05-08 04:03 -------- d-----w- c:\users\cat\screensaver
    2011-05-08 03:37 . 2011-05-08 04:02 -------- d-----w- c:\users\cat\wallpapers
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-04-11 13:18 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
    2011-04-11 13:18 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
    2011-04-06 06:26 . 2011-04-06 06:26 96544 ----a-w- c:\windows\system32\dnssd.dll
    2011-04-06 06:26 . 2011-04-06 06:26 69408 ----a-w- c:\windows\system32\jdns_sd.dll
    2011-04-06 06:26 . 2011-04-06 06:26 237856 ----a-w- c:\windows\system32\dnssdX.dll
    2011-04-06 06:26 . 2011-04-06 06:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
    2011-04-06 06:20 . 2011-04-06 06:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
    2011-04-06 06:20 . 2011-04-06 06:20 75040 ----a-w- c:\windows\SysWow64\jdns_sd.dll
    2011-04-06 06:20 . 2011-04-06 06:20 197920 ----a-w- c:\windows\SysWow64\dnssdX.dll
    2011-04-06 06:20 . 2011-04-06 06:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
    2011-03-13 01:45 . 2010-12-25 11:45 158832 ----a-w- c:\windows\system32\mfevtps.exe
    2011-03-13 01:20 . 2010-12-25 11:57 9984 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2011-03-13 01:20 . 2010-12-25 11:56 98728 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2011-03-13 01:20 . 2010-12-25 11:56 75672 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
    2011-03-13 01:20 . 2010-12-25 11:56 65128 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2011-03-13 01:20 . 2010-12-25 11:56 481376 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2011-03-13 01:20 . 2010-12-25 11:56 281928 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
    2011-03-13 01:20 . 2010-12-25 11:56 227856 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2011-03-13 01:20 . 2010-10-13 11:28 639216 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2011-03-13 01:20 . 2010-10-13 11:28 156792 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2011-03-11 06:34 . 2011-04-15 02:00 1359872 ----a-w- c:\windows\system32\mfc42u.dll
    2011-03-11 06:34 . 2011-04-15 02:00 1395712 ----a-w- c:\windows\system32\mfc42.dll
    2011-03-11 05:33 . 2011-04-15 02:00 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
    2011-03-11 05:33 . 2011-04-15 02:00 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
    2011-03-08 06:29 . 2011-04-15 01:59 976896 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-08 05:28 . 2011-04-15 01:59 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
    2011-03-07 06:31 . 2011-04-15 02:00 1188864 ----a-w- c:\windows\system32\wininet.dll
    2011-03-07 05:33 . 2011-04-15 02:00 981504 ----a-w- c:\windows\SysWow64\wininet.dll
    2011-03-07 04:24 . 2011-04-15 02:00 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-03-07 03:52 . 2011-04-15 02:00 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-06-02_01.43.54 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-12-24 20:41 . 2011-06-01 23:04 36718 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2011-06-02 01:52 33870 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2010-12-23 21:15 . 2011-06-02 01:52 10000 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3919450576-3435590440-1623751830-1001_UserData.bin
    - 2010-12-23 10:00 . 2011-06-02 01:43 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-12-23 10:00 . 2011-06-02 01:50 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-12-23 10:00 . 2011-06-02 01:43 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2010-12-23 10:00 . 2011-06-02 01:50 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2011-06-02 01:43 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2011-06-02 01:50 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-12-23 21:14 . 2011-06-02 01:51 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-12-23 21:14 . 2011-06-01 23:03 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-12-23 21:14 . 2011-06-02 01:51 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2010-12-23 21:14 . 2011-06-01 23:03 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2010-12-23 21:14 . 2011-06-01 23:03 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-12-23 21:14 . 2011-06-02 01:51 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2010-12-23 21:14 . 2011-06-02 01:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-12-23 21:14 . 2011-06-02 03:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-12-23 21:14 . 2011-06-02 03:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2010-12-23 21:14 . 2011-06-02 01:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-06-02 01:43 . 2011-06-02 01:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-06-02 01:50 . 2011-06-02 01:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2011-06-02 01:43 . 2011-06-02 01:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-06-02 01:50 . 2011-06-02 01:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2009-07-14 05:12 . 2011-06-02 01:43 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2009-07-14 05:12 . 2011-06-02 01:44 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2009-07-14 05:01 . 2011-06-02 01:49 275056 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2011-06-02 01:41 275056 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
    .
    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2010-12-09 01:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    2010-12-09 01:51 3911776 ----a-w- c:\program files (x86)\uTorrentBar\tbuTor.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
    .
    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "InternodeUsage"="c:\progra~2\INTERN~2\mum.exe" [2011-02-19 1361408]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-23 2988928]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-05-02 1658440]
    "IObit Security 360"="c:\program files (x86)\IObit\IObit Security 360\IS360tray.exe" [2010-06-11 1280344]
    .
    c:\users\cat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Online Backup Status.lnk - c:\program files (x86)\McAfee Online Backup\MOBKstat.exe [2010-4-13 4178744]
    McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
    .
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-21 136176]
    R3 BlackBox;BlackBox SR2; [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-21 136176]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
    R3 Normandy;Normandy SR2; [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
    S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
    S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384]
    S2 IS360service;IS360service;c:\program files (x86)\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-03-13 208272]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
    S2 MOBKbackup;McAfee Online Backup;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-04-13 231224]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 82206160
    *NewlyCreated* - ASWMBR
    *Deregistered* - 82206160
    *Deregistered* - aswMBR
    *Deregistered* - mfeavfk01
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-21 04:21]
    .
    2011-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-21 04:21]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
    @="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
    [HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
    2010-04-13 09:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
    @="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
    [HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
    2010-04-13 09:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
    @="{b4caf489-1eec-c617-49ad-8d7088598c06}"
    [HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
    2010-04-13 09:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 165912]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 385560]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 363544]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    TCP: DhcpNameServer = 192.168.1.1
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\McAfee\MSC\McSnIePl.dll
    FF - ProfilePath - c:\users\cat\AppData\Roaming\Mozilla\Firefox\Profiles\qd58jxsc.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-06-02 13:59:29
    ComboFix-quarantined-files.txt 2011-06-02 03:59
    ComboFix2.txt 2011-06-02 03:41
    ComboFix3.txt 2011-06-02 01:47
    .
    Pre-Run: 46,625,005,568 bytes free
    Post-Run: 46,580,416,512 bytes free
    .
    - - End Of File - - 5DEC2046639D652FD71384F336678EF2
     
  20. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    This one is correct :)

    How is redirection?
    If it's still there, which browser is affected?
     
  21. zymosis01

    zymosis01 TS Rookie Topic Starter Posts: 19

    It seems to be fixed! :)

    A million thanks, you've really been helpful. :)
     
  22. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    I'm glad to hear good news, but....

    ...we need to run couple more tools to make sure, nothing is hiding there.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  23. zymosis01

    zymosis01 TS Rookie Topic Starter Posts: 19

    Okay, here's the logs.

    OTL.txt:

    OTL logfile created on: 02/06/2011 14:13:42 - Run 1
    OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\cat\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1.98 Gb Total Physical Memory | 0.60 Gb Available Physical Memory | 30.31% Memory free
    3.95 Gb Paging File | 2.40 Gb Available in Paging File | 60.82% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 74.53 Gb Total Space | 43.43 Gb Free Space | 58.28% Space Free | Partition Type: NTFS
    Drive F: | 465.76 Gb Total Space | 71.89 Gb Free Space | 15.43% Space Free | Partition Type: NTFS

    Computer Name: PUTEY | User Name: cat | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/06/02 14:12:20 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\cat\Desktop\OTL.exe
    PRC - [2011/06/01 20:07:12 | 000,941,936 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
    PRC - [2011/04/11 10:04:10 | 003,466,584 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Security 360\is360.exe
    PRC - [2011/04/01 13:48:38 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
    PRC - [2011/02/19 12:32:52 | 001,361,408 | ---- | M] (Angus Johnson) -- C:\Program Files (x86)\Internode\mum.exe
    PRC - [2011/01/17 18:08:58 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    PRC - [2011/01/17 18:08:58 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    PRC - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Security 360\is360srv.exe
    PRC - [2010/01/15 22:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/06/02 14:12:20 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\cat\Desktop\OTL.exe
    MOD - [2010/11/20 21:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/03/17 16:39:40 | 000,501,768 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
    SRV:64bit: - [2011/03/13 11:45:12 | 000,158,832 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
    SRV:64bit: - [2011/03/13 11:37:22 | 000,208,272 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
    SRV:64bit: - [2011/03/13 11:37:06 | 000,197,960 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
    SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
    SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
    SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
    SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
    SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
    SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
    SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
    SRV:64bit: - [2009/07/14 11:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Security 360\is360srv.exe -- (IS360service)
    SRV - [2010/04/13 19:11:18 | 000,231,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
    SRV - [2010/01/15 22:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
    SRV - [2009/06/11 07:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2007/05/16 12:48:56 | 000,228,208 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/03/13 11:20:10 | 000,639,216 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
    DRV:64bit: - [2011/03/13 11:20:10 | 000,481,376 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
    DRV:64bit: - [2011/03/13 11:20:10 | 000,281,928 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
    DRV:64bit: - [2011/03/13 11:20:10 | 000,227,856 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
    DRV:64bit: - [2011/03/13 11:20:10 | 000,156,792 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
    DRV:64bit: - [2011/03/13 11:20:10 | 000,098,728 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
    DRV:64bit: - [2011/03/13 11:20:10 | 000,075,672 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
    DRV:64bit: - [2011/03/13 11:20:10 | 000,065,128 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
    DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2010/11/20 23:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 23:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 23:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2010/11/20 23:25:46 | 000,840,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\blackbox.dll -- (BlackBox)
    DRV:64bit: - [2010/11/20 21:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/04/13 19:10:24 | 000,066,040 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\MOBK.sys -- (MOBKFilter)
    DRV:64bit: - [2009/09/23 18:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2009/07/14 11:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 11:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 11:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/14 09:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
    DRV:64bit: - [2009/06/11 06:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2009/06/11 06:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express) Intel(R)
    DRV:64bit: - [2009/06/11 06:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/11 06:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/11 06:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/11 06:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV - [2011/06/02 11:25:56 | 000,034,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\Normandy.sys -- (Normandy)
    DRV - [2011/06/02 11:18:07 | 000,035,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\BlackBox.sys -- (BlackBox)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3919450576-3435590440-1623751830-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
    IE - HKU\S-1-5-21-3919450576-3435590440-1623751830-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5F 0A D1 85 EE 1F CC 01 [binary data]
    IE - HKU\S-1-5-21-3919450576-3435590440-1623751830-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    IE - HKU\S-1-5-21-3919450576-3435590440-1623751830-1001\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-3919450576-3435590440-1623751830-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3919450576-3435590440-1623751830-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========


    FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/05/27 12:57:30 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/01 11:54:36 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2011/06/01 11:54:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cat\AppData\Roaming\Mozilla\Extensions
    [2011/06/01 11:54:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    File not found (No name found) --
    [2011/05/27 12:57:30 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
    [2011/04/15 02:41:09 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
    [2010/10/13 21:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\components\Scriptff.dll
    [2010/01/01 18:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
    [2010/01/01 18:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml
    [2010/01/01 18:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
    [2010/01/01 18:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
    [2010/01/01 18:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

    O1 HOSTS File: ([2011/06/02 13:56:54 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - File not found
    O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110525152909.dll (McAfee, Inc.)
    O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
    O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110525152908.dll (McAfee, Inc.)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
    O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-3919450576-3435590440-1623751830-1001\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4 - HKLM..\Run: [IObit Security 360] C:\Program Files (x86)\IObit\IObit Security 360\IS360tray.exe (IObit)
    O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKU\S-1-5-21-3919450576-3435590440-1623751830-1001..\Run: [InternodeUsage] C:\Program Files (x86)\Internode\mum.exe (Angus Johnson)
    O4 - Startup: C:\Users\cat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3919450576-3435590440-1623751830-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3919450576-3435590440-1623751830-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-3919450576-3435590440-1623751830-1001\..Trusted Domains: internet ([]about in Trusted sites)
    O15 - HKU\S-1-5-21-3919450576-3435590440-1623751830-1001\..Trusted Domains: mcafee.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-3919450576-3435590440-1623751830-1001\..Trusted Domains: mcafee.com ([]https in Trusted sites)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
    O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/08/19 13:10:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/06/02 14:12:19 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\cat\Desktop\OTL.exe
    [2011/06/02 14:00:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/06/02 11:50:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    [2011/06/02 11:47:41 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/06/02 11:33:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/06/02 11:33:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/06/02 11:33:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/06/02 11:33:37 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/06/02 11:30:44 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/06/02 11:17:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rootkit Unhooker LE
    [2011/06/01 20:07:24 | 000,000,000 | ---D | C] -- C:\Users\cat\AppData\Roaming\Opera
    [2011/06/01 20:07:24 | 000,000,000 | ---D | C] -- C:\Users\cat\AppData\Local\Opera
    [2011/06/01 20:07:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
    [2011/06/01 16:17:36 | 000,606,738 | R--- | C] (Swearware) -- C:\Users\cat\Documents\dds.scr
    [2011/06/01 12:00:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
    [2011/06/01 11:26:04 | 000,000,000 | ---D | C] -- C:\Users\cat\AppData\Roaming\TuneUp Software
    [2011/06/01 11:25:46 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
    [2011/06/01 11:24:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
    [2011/06/01 11:16:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Security 360
    [2011/06/01 11:16:16 | 000,000,000 | ---D | C] -- C:\Users\cat\AppData\Roaming\IObit
    [2011/06/01 10:15:58 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2011/05/31 17:30:13 | 000,000,000 | ---D | C] -- C:\Users\cat\AppData\Roaming\Malwarebytes
    [2011/05/31 17:29:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/05/31 17:29:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2011/05/31 17:29:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/05/31 17:29:33 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2011/05/31 17:29:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2011/05/31 17:22:49 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
    [2011/05/31 17:22:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
    [2011/05/31 17:13:28 | 000,000,000 | ---D | C] -- C:\Windows\Sun
    [2011/05/31 16:26:02 | 000,000,000 | ---D | C] -- C:\Users\cat\AppData\Roaming\GrabPro
    [2011/05/31 16:25:49 | 000,000,000 | ---D | C] -- C:\Downloads
    [2011/05/31 16:25:48 | 000,000,000 | ---D | C] -- C:\Users\cat\AppData\Roaming\ProgSense
    [2011/05/31 16:25:24 | 000,000,000 | ---D | C] -- C:\Users\cat\AppData\Roaming\Orbit
    [2011/05/30 09:28:02 | 000,000,000 | ---D | C] -- C:\Users\cat\Documents\EAC logs
    [2011/05/30 08:59:31 | 000,000,000 | ---D | C] -- C:\Users\cat\AppData\Roaming\EAC
    [2011/05/30 08:59:23 | 000,000,000 | ---D | C] -- C:\Users\cat\AppData\Roaming\AccurateRip
    [2011/05/30 08:59:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exact Audio Copy
    [2011/05/30 08:59:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Exact Audio Copy
    [2011/05/29 01:10:53 | 000,000,000 | ---D | C] -- C:\Users\cat\AppData\Roaming\vlc
    [2011/05/29 01:09:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    [2011/05/29 01:09:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
    [2011/05/26 08:50:15 | 000,000,000 | ---D | C] -- C:\Users\cat\AppData\Roaming\McAfee
    [2011/05/25 22:24:47 | 000,000,000 | ---D | C] -- C:\Users\cat\AppData\Local\MediaMonkey
    [2011/05/25 22:24:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MediaMonkey
    [2011/05/25 21:48:13 | 000,000,000 | ---D | C] -- C:\Users\cat\AppData\Roaming\Internode
    [2011/05/25 21:48:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internode
    [2011/05/25 21:48:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Internode
    [2011/05/25 15:59:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Easy CD-DA Extractor
    [2011/05/25 15:56:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy CD-DA Extractor 2011
    [2011/05/25 15:56:35 | 000,000,000 | ---D | C] -- C:\Program Files\Easy CD-DA Extractor 2011
    [2011/05/08 14:03:02 | 000,000,000 | ---D | C] -- C:\Users\cat\screensaver
    [2011/05/08 13:37:49 | 000,000,000 | ---D | C] -- C:\Users\cat\wallpapers

    ========== Files - Modified Within 30 Days ==========

    [2011/06/02 14:12:20 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\cat\Desktop\OTL.exe
    [2011/06/02 13:56:54 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2011/06/02 13:40:04 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/06/02 12:20:30 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/06/02 12:20:30 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/06/02 11:50:32 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/06/02 11:50:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/06/02 11:50:15 | 1591,193,600 | -HS- | M] () -- C:\hiberfil.sys
    [2011/06/02 11:41:34 | 000,003,540 | ---- | M] () -- C:\Users\cat\Documents\Document.rtf
    [2011/06/02 11:25:56 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys
    [2011/06/02 11:18:07 | 000,035,712 | ---- | M] () -- C:\Windows\SysWow64\drivers\BlackBox.sys
    [2011/06/01 18:29:16 | 000,002,574 | ---- | M] () -- C:\Windows\MOBK.blk
    [2011/06/01 18:29:16 | 000,000,000 | ---- | M] () -- C:\Windows\MOBK.flt
    [2011/06/01 16:17:39 | 000,606,738 | R--- | M] (Swearware) -- C:\Users\cat\Documents\dds.scr
    [2011/06/01 14:43:06 | 000,302,592 | ---- | M] () -- C:\Users\cat\Documents\y3chfff2.exe
    [2011/06/01 11:54:38 | 000,001,151 | -H-- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2011/06/01 11:47:30 | 000,000,158 | ---- | M] () -- C:\Windows\wininit.ini
    [2011/06/01 11:32:32 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/06/01 11:32:32 | 000,619,206 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/06/01 11:32:32 | 000,107,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/05/31 22:31:38 | 000,293,480 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2011/05/31 01:52:46 | 000,003,887 | -H-- | M] () -- C:\Users\cat\Documents\uni app2.odt
    [2011/05/22 18:09:52 | 000,018,942 | ---- | M] () -- C:\Users\cat\Documents\uni app.odt
    [2011/05/22 18:09:52 | 000,000,088 | -H-- | M] () -- C:\Users\cat\Documents\.~lock.uni app.odt#
    [2011/05/09 22:38:03 | 000,008,802 | ---- | M] () -- C:\Users\cat\Documents\jubilee app.odt

    ========== Files Created - No Company Name ==========

    [2011/06/02 11:41:34 | 000,003,540 | ---- | C] () -- C:\Users\cat\Documents\Document.rtf
    [2011/06/02 11:33:44 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/06/02 11:33:44 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/06/02 11:33:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/06/02 11:33:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/06/02 11:33:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/06/02 11:17:59 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys
    [2011/06/02 11:15:14 | 000,035,712 | ---- | C] () -- C:\Windows\SysWow64\drivers\BlackBox.sys
    [2011/06/01 20:07:16 | 000,001,854 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
    [2011/06/01 14:43:02 | 000,302,592 | ---- | C] () -- C:\Users\cat\Documents\y3chfff2.exe
    [2011/06/01 11:54:38 | 000,001,151 | -H-- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2011/06/01 11:54:37 | 000,001,163 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2011/06/01 09:50:52 | 000,000,158 | ---- | C] () -- C:\Windows\wininit.ini
    [2011/05/31 01:52:45 | 000,003,887 | -H-- | C] () -- C:\Users\cat\Documents\uni app2.odt
    [2011/05/26 08:50:07 | 000,002,175 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Virtual Technician.lnk
    [2011/05/26 08:29:20 | 000,001,048 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Online Backup Status.lnk
    [2011/05/22 18:09:52 | 000,000,088 | -H-- | C] () -- C:\Users\cat\Documents\.~lock.uni app.odt#
    [2011/05/22 18:09:50 | 000,018,942 | ---- | C] () -- C:\Users\cat\Documents\uni app.odt
    [2011/05/09 22:37:58 | 000,008,802 | ---- | C] () -- C:\Users\cat\Documents\jubilee app.odt
    [2010/12/24 10:18:14 | 000,000,065 | ---- | C] () -- C:\Users\cat\AppData\Local\Images.fl
    [2009/09/23 18:21:08 | 002,050,952 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
    [2009/07/14 15:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/14 12:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/14 12:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/14 10:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/14 09:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/14 07:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/11 07:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

    ========== LOP Check ==========

    [2011/05/30 08:59:34 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\EAC
    [2011/05/31 16:26:02 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\GrabPro
    [2011/05/26 08:08:18 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\Internode
    [2011/06/01 11:16:16 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\IObit
    [2011/02/07 15:02:25 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\OpenOffice.org
    [2011/06/01 20:07:24 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\Opera
    [2011/05/31 16:48:33 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\Orbit
    [2011/03/15 17:26:52 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\PandoraRecovery
    [2011/05/31 16:25:48 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\ProgSense
    [2011/06/01 11:26:04 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\TuneUp Software
    [2011/06/02 14:21:34 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\uTorrent
    [2011/04/28 14:20:58 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\VSO
    [2011/04/02 22:33:57 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2008/08/19 13:10:51 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2008/09/12 11:37:23 | 000,000,265 | -H-- | M] () -- C:\Boot.BAK
    [2010/12/24 06:56:22 | 000,000,295 | RHS- | M] () -- C:\boot.ini
    [2010/12/24 14:50:36 | 000,000,408 | RHS- | M] () -- C:\Boot.ini.saved
    [2008/08/19 14:29:54 | 000,000,281 | ---- | M] () -- C:\BOOT.NI1
    [2010/11/20 22:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
    [2010/12/24 14:50:37 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2004/08/04 08:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2011/06/02 13:59:29 | 000,020,898 | ---- | M] () -- C:\ComboFix.txt
    [2008/08/19 13:10:51 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2011/06/02 11:50:15 | 1591,193,600 | -HS- | M] () -- C:\hiberfil.sys
    [2008/08/19 13:10:51 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2008/08/19 13:10:51 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004/08/04 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2004/08/04 08:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
    [2011/06/02 11:50:20 | 2121,592,832 | -HS- | M] () -- C:\pagefile.sys
    [2010/12/23 19:26:41 | 000,003,206 | ---- | M] () -- C:\SNPlus.log
    [2011/06/02 13:30:41 | 000,062,852 | ---- | M] () -- C:\TDSSKiller.2.5.3.0_02.06.2011_12.23.19_log.txt
    [2008/08/20 11:49:55 | 000,512,400 | ---- | M] () -- C:\vcredist_x86.log

    < %systemroot%\Fonts\*.com >
    [2009/07/14 15:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 15:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 15:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 15:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/11 06:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/14 14:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/12/23 09:12:47 | 000,000,221 | -HS- | M] () -- C:\Users\cat\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/06/02 14:12:20 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\cat\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/11 07:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/04/11 23:40:32 | 000,000,402 | -HS- | M] () -- C:\Users\cat\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:4769CB2A

    < End of report >
     
  24. zymosis01

    zymosis01 TS Rookie Topic Starter Posts: 19

    Extras.txt:

    OTL Extras logfile created on: 02/06/2011 14:13:42 - Run 1
    OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\cat\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1.98 Gb Total Physical Memory | 0.60 Gb Available Physical Memory | 30.31% Memory free
    3.95 Gb Paging File | 2.40 Gb Available in Paging File | 60.82% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 74.53 Gb Total Space | 43.43 Gb Free Space | 58.28% Space Free | Partition Type: NTFS
    Drive F: | 465.76 Gb Total Space | 71.89 Gb Free Space | 15.43% Space Free | Partition Type: NTFS

    Computer Name: PUTEY | User Name: cat | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

    [HKEY_USERS\S-1-5-21-3919450576-3435590440-1623751830-1001\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
    "{16DDB3D1-5C27-4599-9C63-E583287191CC}" = iTunes
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
    "{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}" = Paint.NET v3.5.8
    "{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "WinRAR archiver" = WinRAR archiver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
    "{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 24
    "{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
    "{33F8EAD4-B6EC-498B-B487-696B973D1C0C}" = Windows Live Messenger
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{621AF8B2-75D2-4074-BA44-79178A617255}" = Windows Live installer
    "{82AF3E91-57E1-4754-84D0-40A46E2479AB}" = OpenOffice.org 3.3
    "{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8969CD6F-5B75-40B9-8701-86ECA4C1F263}_is1" = VSO Image Resizer 4.0.3.2
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
    "{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{FBE569CA-BFEB-4E57-A674-F94D938E1AEF}" = e-tax 2010
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "conduitEngine" = Conduit Engine
    "Easy CD-DA Extractor 2011" = Easy CD-DA Extractor 2011
    "ESET Online Scanner" = ESET Online Scanner v3
    "Exact Audio Copy" = Exact Audio Copy 1.0beta2
    "Internode Monthly Usage Meter_is1" = Internode Monthly Usage Meter 8.2a
    "IObit Security 360_is1" = IObit Security 360
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "McAfee Security Scan" = McAfee Security Scan Plus
    "McAfee Virtual Technician" = McAfee Virtual Technician
    "Mozilla Firefox 4.0.1 (x86 en-GB)" = Mozilla Firefox 4.0.1 (x86 en-GB)
    "MSC" = McAfee Total Protection
    "Opera 11.11.2109" = Opera 11.11
    "PandoraRecovery" = PandoraRecovery (Remove Only)
    "uTorrent" = ĀµTorrent
    "uTorrentBar Toolbar" = uTorrentBar Toolbar
    "VLC media player" = VLC media player 1.1.9

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 31/05/2011 02:40:27 | Computer Name = putey | Source = Application Error | ID = 1000
    Description = Faulting application name: vlc.exe, version: 1.1.9.0, time stamp:
    0x4da3a0aa Faulting module name: vlc.exe, version: 1.1.9.0, time stamp: 0x4da3a0aa
    Exception
    code: 0xc0000005 Fault offset: 0x00001773 Faulting process id: 0xb20 Faulting application
    start time: 0x01cc1f5ce78cb162 Faulting application path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
    Faulting
    module path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe Report Id: de875006-8b50-11e0-b67d-001e0b6985f6

    Error - 31/05/2011 02:49:54 | Computer Name = putey | Source = Application Hang | ID = 1002
    Description = The program tvp.exe version 1.3.7.1208 stopped interacting with Windows
    and was closed. To see if more information about the problem is available, check
    the problem history in the Action Center control panel. Process ID: 19e0 Start Time:
    01cc1f5ed3f518e5 Termination Time: 45 Application Path: C:\Program Files (x86)\Total
    Video Player\tvp.exe Report Id: 2e1411c1-8b52-11e0-b67d-001e0b6985f6

    Error - 31/05/2011 21:28:21 | Computer Name = putey | Source = Application Hang | ID = 1002
    Description = The program firefox.exe version 2.0.1.4120 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 410 Start
    Time: 01cc1ffb157da354 Termination Time: 0 Application Path: C:\Program Files (x86)\Mozilla
    Firefox\firefox.exe Report Id: 66e7537b-8bee-11e0-b9aa-001e0b6985f6

    Error - 31/05/2011 21:29:29 | Computer Name = putey | Source = MsiInstaller | ID = 11321
    Description =

    Error - 01/06/2011 01:35:35 | Computer Name = putey | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
    online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
    . A component version required by the application conflicts with another component
    version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    Error - 01/06/2011 04:28:57 | Computer Name = putey | Source = VSS | ID = 8194
    Description =

    Error - 01/06/2011 04:29:30 | Computer Name = putey | Source = VSS | ID = 8194
    Description =

    Error - 01/06/2011 10:31:49 | Computer Name = putey | Source = Application Hang | ID = 1002
    Description = The program wmplayer.exe version 12.0.7601.17514 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: d2c Start
    Time: 01cc20687f46e302 Termination Time: 25525 Application Path: C:\Program Files
    (x86)\Windows Media Player\wmplayer.exe Report Id: cfd59945-8c5b-11e0-a177-001e0b6985f6


    Error - 02/06/2011 00:15:03 | Computer Name = putey | Source = Microsoft-Windows-CAPI2 | ID = 513
    Description = Cryptographic Services failed while processing the OnIdentity() call
    in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
    of binary SASDIFSV. System Error: The system cannot find the file specified. .

    Error - 02/06/2011 00:15:03 | Computer Name = putey | Source = Microsoft-Windows-CAPI2 | ID = 513
    Description = Cryptographic Services failed while processing the OnIdentity() call
    in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
    of binary SASKUTIL. System Error: The system cannot find the file specified. .

    [ System Events ]
    Error - 01/06/2011 21:17:59 | Computer Name = putey | Source = Application Popup | ID = 1060
    Description = \SystemRoot\SysWow64\Drivers\Normandy.SYS has been blocked from loading
    due to incompatibility with this system. Please contact your software vendor for
    a compatible version of the driver.

    Error - 01/06/2011 21:25:56 | Computer Name = putey | Source = Application Popup | ID = 1060
    Description = \SystemRoot\SysWow64\Drivers\Normandy.SYS has been blocked from loading
    due to incompatibility with this system. Please contact your software vendor for
    a compatible version of the driver.

    Error - 01/06/2011 21:38:05 | Computer Name = putey | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 01/06/2011 21:41:12 | Computer Name = putey | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 01/06/2011 21:41:19 | Computer Name = putey | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 01/06/2011 23:36:39 | Computer Name = putey | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 01/06/2011 23:39:28 | Computer Name = putey | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 01/06/2011 23:54:24 | Computer Name = putey | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 01/06/2011 23:56:31 | Computer Name = putey | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 01/06/2011 23:56:56 | Computer Name = putey | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.


    < End of report >
     
  25. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ====================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      DRV - [2011/06/02 11:25:56 | 000,034,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\Normandy.sys -- (Normandy)
      DRV - [2011/06/02 11:18:07 | 000,035,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\BlackBox.sys -- (BlackBox)
      O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - File not found
      O15 - HKU\S-1-5-21-3919450576-3435590440-1623751830-1001\..Trusted Domains: internet ([]about in Trusted sites)
      O15 - HKU\S-1-5-21-3919450576-3435590440-1623751830-1001\..Trusted Domains: mcafee.com ([]http in Trusted sites)
      O15 - HKU\S-1-5-21-3919450576-3435590440-1623751830-1001\..Trusted Domains: mcafee.com ([]https in Trusted sites)
      @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:4769CB2A
      
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.