Solved Google search results being redirected in Firefox

Status
Not open for further replies.
Z

zymosis01

Posts: 19   +0
Hi,

I know there's already a few threads on this issue, but I'm heistant to follow the advice in any of them in case it doesn't apply to me.

I got several viruses on my computer yesterday. McAfee found nothing, but MalwareBytes found 14 threats, which were promptly removed. Among them were Qhexia.exe and Qfc.exe. Can't remember the others..

However, in Firefox, Google and Yahoo search results are redirected to blank pages.

E.g. I'll search for "blue", go to the Wiki entry on it and end up on a blank page with this address: ht tp://www.thewebtimes.net/?n=1306894928

I've run MalwareBytes again and nothing was found. I downloaded and ran SuperAntiSpyware and IObit Security 360 and a bunch of tracking cookies were found, but removing them has not helped. I've uninstalled Firefox completely and reinstalled and yet I'm still having the same problem

Can anyone help me with this frustrating problem?

Thanks!
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Here is the MalwareBytes log:


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6729

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

01/06/2011 14:29:04
mbam-log-2011-06-01 (14-29-04).txt

Scan type: Quick scan
Objects scanned: 158595
Time elapsed: 6 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Gmer didn't come up with anything. Don't know if I was doing it wrong? The logs were empty each time I tried....


The DDS logs:


.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24
Run by cat at 15:00:43 on 2011-06-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2023.685 [GMT 10:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Internode\mum.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKstat.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\cat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7A49BRJX\dds[1].scr
C:\Windows\SysWOW64\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110525152908.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
uRun: [InternodeUsage] C:\PROGRA~2\INTERN~2\mum.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [IObit Security 360] "C:\Program Files (x86)\IObit\IObit Security 360\IS360tray.exe" /autostart
StartupFolder: C:\Users\cat\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~2.LNK - C:\Program Files (x86)\McAfee Online Backup\MOBKstat.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110525152909.dll
BHO-X64: scriptproxy - No File
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\cat\AppData\Roaming\Mozilla\Firefox\Profiles\qd58jxsc.default\
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 MOBKFilter;MOBKFilter;C:\Windows\system32\DRIVERS\MOBK.sys --> C:\Windows\system32\DRIVERS\MOBK.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-18 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-18 12360]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-5 128384]
R2 IS360service;IS360service;C:\Program Files (x86)\IObit\IObit Security 360\is360srv.exe [2011-6-1 312152]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2011-5-25 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2011-5-25 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2011-5-25 249936]
R2 McProxy;McAfee Proxy Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2011-5-25 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-12-25 197960]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-12-25 208272]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 MOBKbackup;McAfee Online Backup;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-5-20 2026304]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-2-10 11856]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-21 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-21 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-06-01 02:00:31 -------- d-----w- C:\Program Files (x86)\ESET
2011-06-01 01:30:24 36160 ----a-w- C:\Windows\System32\uxtuneup.dll
2011-06-01 01:30:24 29504 ----a-w- C:\Windows\SysWow64\uxtuneup.dll
2011-06-01 01:30:24 25920 ----a-w- C:\Windows\System32\authuitu.dll
2011-06-01 01:30:23 21312 ----a-w- C:\Windows\SysWow64\authuitu.dll
2011-06-01 01:27:04 34624 ----a-w- C:\Windows\System32\TURegOpt.exe
2011-06-01 01:26:04 -------- d-----w- C:\Users\cat\AppData\Roaming\TuneUp Software
2011-06-01 01:25:52 -------- d-----w- C:\Program Files (x86)\TuneUp Utilities 2011
2011-06-01 01:25:46 -------- d-----w- C:\ProgramData\TuneUp Software
2011-06-01 01:24:34 -------- d-sh--w- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-06-01 01:16:16 -------- d-----w- C:\Users\cat\AppData\Roaming\IObit
2011-06-01 00:15:58 -------- d-----w- C:\Users\cat\AppData\Roaming\SUPERAntiSpyware.com
2011-06-01 00:15:58 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-06-01 00:15:50 -------- d-----w- C:\ProgramData\!SASCORE
2011-06-01 00:15:43 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-05-31 07:30:13 -------- d-----w- C:\Users\cat\AppData\Roaming\Malwarebytes
2011-05-31 07:29:49 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-31 07:29:40 -------- d-----w- C:\ProgramData\Malwarebytes
2011-05-31 07:29:33 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-05-31 07:29:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-05-31 07:22:49 -------- d-----w- C:\ProgramData\IObit
2011-05-31 07:22:35 -------- d-----w- C:\Program Files (x86)\IObit
2011-05-31 06:36:36 120832 --sha-r- C:\Windows\SysWow64\hdwwiz5.dll
2011-05-31 06:26:02 -------- d-----w- C:\Users\cat\AppData\Roaming\GrabPro
2011-05-31 06:25:49 -------- d-----w- C:\Downloads
2011-05-31 06:25:48 -------- d-----w- C:\Users\cat\AppData\Roaming\ProgSense
2011-05-29 22:59:31 -------- d-----w- C:\Users\cat\AppData\Roaming\EAC
2011-05-29 22:59:23 -------- d-----w- C:\Users\cat\AppData\Roaming\AccurateRip
2011-05-29 22:59:04 -------- d-----w- C:\Program Files (x86)\Exact Audio Copy
2011-05-28 15:09:00 -------- d-----w- C:\Program Files (x86)\VideoLAN
2011-05-28 00:13:14 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5BE31BF9-02D3-493E-A7FE-0F1615F9DA55}\mpengine.dll
2011-05-25 22:50:15 -------- d-----w- C:\Users\cat\AppData\Roaming\McAfee
2011-05-25 22:14:06 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-25 12:24:47 -------- d-----w- C:\Users\cat\AppData\Local\MediaMonkey
2011-05-25 12:24:43 -------- d-----w- C:\Program Files (x86)\MediaMonkey
2011-05-25 11:48:13 -------- d-----w- C:\Users\cat\AppData\Roaming\Internode
2011-05-25 11:48:08 -------- d-----w- C:\Program Files (x86)\Internode
2011-05-25 05:59:50 -------- d-----w- C:\ProgramData\Easy CD-DA Extractor
2011-05-25 05:56:35 -------- d-----w- C:\Program Files\Easy CD-DA Extractor 2011
2011-05-25 05:29:08 24376 ----a-w- C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll
2011-05-25 02:17:57 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-05-25 02:17:57 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-05-25 02:17:53 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-05-25 02:17:51 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-05-25 02:17:51 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-05-08 04:03:02 -------- d-----w- C:\Users\cat\screensaver
2011-05-08 03:37:49 -------- d-----w- C:\Users\cat\wallpapers
.
==================== Find3M ====================
.
2011-04-11 13:18:06 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-04-11 13:18:06 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-04-06 06:26:58 96544 ----a-w- C:\Windows\System32\dnssd.dll
2011-04-06 06:26:58 69408 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-04-06 06:26:58 237856 ----a-w- C:\Windows\System32\dnssdX.dll
2011-04-06 06:26:58 119584 ----a-w- C:\Windows\System32\dns-sd.exe
2011-04-06 06:20:16 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-04-06 06:20:16 75040 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-04-06 06:20:16 197920 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2011-04-06 06:20:16 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-03-13 01:45:12 158832 ----a-w- C:\Windows\System32\mfevtps.exe
2011-03-13 01:20:10 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2011-03-13 01:20:10 98728 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2011-03-13 01:20:10 75672 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2011-03-13 01:20:10 65128 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2011-03-13 01:20:10 639216 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2011-03-13 01:20:10 481376 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2011-03-13 01:20:10 281928 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2011-03-13 01:20:10 227856 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2011-03-13 01:20:10 156792 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2011-03-11 06:34:51 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-11 06:34:50 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-11 05:33:59 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:33:59 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-08 06:29:32 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-08 05:28:29 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-07 06:31:44 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-03-07 05:33:13 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-03-07 04:24:34 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-03-07 03:52:25 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-03-03 06:24:16 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-03-03 06:21:57 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-03-03 05:36:16 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
.
============= FINISH: 15:01:40.28 ===============










.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 23/12/2010 10:04:36
System Uptime: 01/06/2011 11:49:18 (4 hours ago)
.
Motherboard: Hewlett-Packard | | 0A54h
Processor: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz | XU1 PROCESSOR | 1578/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 42.559 GiB free.
D: is CDROM ()
F: is FIXED (NTFS) - 466 GiB total, 71.386 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_8086&DEV_2994&SUBSYS_2801103C&REV_02\3&33FD14CA&0&18
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_8086&DEV_2994&SUBSYS_2801103C&REV_02\3&33FD14CA&0&18
Service:
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&2BA03272&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&2BA03272&0
Service: i8042prt
.
Class GUID:
Description: USB Network Interface
Device ID: USB\VID_069A&PID_0317\0060644BFE42
Manufacturer:
Name: USB Network Interface
PNP Device ID: USB\VID_069A&PID_0317\0060644BFE42
Service:
.
==== System Restore Points ===================
.
RP49: 31/05/2011 02:42:11 - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
Apple Application Support
Apple Software Update
µTorrent
Conduit Engine
e-tax 2010
Easy CD-DA Extractor 2011
ESET Online Scanner v3
Exact Audio Copy 1.0beta2
Google Earth Plug-in
Google Update Helper
Internode Monthly Usage Meter 8.2a
IObit Security 360
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 24
Malwarebytes' Anti-Malware
McAfee Online Backup
McAfee Security Scan Plus
McAfee Total Protection
McAfee Virtual Technician
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 4.0.1 (x86 en-GB)
OpenOffice.org 3.3
PandoraRecovery (Remove Only)
QuickTime
TuneUp Utilities 2011
TuneUp Utilities Language Pack (en-US)
uTorrentBar Toolbar
VLC media player 1.1.9
VSO Image Resizer 4.0.3.2
Windows Live installer
Windows Live Messenger
.
==== Event Viewer Messages From Past Week ========
.
31/05/2011 17:44:16, Error: Service Control Manager [7034] - The IS360service service terminated unexpectedly. It has done this 1 time(s).
29/05/2011 17:00:32, Error: Ntfs [137] - The default transaction resource manager on volume G: encountered a non-retryable error and could not start. The data contains the error code.
29/05/2011 16:04:13, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
29/05/2011 02:55:38, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
27/05/2011 12:46:40, Error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).
27/05/2011 12:46:40, Error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
27/05/2011 12:46:40, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
27/05/2011 12:46:40, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
27/05/2011 12:46:40, Error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
27/05/2011 12:46:40, Error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
27/05/2011 12:46:40, Error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
26/05/2011 09:06:55, Error: Service Control Manager [7043] - The McAfee McShield service did not shut down properly after receiving a preshutdown control.
26/05/2011 08:40:15, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee VirusScan Announcer service, but this action failed with the following error: An instance of the service is already running.
26/05/2011 08:40:15, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee Services service, but this action failed with the following error: An instance of the service is already running.
26/05/2011 08:07:54, Error: Service Control Manager [7023] -
25/05/2011 15:55:40, Error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 1 time(s).
01/06/2011 11:50:08, Error: Service Control Manager [7023] - The TuneUp Utilities Service service terminated with the following error: %%-2147022986
01/06/2011 11:30:31, Error: Service Control Manager [7000] - The TuneUp Theme Extension service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.
.
==== End Of File ===========================


Hope this helps....
 
You did fine. GMER won't produce any log, if no changes have been found.

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

====================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
When trying to run Rootkit Unhooker (the .exe), I got the following message:

"Sorry, but unhandled exception has occurred
Program will be terminated
Exception code: 0xC0000005
Instruction address: 0x00402Eaa
Attempt to read address: 0xFFFFFFF

Error log generated, please report to developers"

The error log:

"Exception code : 0xC0000005
Instruction address : 0x00402EAA
Attempt to read at address : 0xFFFFFFFF"


I downloaded the .rar file instead and unzipped it, then trying running the app (named VRe3s5157x.exe) and got the following error:

"Error loading driver, NTSTATUS code: 0xC00036B


The ComboFix error log:

ComboFix 11-06-01.04 - cat 02/06/2011 11:35:09.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2023.724 [GMT 10:00]
Running from: c:\users\cat\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
((((((((((((((((((((((((( Files Created from 2011-05-02 to 2011-06-02 )))))))))))))))))))))))))))))))
.
.
2011-06-02 01:40 . 2011-06-02 01:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-02 01:17 . 2011-06-02 01:25 34560 ----a-w- c:\windows\SysWow64\drivers\Normandy.sys
2011-06-02 01:15 . 2011-06-02 01:18 35712 ----a-w- c:\windows\SysWow64\drivers\BlackBox.sys
2011-06-01 10:07 . 2011-06-01 10:07 -------- d-----w- c:\users\cat\AppData\Local\Opera
2011-06-01 10:07 . 2011-06-01 10:07 -------- d-----w- c:\program files (x86)\Opera
2011-06-01 02:00 . 2011-06-01 02:00 -------- d-----w- c:\program files (x86)\ESET
2011-06-01 01:26 . 2011-06-01 01:26 -------- d-----w- c:\users\cat\AppData\Roaming\TuneUp Software
2011-06-01 01:25 . 2011-06-01 01:27 -------- d-----w- c:\programdata\TuneUp Software
2011-06-01 01:24 . 2011-06-01 01:24 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-06-01 01:16 . 2011-06-01 01:16 -------- d-----w- c:\users\cat\AppData\Roaming\IObit
2011-06-01 00:15 . 2011-06-01 00:15 -------- d-----w- c:\users\cat\AppData\Roaming\SUPERAntiSpyware.com
2011-06-01 00:15 . 2011-06-01 00:15 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-06-01 00:15 . 2011-06-01 00:15 -------- d-----w- c:\programdata\!SASCORE
2011-06-01 00:15 . 2011-06-01 00:16 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-31 07:30 . 2011-05-31 07:30 -------- d-----w- c:\users\cat\AppData\Roaming\Malwarebytes
2011-05-31 07:29 . 2010-12-20 08:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-31 07:29 . 2011-05-31 07:29 -------- d-----w- c:\programdata\Malwarebytes
2011-05-31 07:29 . 2010-12-20 08:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-31 07:29 . 2011-05-31 07:30 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-05-31 07:22 . 2011-05-31 07:22 -------- d-----w- c:\programdata\IObit
2011-05-31 07:22 . 2011-05-31 07:22 -------- d-----w- c:\program files (x86)\IObit
2011-05-31 07:13 . 2011-05-31 07:13 -------- d-----w- c:\windows\Sun
2011-05-31 06:36 . 2011-05-31 06:36 120832 --sha-r- c:\windows\SysWow64\hdwwiz5.dll
2011-05-31 06:26 . 2011-05-31 06:26 -------- d-----w- c:\users\cat\AppData\Roaming\GrabPro
2011-05-31 06:25 . 2011-05-31 06:35 -------- d-----w- C:\Downloads
2011-05-31 06:25 . 2011-05-31 06:25 -------- d-----w- c:\users\cat\AppData\Roaming\ProgSense
2011-05-31 06:25 . 2011-05-31 06:48 -------- d-----w- c:\users\cat\AppData\Roaming\Orbit
2011-05-29 22:59 . 2011-05-29 22:59 -------- d-----w- c:\users\cat\AppData\Roaming\EAC
2011-05-29 22:59 . 2011-05-31 01:53 -------- d-----w- c:\users\cat\AppData\Roaming\AccurateRip
2011-05-29 22:59 . 2011-05-29 22:59 -------- d-----w- c:\program files (x86)\Exact Audio Copy
2011-05-28 15:10 . 2011-06-01 07:19 -------- d-----w- c:\users\cat\AppData\Roaming\vlc
2011-05-28 15:09 . 2011-05-28 15:09 -------- d-----w- c:\program files (x86)\VideoLAN
2011-05-28 00:13 . 2011-05-18 02:37 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5BE31BF9-02D3-493E-A7FE-0F1615F9DA55}\mpengine.dll
2011-05-25 22:50 . 2011-05-25 22:50 -------- d-----w- c:\users\cat\AppData\Roaming\McAfee
2011-05-25 22:14 . 2011-05-25 22:14 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-25 12:24 . 2011-05-31 08:03 -------- d-----w- c:\users\cat\AppData\Local\MediaMonkey
2011-05-25 12:24 . 2011-05-31 08:03 -------- d-----w- c:\program files (x86)\MediaMonkey
2011-05-25 11:48 . 2011-05-25 22:08 -------- d-----w- c:\users\cat\AppData\Roaming\Internode
2011-05-25 11:48 . 2011-05-25 11:48 -------- d-----w- c:\program files (x86)\Internode
2011-05-25 05:59 . 2011-05-25 05:59 -------- d-----w- c:\programdata\Easy CD-DA Extractor
2011-05-25 05:56 . 2011-05-25 05:58 -------- d-----w- c:\program files\Easy CD-DA Extractor 2011
2011-05-25 05:29 . 2011-03-13 01:42 24376 ----a-w- c:\program files (x86)\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll
2011-05-25 02:17 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-25 02:17 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-25 02:17 . 2011-04-09 07:02 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-25 02:17 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-05-25 02:17 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-05-08 04:03 . 2011-05-08 04:03 -------- d-----w- c:\users\cat\screensaver
2011-05-08 03:37 . 2011-05-08 04:02 -------- d-----w- c:\users\cat\wallpapers
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-11 13:18 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-04-11 13:18 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-04-06 06:26 . 2011-04-06 06:26 96544 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 06:26 . 2011-04-06 06:26 69408 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 06:26 . 2011-04-06 06:26 237856 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 06:26 . 2011-04-06 06:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 06:20 . 2011-04-06 06:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-04-06 06:20 . 2011-04-06 06:20 75040 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-04-06 06:20 . 2011-04-06 06:20 197920 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-04-06 06:20 . 2011-04-06 06:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-03-13 01:45 . 2010-12-25 11:45 158832 ----a-w- c:\windows\system32\mfevtps.exe
2011-03-13 01:20 . 2010-12-25 11:57 9984 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-03-13 01:20 . 2010-12-25 11:56 98728 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-03-13 01:20 . 2010-12-25 11:56 75672 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-03-13 01:20 . 2010-12-25 11:56 65128 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-03-13 01:20 . 2010-12-25 11:56 481376 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-03-13 01:20 . 2010-12-25 11:56 281928 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-03-13 01:20 . 2010-12-25 11:56 227856 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-03-13 01:20 . 2010-10-13 11:28 639216 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-03-13 01:20 . 2010-10-13 11:28 156792 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-03-11 06:34 . 2011-04-15 02:00 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 06:34 . 2011-04-15 02:00 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 05:33 . 2011-04-15 02:00 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-03-11 05:33 . 2011-04-15 02:00 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-03-08 06:29 . 2011-04-15 01:59 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-08 05:28 . 2011-04-15 01:59 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-03-07 06:31 . 2011-04-15 02:00 1188864 ----a-w- c:\windows\system32\wininet.dll
2011-03-07 05:33 . 2011-04-15 02:00 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-03-07 04:24 . 2011-04-15 02:00 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-07 03:52 . 2011-04-15 02:00 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 01:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 01:51 3911776 ----a-w- c:\program files (x86)\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InternodeUsage"="c:\progra~2\INTERN~2\mum.exe" [2011-02-19 1361408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-23 2988928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-05-02 1658440]
"IObit Security 360"="c:\program files (x86)\IObit\IObit Security 360\IS360tray.exe" [2010-06-11 1280344]
.
c:\users\cat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Online Backup Status.lnk - c:\program files (x86)\McAfee Online Backup\MOBKstat.exe [2010-4-13 4178744]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-21 136176]
R3 BlackBox;BlackBox SR2; [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-21 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 Normandy;Normandy SR2; [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384]
S2 IS360service;IS360service;c:\program files (x86)\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-03-13 208272]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 MOBKbackup;McAfee Online Backup;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-04-13 231224]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-21 04:21]
.
2011-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-21 04:21]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-13 09:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-13 09:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-13 09:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF9031.cfxxe" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 363544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\McAfee\MSC\McSnIePl.dll
FF - ProfilePath - c:\users\cat\AppData\Roaming\Mozilla\Firefox\Profiles\qd58jxsc.default\
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\rundll32.exe
c:\windows\SysWOW64\rundll32.exe
.
**************************************************************************
.
Completion time: 2011-06-02 11:47:37 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-02 01:47
.
Pre-Run: 46,542,086,144 bytes free
Post-Run: 46,573,109,248 bytes free
.
- - End Of File - - 36AB43F2D1734D5998D35412E894D386


Thanks for all your help. :)
 
Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.
Upload following files to http://www.virustotal.com/ for security check:
- c:\windows\SysWow64\hdwwiz5.dll
If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.

===================================================================

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

=======================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:
 
I was unable to find the hdwwiz5.dll file, so skipped that step. The was an hdwwiz application and hdwwiz.cpl file, but I don't kniw if they're the same. I would guess not...


Here's the TDDSKiller log:

2011/06/02 12:23:19.0691 4804 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/06/02 12:23:21.0694 4804 ================================================================================
2011/06/02 12:23:21.0696 4804 SystemInfo:
2011/06/02 12:23:21.0696 4804
2011/06/02 12:23:21.0696 4804 OS Version: 6.1.7601 ServicePack: 1.0
2011/06/02 12:23:21.0696 4804 Product type: Workstation
2011/06/02 12:23:21.0696 4804 ComputerName: PUTEY
2011/06/02 12:23:21.0696 4804 UserName: cat
2011/06/02 12:23:21.0696 4804 Windows directory: C:\Windows
2011/06/02 12:23:21.0696 4804 System windows directory: C:\Windows
2011/06/02 12:23:21.0696 4804 Running under WOW64
2011/06/02 12:23:21.0696 4804 Processor architecture: Intel x64
2011/06/02 12:23:21.0696 4804 Number of processors: 2
2011/06/02 12:23:21.0696 4804 Page size: 0x1000
2011/06/02 12:23:21.0696 4804 Boot type: Normal boot
2011/06/02 12:23:21.0696 4804 ================================================================================
2011/06/02 12:23:23.0624 4804 Initialize success
2011/06/02 12:23:29.0731 2568 ================================================================================
2011/06/02 12:23:29.0731 2568 Scan started
2011/06/02 12:23:29.0731 2568 Mode: Manual;
2011/06/02 12:23:29.0731 2568 ================================================================================
2011/06/02 12:23:31.0331 2568 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/06/02 12:23:31.0456 2568 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/06/02 12:23:31.0491 2568 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/06/02 12:23:31.0606 2568 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/06/02 12:23:31.0654 2568 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/06/02 12:23:31.0694 2568 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/06/02 12:23:31.0786 2568 AFD (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys
2011/06/02 12:23:31.0886 2568 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/06/02 12:23:32.0079 2568 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/06/02 12:23:32.0139 2568 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/06/02 12:23:32.0219 2568 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/06/02 12:23:32.0256 2568 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/06/02 12:23:32.0334 2568 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
2011/06/02 12:23:32.0444 2568 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/06/02 12:23:32.0489 2568 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
2011/06/02 12:23:32.0639 2568 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/06/02 12:23:32.0786 2568 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/06/02 12:23:32.0849 2568 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/06/02 12:23:32.0924 2568 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/02 12:23:32.0966 2568 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/06/02 12:23:33.0071 2568 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/06/02 12:23:33.0194 2568 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/06/02 12:23:33.0289 2568 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/06/02 12:23:33.0496 2568 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/06/02 12:23:33.0584 2568 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/02 12:23:33.0754 2568 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/06/02 12:23:33.0784 2568 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/06/02 12:23:33.0834 2568 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/06/02 12:23:33.0876 2568 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/06/02 12:23:33.0919 2568 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/06/02 12:23:33.0966 2568 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/06/02 12:23:34.0054 2568 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/06/02 12:23:34.0091 2568 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/02 12:23:34.0204 2568 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/02 12:23:34.0356 2568 cfwids (e8ddaaf635a4ea6f24927544e97c6de8) C:\Windows\system32\drivers\cfwids.sys
2011/06/02 12:23:34.0466 2568 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/06/02 12:23:34.0524 2568 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/06/02 12:23:34.0619 2568 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/02 12:23:34.0676 2568 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/06/02 12:23:34.0724 2568 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/06/02 12:23:34.0829 2568 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/02 12:23:34.0901 2568 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/06/02 12:23:35.0021 2568 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/06/02 12:23:35.0141 2568 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/06/02 12:23:35.0211 2568 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/06/02 12:23:35.0276 2568 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/06/02 12:23:35.0419 2568 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/06/02 12:23:35.0479 2568 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/02 12:23:35.0614 2568 e1express (416a2007878ed1d6fc5dddb9e1f6db3e) C:\Windows\system32\DRIVERS\e1e6032e.sys
2011/06/02 12:23:35.0764 2568 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/06/02 12:23:35.0981 2568 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/06/02 12:23:36.0029 2568 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/06/02 12:23:36.0109 2568 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/06/02 12:23:36.0161 2568 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/06/02 12:23:36.0251 2568 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/02 12:23:36.0304 2568 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/06/02 12:23:36.0331 2568 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/06/02 12:23:36.0416 2568 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/02 12:23:36.0499 2568 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/06/02 12:23:36.0576 2568 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/06/02 12:23:36.0634 2568 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/02 12:23:36.0786 2568 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/06/02 12:23:36.0876 2568 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/06/02 12:23:36.0976 2568 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/06/02 12:23:37.0196 2568 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/06/02 12:23:37.0269 2568 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/06/02 12:23:37.0386 2568 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/06/02 12:23:37.0431 2568 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/06/02 12:23:37.0484 2568 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/06/02 12:23:37.0519 2568 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/06/02 12:23:37.0589 2568 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/02 12:23:37.0671 2568 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/06/02 12:23:37.0856 2568 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/06/02 12:23:38.0046 2568 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/06/02 12:23:38.0174 2568 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/06/02 12:23:38.0279 2568 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
2011/06/02 12:23:38.0561 2568 igfx (24cc43ecdeefd4c19fbbee4951b647f1) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/06/02 12:23:38.0951 2568 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/06/02 12:23:39.0119 2568 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/06/02 12:23:39.0186 2568 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/02 12:23:39.0234 2568 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/02 12:23:39.0316 2568 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/06/02 12:23:39.0381 2568 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/06/02 12:23:39.0459 2568 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/06/02 12:23:39.0594 2568 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/06/02 12:23:39.0654 2568 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/06/02 12:23:39.0759 2568 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
2011/06/02 12:23:39.0831 2568 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
2011/06/02 12:23:39.0929 2568 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/02 12:23:39.0994 2568 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/06/02 12:23:40.0079 2568 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/06/02 12:23:40.0239 2568 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/02 12:23:40.0371 2568 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/06/02 12:23:40.0441 2568 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/06/02 12:23:40.0471 2568 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/06/02 12:23:40.0511 2568 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/06/02 12:23:40.0576 2568 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/06/02 12:23:40.0756 2568 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/06/02 12:23:40.0811 2568 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/06/02 12:23:40.0886 2568 mfeapfk (fb752feb1ed4e660ff51712892905c04) C:\Windows\system32\drivers\mfeapfk.sys
2011/06/02 12:23:41.0019 2568 mfeavfk (3257cf681999a47d8c552dfbbeb7844e) C:\Windows\system32\drivers\mfeavfk.sys
2011/06/02 12:23:41.0504 2568 mfefirek (00016d7ed29a95d6f7e7b6a3f591fd2d) C:\Windows\system32\drivers\mfefirek.sys
2011/06/02 12:23:41.0909 2568 mfehidk (39030c98198f02a2f3a1c3166bf56253) C:\Windows\system32\drivers\mfehidk.sys
2011/06/02 12:23:42.0224 2568 mfenlfk (217fa02439de74844b6a39aebeed24e1) C:\Windows\system32\DRIVERS\mfenlfk.sys
2011/06/02 12:23:42.0314 2568 mferkdet (8474e6ee0b5eab108cf005c6c4956e75) C:\Windows\system32\drivers\mferkdet.sys
2011/06/02 12:23:42.0424 2568 mfewfpk (d4cf36f1eba374fcc35903ae4f4e46bc) C:\Windows\system32\drivers\mfewfpk.sys
2011/06/02 12:23:42.0651 2568 MOBKFilter (3800c23d0d90c59aafcdefdc82b5c4af) C:\Windows\system32\DRIVERS\MOBK.sys
2011/06/02 12:23:42.0739 2568 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/06/02 12:23:42.0816 2568 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/02 12:23:42.0901 2568 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/02 12:23:42.0989 2568 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/02 12:23:43.0034 2568 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/06/02 12:23:43.0159 2568 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/06/02 12:23:43.0271 2568 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/02 12:23:43.0321 2568 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/06/02 12:23:43.0399 2568 mrxsmb (c2b4651001a867ff3f8865863b592991) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/02 12:23:43.0482 2568 mrxsmb10 (7e79946afc5f799ab62982282be5ac13) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/02 12:23:43.0557 2568 mrxsmb20 (5fb954100cea2bfec6446fbbecaa3f79) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/02 12:23:43.0629 2568 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/06/02 12:23:43.0714 2568 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/06/02 12:23:43.0807 2568 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/06/02 12:23:43.0832 2568 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/06/02 12:23:43.0924 2568 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/06/02 12:23:44.0014 2568 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/02 12:23:44.0097 2568 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/02 12:23:44.0157 2568 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/06/02 12:23:44.0202 2568 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/06/02 12:23:44.0274 2568 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/06/02 12:23:44.0289 2568 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/06/02 12:23:44.0322 2568 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/06/02 12:23:44.0392 2568 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/06/02 12:23:44.0507 2568 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/02 12:23:44.0622 2568 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/06/02 12:23:44.0729 2568 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/06/02 12:23:44.0804 2568 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/02 12:23:44.0879 2568 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/02 12:23:44.0964 2568 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/02 12:23:45.0097 2568 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/06/02 12:23:45.0197 2568 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/02 12:23:45.0234 2568 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/02 12:23:45.0349 2568 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/06/02 12:23:45.0479 2568 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/06/02 12:23:45.0517 2568 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/02 12:23:45.0599 2568 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
2011/06/02 12:23:45.0777 2568 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/06/02 12:23:45.0817 2568 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
2011/06/02 12:23:45.0919 2568 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
2011/06/02 12:23:45.0989 2568 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/06/02 12:23:46.0019 2568 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/06/02 12:23:46.0112 2568 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/06/02 12:23:46.0152 2568 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/06/02 12:23:46.0222 2568 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/06/02 12:23:46.0314 2568 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/06/02 12:23:46.0409 2568 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/06/02 12:23:46.0442 2568 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/06/02 12:23:46.0479 2568 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/06/02 12:23:46.0617 2568 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/02 12:23:46.0692 2568 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/06/02 12:23:46.0797 2568 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/02 12:23:46.0869 2568 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/06/02 12:23:47.0002 2568 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/06/02 12:23:47.0047 2568 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/02 12:23:47.0097 2568 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/02 12:23:47.0164 2568 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/06/02 12:23:47.0212 2568 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/02 12:23:47.0284 2568 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/02 12:23:47.0357 2568 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/02 12:23:47.0407 2568 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/02 12:23:47.0537 2568 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/06/02 12:23:47.0562 2568 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/02 12:23:47.0589 2568 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/02 12:23:47.0642 2568 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/06/02 12:23:47.0677 2568 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/06/02 12:23:47.0794 2568 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/06/02 12:23:47.0939 2568 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/02 12:23:48.0059 2568 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
2011/06/02 12:23:48.0137 2568 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
2011/06/02 12:23:48.0272 2568 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/06/02 12:23:48.0364 2568 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/06/02 12:23:48.0449 2568 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/06/02 12:23:48.0522 2568 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/06/02 12:23:48.0592 2568 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/06/02 12:23:48.0624 2568 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/06/02 12:23:48.0674 2568 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/06/02 12:23:48.0699 2568 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/02 12:23:48.0729 2568 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/02 12:23:48.0862 2568 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/06/02 12:23:48.0924 2568 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/06/02 12:23:48.0964 2568 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/06/02 12:23:49.0024 2568 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/06/02 12:23:49.0072 2568 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/06/02 12:23:49.0132 2568 srv (65bbf4920148c2ee279055da7228fc7b) C:\Windows\system32\DRIVERS\srv.sys
2011/06/02 12:23:49.0204 2568 srv2 (da939f762a1ccc2d77428621ddbd40a7) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/02 12:23:49.0272 2568 srvnet (3f847c9dc87299516f7dc82fb6572865) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/02 12:23:49.0439 2568 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/06/02 12:23:49.0509 2568 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/06/02 12:23:49.0662 2568 Tcpip (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys
2011/06/02 12:23:49.0849 2568 TCPIP6 (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/02 12:23:49.0904 2568 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/02 12:23:50.0047 2568 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/06/02 12:23:50.0067 2568 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/06/02 12:23:50.0144 2568 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/02 12:23:50.0227 2568 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/06/02 12:23:50.0354 2568 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
2011/06/02 12:23:50.0412 2568 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/02 12:23:50.0534 2568 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/06/02 12:23:50.0714 2568 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/02 12:23:50.0802 2568 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/06/02 12:23:50.0849 2568 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/02 12:23:50.0944 2568 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/02 12:23:51.0017 2568 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
2011/06/02 12:23:51.0129 2568 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/06/02 12:23:51.0172 2568 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
2011/06/02 12:23:51.0249 2568 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/02 12:23:51.0359 2568 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/06/02 12:23:51.0404 2568 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/02 12:23:51.0542 2568 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
2011/06/02 12:23:51.0622 2568 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/06/02 12:23:51.0642 2568 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/02 12:23:51.0672 2568 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/02 12:23:51.0697 2568 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/02 12:23:51.0742 2568 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/06/02 12:23:51.0809 2568 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/02 12:23:51.0837 2568 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/06/02 12:23:51.0879 2568 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/06/02 12:23:51.0944 2568 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/06/02 12:23:51.0982 2568 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/06/02 12:23:52.0144 2568 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/06/02 12:23:52.0234 2568 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/06/02 12:23:52.0334 2568 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/06/02 12:23:52.0369 2568 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/06/02 12:23:52.0407 2568 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/06/02 12:23:52.0539 2568 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/02 12:23:52.0614 2568 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/02 12:23:52.0684 2568 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/06/02 12:23:52.0727 2568 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/02 12:23:52.0882 2568 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/06/02 12:23:52.0907 2568 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/06/02 12:23:53.0047 2568 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/06/02 12:23:53.0134 2568 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/02 12:23:53.0199 2568 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/06/02 12:23:53.0324 2568 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/02 12:23:53.0439 2568 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/06/02 12:23:53.0469 2568 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
2011/06/02 12:23:53.0474 2568 ================================================================================
2011/06/02 12:23:53.0474 2568 Scan finished
2011/06/02 12:23:53.0474 2568 ================================================================================
2011/06/02 12:23:53.0487 3164 Detected object count: 0
2011/06/02 12:23:53.0487 3164 Actual detected object count: 0



Here's the awrMBR log:

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-06-02 12:24:37
-----------------------------
12:24:37.765 OS Version: Windows x64 6.1.7601 Service Pack 1
12:24:37.765 Number of processors: 2 586 0xF02
12:24:37.767 ComputerName: PUTEY UserName: cat
12:24:38.167 Initialize success
12:24:51.205 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:24:51.208 Disk 0 Vendor: WDC_WD800JD-60LSA5 10.01E03 Size: 76319MB BusType: 3
12:24:51.210 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000006c
12:24:51.213 Disk 1 Vendor: Size: 76319MB BusType: 0
12:24:53.228 Disk 0 MBR read successfully
12:24:53.230 Disk 0 MBR scan
12:24:53.233 Disk 0 Windows 7 default MBR code
12:24:53.238 Service scanning
12:24:54.895 Disk 0 trace - called modules:
12:24:54.900 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8001b3ac10]<<
12:24:54.905 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800279d5d0]
12:24:54.908 Scan finished successfully
12:27:24.639 Disk 0 MBR has been saved successfully to "C:\Users\cat\Desktop\MBR.dat"
12:27:24.639 The log file has been saved successfully to "C:\Users\cat\Desktop\aswMBR.txt"
 
I was unable to find the hdwwiz5.dll file
Click to expand...
In addition to enable hidden files viewing, you have enable system files view, as the file is listed as system file.

p4481539.gif
 
Alright, it's visible now, but it's saying I don't have permission to use the file and that I need to contact the administrator to do so...but that's me.
 
Open Windows Explorer, navigate to that file, copy it, paste it to some other location (like desktop) and upload it from there for scanning.
 
Many thanks, that did the trick. Here are the scan results:

Antivirus Version Last Update Result
AhnLab-V3 2011.06.02.00 2011.06.01 -
AntiVir 7.11.8.241 2011.06.02 TR/Vundo.Gen2
Antiy-AVL 2.0.3.7 2011.06.02 -
Avast 4.8.1351.0 2011.06.01 Win32:Vundo-JN
Avast5 5.0.677.0 2011.06.01 Win32:Vundo-JN
AVG 10.0.0.1190 2011.06.01 -
BitDefender 7.2 2011.06.02 -
CAT-QuickHeal 11.00 2011.06.01 -
ClamAV 0.97.0.0 2011.06.01 -
Commtouch 5.3.2.6 2011.06.02 -
Comodo 8917 2011.06.02 -
DrWeb 5.0.2.03300 2011.06.02 -
Emsisoft 5.1.0.5 2011.06.02 Trojan.Win32.Pirminay!IK
eSafe 7.0.17.0 2011.05.31 -
eTrust-Vet 36.1.8361 2011.06.01 -
F-Prot 4.6.2.117 2011.06.01 -
F-Secure 9.0.16440.0 2011.06.02 -
Fortinet 4.2.257.0 2011.06.01 -
GData 22 2011.06.02 Win32:Vundo-JN
Ikarus T3.1.1.104.0 2011.06.02 Trojan.Win32.Pirminay
Jiangmin 13.0.900 2011.06.01 -
K7AntiVirus 9.104.4750 2011.06.01 -
Kaspersky 9.0.0.837 2011.06.02 -
McAfee 5.400.0.1158 2011.06.02 -
McAfee-GW-Edition 2010.1D 2011.06.02 -
Microsoft 1.6903 2011.06.01 -
NOD32 6172 2011.06.02 -
Norman 6.07.07 2011.06.01 -
nProtect 2011-06-01.01 2011.06.01 -
Panda 10.0.3.5 2011.06.01 Suspicious file
PCTools 7.0.3.5 2011.06.01 -
Prevx 3.0 2011.06.02 -
Rising 23.60.02.03 2011.06.01 -
Sophos 4.65.0 2011.06.02 -
SUPERAntiSpyware 4.40.0.1006 2011.06.02 Trojan.Agent/Gen-Falcomp[RE]
Symantec 20111.1.0.186 2011.06.02 -
TheHacker 6.7.0.1.215 2011.06.01 -
TrendMicro 9.200.0.1012 2011.06.01 -
TrendMicro-HouseCall 9.200.0.1012 2011.06.02 -
VBA32 3.12.16.0 2011.06.01 -
VIPRE 9460 2011.06.02 Trojan.Win32.Kryptik.laq (v)
ViRobot 2011.6.1.4490 2011.06.01 -
VirusBuster 14.0.62.0 2011.06.01 -

Additional information
Show all
MD5 : 57a3df152c24891b8c03ed008c647458
SHA1 : 4e969a17679dce98f8ebd0fd74ff6f024d739c38
SHA256: a95d5aced7a7f9c7d5a7de098d039a90a7f2fa098ae5ac7f9dbbd2f051d4acae
 
Cool :)

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box
  • Click OK
Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
File::
c:\windows\SysWow64\hdwwiz5.dll


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
Here's the log:

ComboFix 11-06-01.04 - cat 02/06/2011 13:33:40.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2023.708 [GMT 10:00]
Running from: c:\users\cat\Desktop\ComboFix.exe
Command switches used :: c:\users\cat\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-05-02 to 2011-06-02 )))))))))))))))))))))))))))))))
.
.
2011-06-02 03:39 . 2011-06-02 03:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-02 01:17 . 2011-06-02 01:25 34560 ----a-w- c:\windows\SysWow64\drivers\Normandy.sys
2011-06-02 01:15 . 2011-06-02 01:18 35712 ----a-w- c:\windows\SysWow64\drivers\BlackBox.sys
2011-06-01 10:07 . 2011-06-01 10:07 -------- d-----w- c:\users\cat\AppData\Local\Opera
2011-06-01 10:07 . 2011-06-01 10:07 -------- d-----w- c:\program files (x86)\Opera
2011-06-01 02:00 . 2011-06-01 02:00 -------- d-----w- c:\program files (x86)\ESET
2011-06-01 01:26 . 2011-06-01 01:26 -------- d-----w- c:\users\cat\AppData\Roaming\TuneUp Software
2011-06-01 01:25 . 2011-06-01 01:27 -------- d-----w- c:\programdata\TuneUp Software
2011-06-01 01:24 . 2011-06-01 01:24 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-06-01 01:16 . 2011-06-01 01:16 -------- d-----w- c:\users\cat\AppData\Roaming\IObit
2011-06-01 00:15 . 2011-06-01 00:15 -------- d-----w- c:\users\cat\AppData\Roaming\SUPERAntiSpyware.com
2011-06-01 00:15 . 2011-06-01 00:15 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-06-01 00:15 . 2011-06-01 00:15 -------- d-----w- c:\programdata\!SASCORE
2011-06-01 00:15 . 2011-06-01 00:16 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-31 07:30 . 2011-05-31 07:30 -------- d-----w- c:\users\cat\AppData\Roaming\Malwarebytes
2011-05-31 07:29 . 2010-12-20 08:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-31 07:29 . 2011-05-31 07:29 -------- d-----w- c:\programdata\Malwarebytes
2011-05-31 07:29 . 2010-12-20 08:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-31 07:29 . 2011-05-31 07:30 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-05-31 07:22 . 2011-05-31 07:22 -------- d-----w- c:\programdata\IObit
2011-05-31 07:22 . 2011-05-31 07:22 -------- d-----w- c:\program files (x86)\IObit
2011-05-31 07:13 . 2011-05-31 07:13 -------- d-----w- c:\windows\Sun
2011-05-31 06:36 . 2011-05-31 06:36 120832 --sha-r- c:\windows\SysWow64\hdwwiz5.dll
2011-05-31 06:26 . 2011-05-31 06:26 -------- d-----w- c:\users\cat\AppData\Roaming\GrabPro
2011-05-31 06:25 . 2011-05-31 06:35 -------- d-----w- C:\Downloads
2011-05-31 06:25 . 2011-05-31 06:25 -------- d-----w- c:\users\cat\AppData\Roaming\ProgSense
2011-05-31 06:25 . 2011-05-31 06:48 -------- d-----w- c:\users\cat\AppData\Roaming\Orbit
2011-05-29 22:59 . 2011-05-29 22:59 -------- d-----w- c:\users\cat\AppData\Roaming\EAC
2011-05-29 22:59 . 2011-05-31 01:53 -------- d-----w- c:\users\cat\AppData\Roaming\AccurateRip
2011-05-29 22:59 . 2011-05-29 22:59 -------- d-----w- c:\program files (x86)\Exact Audio Copy
2011-05-28 15:10 . 2011-06-01 07:19 -------- d-----w- c:\users\cat\AppData\Roaming\vlc
2011-05-28 15:09 . 2011-05-28 15:09 -------- d-----w- c:\program files (x86)\VideoLAN
2011-05-28 00:13 . 2011-05-18 02:37 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5BE31BF9-02D3-493E-A7FE-0F1615F9DA55}\mpengine.dll
2011-05-25 22:50 . 2011-05-25 22:50 -------- d-----w- c:\users\cat\AppData\Roaming\McAfee
2011-05-25 22:14 . 2011-05-25 22:14 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-25 12:24 . 2011-05-31 08:03 -------- d-----w- c:\users\cat\AppData\Local\MediaMonkey
2011-05-25 12:24 . 2011-05-31 08:03 -------- d-----w- c:\program files (x86)\MediaMonkey
2011-05-25 11:48 . 2011-05-25 22:08 -------- d-----w- c:\users\cat\AppData\Roaming\Internode
2011-05-25 11:48 . 2011-05-25 11:48 -------- d-----w- c:\program files (x86)\Internode
2011-05-25 05:59 . 2011-05-25 05:59 -------- d-----w- c:\programdata\Easy CD-DA Extractor
2011-05-25 05:56 . 2011-05-25 05:58 -------- d-----w- c:\program files\Easy CD-DA Extractor 2011
2011-05-25 05:29 . 2011-03-13 01:42 24376 ----a-w- c:\program files (x86)\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll
2011-05-25 02:17 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-25 02:17 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-25 02:17 . 2011-04-09 07:02 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-25 02:17 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-05-25 02:17 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-05-08 04:03 . 2011-05-08 04:03 -------- d-----w- c:\users\cat\screensaver
2011-05-08 03:37 . 2011-05-08 04:02 -------- d-----w- c:\users\cat\wallpapers
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-11 13:18 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-04-11 13:18 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-04-06 06:26 . 2011-04-06 06:26 96544 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 06:26 . 2011-04-06 06:26 69408 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 06:26 . 2011-04-06 06:26 237856 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 06:26 . 2011-04-06 06:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 06:20 . 2011-04-06 06:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-04-06 06:20 . 2011-04-06 06:20 75040 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-04-06 06:20 . 2011-04-06 06:20 197920 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-04-06 06:20 . 2011-04-06 06:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-03-13 01:45 . 2010-12-25 11:45 158832 ----a-w- c:\windows\system32\mfevtps.exe
2011-03-13 01:20 . 2010-12-25 11:57 9984 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-03-13 01:20 . 2010-12-25 11:56 98728 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-03-13 01:20 . 2010-12-25 11:56 75672 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-03-13 01:20 . 2010-12-25 11:56 65128 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-03-13 01:20 . 2010-12-25 11:56 481376 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-03-13 01:20 . 2010-12-25 11:56 281928 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-03-13 01:20 . 2010-12-25 11:56 227856 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-03-13 01:20 . 2010-10-13 11:28 639216 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-03-13 01:20 . 2010-10-13 11:28 156792 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-03-11 06:34 . 2011-04-15 02:00 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 06:34 . 2011-04-15 02:00 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 05:33 . 2011-04-15 02:00 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-03-11 05:33 . 2011-04-15 02:00 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-03-08 06:29 . 2011-04-15 01:59 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-08 05:28 . 2011-04-15 01:59 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-03-07 06:31 . 2011-04-15 02:00 1188864 ----a-w- c:\windows\system32\wininet.dll
2011-03-07 05:33 . 2011-04-15 02:00 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-03-07 04:24 . 2011-04-15 02:00 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-07 03:52 . 2011-04-15 02:00 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((( SnapShot@2011-06-02_01.43.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-24 20:41 . 2011-06-01 23:04 36718 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-06-02 01:52 33870 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-23 21:15 . 2011-06-02 01:52 10000 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3919450576-3435590440-1623751830-1001_UserData.bin
- 2010-12-23 10:00 . 2011-06-02 01:43 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-23 10:00 . 2011-06-02 01:50 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-23 10:00 . 2011-06-02 01:43 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-23 10:00 . 2011-06-02 01:50 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-06-02 01:43 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-06-02 01:50 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-23 21:14 . 2011-06-02 01:51 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-23 21:14 . 2011-06-01 23:03 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-23 21:14 . 2011-06-02 01:51 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-12-23 21:14 . 2011-06-01 23:03 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-12-23 21:14 . 2011-06-01 23:03 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-23 21:14 . 2011-06-02 01:51 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-23 21:14 . 2011-06-02 01:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-23 21:14 . 2011-06-02 03:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-23 21:14 . 2011-06-02 03:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-23 21:14 . 2011-06-02 01:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-06-02 01:43 . 2011-06-02 01:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-06-02 01:50 . 2011-06-02 01:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-06-02 01:43 . 2011-06-02 01:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-06-02 01:50 . 2011-06-02 01:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:12 . 2011-06-02 01:43 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2011-06-02 01:44 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:01 . 2011-06-02 01:49 275056 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-06-02 01:41 275056 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 01:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 01:51 3911776 ----a-w- c:\program files (x86)\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InternodeUsage"="c:\progra~2\INTERN~2\mum.exe" [2011-02-19 1361408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-23 2988928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-05-02 1658440]
"IObit Security 360"="c:\program files (x86)\IObit\IObit Security 360\IS360tray.exe" [2010-06-11 1280344]
.
c:\users\cat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Online Backup Status.lnk - c:\program files (x86)\McAfee Online Backup\MOBKstat.exe [2010-4-13 4178744]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-21 136176]
R3 BlackBox;BlackBox SR2; [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-21 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 Normandy;Normandy SR2; [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384]
S2 IS360service;IS360service;c:\program files (x86)\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-03-13 208272]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 MOBKbackup;McAfee Online Backup;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-04-13 231224]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 82206160
*NewlyCreated* - ASWMBR
*Deregistered* - 82206160
*Deregistered* - aswMBR
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-21 04:21]
.
2011-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-21 04:21]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-13 09:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-13 09:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-13 09:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 363544]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\McAfee\MSC\McSnIePl.dll
FF - ProfilePath - c:\users\cat\AppData\Roaming\Mozilla\Firefox\Profiles\qd58jxsc.default\
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
AddRemove-{E1E502E2-C006-49DB-9C0C-F2196E51826F}_is1 - c:\users\cat\Desktop\MustBeRandomlyNamed\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-06-02 13:41:49
ComboFix-quarantined-files.txt 2011-06-02 03:41
ComboFix2.txt 2011-06-02 01:47
.
Pre-Run: 46,628,519,936 bytes free
Post-Run: 46,580,973,568 bytes free
.
- - End Of File - - 903422AD60117556D6109F8F4D94DC51


Thanks again :)
 
Sorry, I must have done something wrong. How's this one?

ComboFix 11-06-01.05 - cat 02/06/2011 13:51:58.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2023.502 [GMT 10:00]
Running from: c:\users\cat\Desktop\ComboFix.exe
Command switches used :: c:\users\cat\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\SysWow64\hdwwiz5.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\hdwwiz5.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-05-02 to 2011-06-02 )))))))))))))))))))))))))))))))
.
.
2011-06-02 03:56 . 2011-06-02 03:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-02 01:17 . 2011-06-02 01:25 34560 ----a-w- c:\windows\SysWow64\drivers\Normandy.sys
2011-06-02 01:15 . 2011-06-02 01:18 35712 ----a-w- c:\windows\SysWow64\drivers\BlackBox.sys
2011-06-01 10:07 . 2011-06-01 10:07 -------- d-----w- c:\users\cat\AppData\Local\Opera
2011-06-01 10:07 . 2011-06-01 10:07 -------- d-----w- c:\program files (x86)\Opera
2011-06-01 02:00 . 2011-06-01 02:00 -------- d-----w- c:\program files (x86)\ESET
2011-06-01 01:26 . 2011-06-01 01:26 -------- d-----w- c:\users\cat\AppData\Roaming\TuneUp Software
2011-06-01 01:25 . 2011-06-01 01:27 -------- d-----w- c:\programdata\TuneUp Software
2011-06-01 01:24 . 2011-06-01 01:24 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-06-01 01:16 . 2011-06-01 01:16 -------- d-----w- c:\users\cat\AppData\Roaming\IObit
2011-06-01 00:15 . 2011-06-01 00:15 -------- d-----w- c:\users\cat\AppData\Roaming\SUPERAntiSpyware.com
2011-06-01 00:15 . 2011-06-01 00:15 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-06-01 00:15 . 2011-06-01 00:15 -------- d-----w- c:\programdata\!SASCORE
2011-06-01 00:15 . 2011-06-01 00:16 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-31 07:30 . 2011-05-31 07:30 -------- d-----w- c:\users\cat\AppData\Roaming\Malwarebytes
2011-05-31 07:29 . 2010-12-20 08:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-31 07:29 . 2011-05-31 07:29 -------- d-----w- c:\programdata\Malwarebytes
2011-05-31 07:29 . 2010-12-20 08:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-31 07:29 . 2011-05-31 07:30 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-05-31 07:22 . 2011-05-31 07:22 -------- d-----w- c:\programdata\IObit
2011-05-31 07:22 . 2011-05-31 07:22 -------- d-----w- c:\program files (x86)\IObit
2011-05-31 07:13 . 2011-05-31 07:13 -------- d-----w- c:\windows\Sun
2011-05-31 06:26 . 2011-05-31 06:26 -------- d-----w- c:\users\cat\AppData\Roaming\GrabPro
2011-05-31 06:25 . 2011-05-31 06:35 -------- d-----w- C:\Downloads
2011-05-31 06:25 . 2011-05-31 06:25 -------- d-----w- c:\users\cat\AppData\Roaming\ProgSense
2011-05-31 06:25 . 2011-05-31 06:48 -------- d-----w- c:\users\cat\AppData\Roaming\Orbit
2011-05-29 22:59 . 2011-05-29 22:59 -------- d-----w- c:\users\cat\AppData\Roaming\EAC
2011-05-29 22:59 . 2011-05-31 01:53 -------- d-----w- c:\users\cat\AppData\Roaming\AccurateRip
2011-05-29 22:59 . 2011-05-29 22:59 -------- d-----w- c:\program files (x86)\Exact Audio Copy
2011-05-28 15:10 . 2011-06-01 07:19 -------- d-----w- c:\users\cat\AppData\Roaming\vlc
2011-05-28 15:09 . 2011-05-28 15:09 -------- d-----w- c:\program files (x86)\VideoLAN
2011-05-28 00:13 . 2011-05-18 02:37 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5BE31BF9-02D3-493E-A7FE-0F1615F9DA55}\mpengine.dll
2011-05-25 22:50 . 2011-05-25 22:50 -------- d-----w- c:\users\cat\AppData\Roaming\McAfee
2011-05-25 22:14 . 2011-05-25 22:14 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-25 12:24 . 2011-05-31 08:03 -------- d-----w- c:\users\cat\AppData\Local\MediaMonkey
2011-05-25 12:24 . 2011-05-31 08:03 -------- d-----w- c:\program files (x86)\MediaMonkey
2011-05-25 11:48 . 2011-05-25 22:08 -------- d-----w- c:\users\cat\AppData\Roaming\Internode
2011-05-25 11:48 . 2011-05-25 11:48 -------- d-----w- c:\program files (x86)\Internode
2011-05-25 05:59 . 2011-05-25 05:59 -------- d-----w- c:\programdata\Easy CD-DA Extractor
2011-05-25 05:56 . 2011-05-25 05:58 -------- d-----w- c:\program files\Easy CD-DA Extractor 2011
2011-05-25 05:29 . 2011-03-13 01:42 24376 ----a-w- c:\program files (x86)\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll
2011-05-25 02:17 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-25 02:17 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-25 02:17 . 2011-04-09 07:02 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-25 02:17 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-05-25 02:17 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-05-08 04:03 . 2011-05-08 04:03 -------- d-----w- c:\users\cat\screensaver
2011-05-08 03:37 . 2011-05-08 04:02 -------- d-----w- c:\users\cat\wallpapers
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-11 13:18 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-04-11 13:18 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-04-06 06:26 . 2011-04-06 06:26 96544 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 06:26 . 2011-04-06 06:26 69408 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 06:26 . 2011-04-06 06:26 237856 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 06:26 . 2011-04-06 06:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 06:20 . 2011-04-06 06:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-04-06 06:20 . 2011-04-06 06:20 75040 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-04-06 06:20 . 2011-04-06 06:20 197920 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-04-06 06:20 . 2011-04-06 06:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-03-13 01:45 . 2010-12-25 11:45 158832 ----a-w- c:\windows\system32\mfevtps.exe
2011-03-13 01:20 . 2010-12-25 11:57 9984 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-03-13 01:20 . 2010-12-25 11:56 98728 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-03-13 01:20 . 2010-12-25 11:56 75672 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-03-13 01:20 . 2010-12-25 11:56 65128 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-03-13 01:20 . 2010-12-25 11:56 481376 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-03-13 01:20 . 2010-12-25 11:56 281928 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-03-13 01:20 . 2010-12-25 11:56 227856 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-03-13 01:20 . 2010-10-13 11:28 639216 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-03-13 01:20 . 2010-10-13 11:28 156792 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-03-11 06:34 . 2011-04-15 02:00 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 06:34 . 2011-04-15 02:00 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 05:33 . 2011-04-15 02:00 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-03-11 05:33 . 2011-04-15 02:00 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-03-08 06:29 . 2011-04-15 01:59 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-08 05:28 . 2011-04-15 01:59 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-03-07 06:31 . 2011-04-15 02:00 1188864 ----a-w- c:\windows\system32\wininet.dll
2011-03-07 05:33 . 2011-04-15 02:00 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-03-07 04:24 . 2011-04-15 02:00 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-07 03:52 . 2011-04-15 02:00 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((( SnapShot@2011-06-02_01.43.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-24 20:41 . 2011-06-01 23:04 36718 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-06-02 01:52 33870 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-23 21:15 . 2011-06-02 01:52 10000 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3919450576-3435590440-1623751830-1001_UserData.bin
- 2010-12-23 10:00 . 2011-06-02 01:43 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-23 10:00 . 2011-06-02 01:50 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-23 10:00 . 2011-06-02 01:43 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-23 10:00 . 2011-06-02 01:50 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-06-02 01:43 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-06-02 01:50 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-23 21:14 . 2011-06-02 01:51 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-23 21:14 . 2011-06-01 23:03 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-23 21:14 . 2011-06-02 01:51 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-12-23 21:14 . 2011-06-01 23:03 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-12-23 21:14 . 2011-06-01 23:03 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-23 21:14 . 2011-06-02 01:51 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-23 21:14 . 2011-06-02 01:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-23 21:14 . 2011-06-02 03:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-23 21:14 . 2011-06-02 03:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-23 21:14 . 2011-06-02 01:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-06-02 01:43 . 2011-06-02 01:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-06-02 01:50 . 2011-06-02 01:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-06-02 01:43 . 2011-06-02 01:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-06-02 01:50 . 2011-06-02 01:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:12 . 2011-06-02 01:43 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2011-06-02 01:44 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:01 . 2011-06-02 01:49 275056 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-06-02 01:41 275056 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 01:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 01:51 3911776 ----a-w- c:\program files (x86)\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InternodeUsage"="c:\progra~2\INTERN~2\mum.exe" [2011-02-19 1361408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-23 2988928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-05-02 1658440]
"IObit Security 360"="c:\program files (x86)\IObit\IObit Security 360\IS360tray.exe" [2010-06-11 1280344]
.
c:\users\cat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Online Backup Status.lnk - c:\program files (x86)\McAfee Online Backup\MOBKstat.exe [2010-4-13 4178744]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-21 136176]
R3 BlackBox;BlackBox SR2; [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-21 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 Normandy;Normandy SR2; [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384]
S2 IS360service;IS360service;c:\program files (x86)\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-03-13 208272]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 MOBKbackup;McAfee Online Backup;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-04-13 231224]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 82206160
*NewlyCreated* - ASWMBR
*Deregistered* - 82206160
*Deregistered* - aswMBR
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-21 04:21]
.
2011-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-21 04:21]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-13 09:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-13 09:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-13 09:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 363544]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\McAfee\MSC\McSnIePl.dll
FF - ProfilePath - c:\users\cat\AppData\Roaming\Mozilla\Firefox\Profiles\qd58jxsc.default\
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-06-02 13:59:29
ComboFix-quarantined-files.txt 2011-06-02 03:59
ComboFix2.txt 2011-06-02 03:41
ComboFix3.txt 2011-06-02 01:47
.
Pre-Run: 46,625,005,568 bytes free
Post-Run: 46,580,416,512 bytes free
.
- - End Of File - - 5DEC2046639D652FD71384F336678EF2
 
This one is correct :)

How is redirection?
If it's still there, which browser is affected?
 
I'm glad to hear good news, but....

...we need to run couple more tools to make sure, nothing is hiding there.

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Okay, here's the logs.

OTL.txt:

OTL logfile created on: 02/06/2011 14:13:42 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\cat\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.98 Gb Total Physical Memory | 0.60 Gb Available Physical Memory | 30.31% Memory free
3.95 Gb Paging File | 2.40 Gb Available in Paging File | 60.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.53 Gb Total Space | 43.43 Gb Free Space | 58.28% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 71.89 Gb Free Space | 15.43% Space Free | Partition Type: NTFS

Computer Name: PUTEY | User Name: cat | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/02 14:12:20 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\cat\Desktop\OTL.exe
PRC - [2011/06/01 20:07:12 | 000,941,936 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2011/04/11 10:04:10 | 003,466,584 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Security 360\is360.exe
PRC - [2011/04/01 13:48:38 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2011/02/19 12:32:52 | 001,361,408 | ---- | M] (Angus Johnson) -- C:\Program Files (x86)\Internode\mum.exe
PRC - [2011/01/17 18:08:58 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:08:58 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Security 360\is360srv.exe
PRC - [2010/01/15 22:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe


========== Modules (SafeList) ==========

MOD - [2011/06/02 14:12:20 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\cat\Desktop\OTL.exe
MOD - [2010/11/20 21:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/03/17 16:39:40 | 000,501,768 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2011/03/13 11:45:12 | 000,158,832 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2011/03/13 11:37:22 | 000,208,272 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2011/03/13 11:37:06 | 000,197,960 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2009/07/14 11:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2010/04/13 19:11:18 | 000,231,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2010/01/15 22:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/06/11 07:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/16 12:48:56 | 000,228,208 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/03/13 11:20:10 | 000,639,216 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011/03/13 11:20:10 | 000,481,376 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2011/03/13 11:20:10 | 000,281,928 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2011/03/13 11:20:10 | 000,227,856 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2011/03/13 11:20:10 | 000,156,792 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2011/03/13 11:20:10 | 000,098,728 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011/03/13 11:20:10 | 000,075,672 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2011/03/13 11:20:10 | 000,065,128 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/11/20 23:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 23:25:46 | 000,840,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\blackbox.dll -- (BlackBox)
DRV:64bit: - [2010/11/20 21:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/04/13 19:10:24 | 000,066,040 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\MOBK.sys -- (MOBKFilter)
DRV:64bit: - [2009/09/23 18:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/14 11:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 11:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 11:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 09:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/11 06:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/11 06:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express) Intel(R)
DRV:64bit: - [2009/06/11 06:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 06:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 06:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 06:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2011/06/02 11:25:56 | 000,034,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\Normandy.sys -- (Normandy)
DRV - [2011/06/02 11:18:07 | 000,035,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\BlackBox.sys -- (BlackBox)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3919450576-3435590440-1623751830-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-3919450576-3435590440-1623751830-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5F 0A D1 85 EE 1F CC 01 [binary data]
IE - HKU\S-1-5-21-3919450576-3435590440-1623751830-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-3919450576-3435590440-1623751830-1001\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3919450576-3435590440-1623751830-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3919450576-3435590440-1623751830-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/05/27 12:57:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/01 11:54:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/06/01 11:54:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cat\AppData\Roaming\Mozilla\Extensions
[2011/06/01 11:54:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
[2011/05/27 12:57:30 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2011/04/15 02:41:09 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2010/10/13 21:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\components\Scriptff.dll
[2010/01/01 18:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 18:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 18:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 18:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 18:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/06/02 13:56:54 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - File not found
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110525152909.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110525152908.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3919450576-3435590440-1623751830-1001\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files (x86)\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKU\S-1-5-21-3919450576-3435590440-1623751830-1001..\Run: [InternodeUsage] C:\Program Files (x86)\Internode\mum.exe (Angus Johnson)
O4 - Startup: C:\Users\cat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3919450576-3435590440-1623751830-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3919450576-3435590440-1623751830-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3919450576-3435590440-1623751830-1001\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-3919450576-3435590440-1623751830-1001\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3919450576-3435590440-1623751830-1001\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/19 13:10:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/06/02 14:12:19 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\cat\Desktop\OTL.exe
[2011/06/02 14:00:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/06/02 11:50:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/06/02 11:47:41 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/06/02 11:33:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/06/02 11:33:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/06/02 11:33:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/06/02 11:33:37 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/06/02 11:30:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/02 11:17:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rootkit Unhooker LE
[2011/06/01 20:07:24 | 000,000,000 | ---D | C] -- C:\Users\cat\AppData\Roaming\Opera
[2011/06/01 20:07:24 | 000,000,000 | ---D | C] -- C:\Users\cat\AppData\Local\Opera
[2011/06/01 20:07:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2011/06/01 16:17:36 | 000,606,738 | R--- | C] (Swearware) -- C:\Users\cat\Documents\dds.scr
[2011/06/01 12:00:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/06/01 11:26:04 | 000,000,000 | ---D | C] -- C:\Users\cat\AppData\Roaming\TuneUp Software
[2011/06/01 11:25:46 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2011/06/01 11:24:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011/06/01 11:16:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Security 360
[2011/06/01 11:16:16 | 000,000,000 | ---D | C] -- C:\Users\cat\AppData\Roaming\IObit
[2011/06/01 10:15:58 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/05/31 17:30:13 | 000,000,000 | ---D | C] -- C:\Users\cat\AppData\Roaming\Malwarebytes
[2011/05/31 17:29:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/31 17:29:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/31 17:29:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/31 17:29:33 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/05/31 17:29:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/05/31 17:22:49 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2011/05/31 17:22:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2011/05/31 17:13:28 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/05/31 16:26:02 | 000,000,000 | ---D | C] -- C:\Users\cat\AppData\Roaming\GrabPro
[2011/05/31 16:25:49 | 000,000,000 | ---D | C] -- C:\Downloads
[2011/05/31 16:25:48 | 000,000,000 | ---D | C] -- C:\Users\cat\AppData\Roaming\ProgSense
[2011/05/31 16:25:24 | 000,000,000 | ---D | C] -- C:\Users\cat\AppData\Roaming\Orbit
[2011/05/30 09:28:02 | 000,000,000 | ---D | C] -- C:\Users\cat\Documents\EAC logs
[2011/05/30 08:59:31 | 000,000,000 | ---D | C] -- C:\Users\cat\AppData\Roaming\EAC
[2011/05/30 08:59:23 | 000,000,000 | ---D | C] -- C:\Users\cat\AppData\Roaming\AccurateRip
[2011/05/30 08:59:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exact Audio Copy
[2011/05/30 08:59:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Exact Audio Copy
[2011/05/29 01:10:53 | 000,000,000 | ---D | C] -- C:\Users\cat\AppData\Roaming\vlc
[2011/05/29 01:09:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/05/29 01:09:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2011/05/26 08:50:15 | 000,000,000 | ---D | C] -- C:\Users\cat\AppData\Roaming\McAfee
[2011/05/25 22:24:47 | 000,000,000 | ---D | C] -- C:\Users\cat\AppData\Local\MediaMonkey
[2011/05/25 22:24:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MediaMonkey
[2011/05/25 21:48:13 | 000,000,000 | ---D | C] -- C:\Users\cat\AppData\Roaming\Internode
[2011/05/25 21:48:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internode
[2011/05/25 21:48:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Internode
[2011/05/25 15:59:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Easy CD-DA Extractor
[2011/05/25 15:56:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy CD-DA Extractor 2011
[2011/05/25 15:56:35 | 000,000,000 | ---D | C] -- C:\Program Files\Easy CD-DA Extractor 2011
[2011/05/08 14:03:02 | 000,000,000 | ---D | C] -- C:\Users\cat\screensaver
[2011/05/08 13:37:49 | 000,000,000 | ---D | C] -- C:\Users\cat\wallpapers

========== Files - Modified Within 30 Days ==========

[2011/06/02 14:12:20 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\cat\Desktop\OTL.exe
[2011/06/02 13:56:54 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/06/02 13:40:04 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/02 12:20:30 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/02 12:20:30 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/02 11:50:32 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/02 11:50:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/02 11:50:15 | 1591,193,600 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/02 11:41:34 | 000,003,540 | ---- | M] () -- C:\Users\cat\Documents\Document.rtf
[2011/06/02 11:25:56 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2011/06/02 11:18:07 | 000,035,712 | ---- | M] () -- C:\Windows\SysWow64\drivers\BlackBox.sys
[2011/06/01 18:29:16 | 000,002,574 | ---- | M] () -- C:\Windows\MOBK.blk
[2011/06/01 18:29:16 | 000,000,000 | ---- | M] () -- C:\Windows\MOBK.flt
[2011/06/01 16:17:39 | 000,606,738 | R--- | M] (Swearware) -- C:\Users\cat\Documents\dds.scr
[2011/06/01 14:43:06 | 000,302,592 | ---- | M] () -- C:\Users\cat\Documents\y3chfff2.exe
[2011/06/01 11:54:38 | 000,001,151 | -H-- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/06/01 11:47:30 | 000,000,158 | ---- | M] () -- C:\Windows\wininit.ini
[2011/06/01 11:32:32 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/06/01 11:32:32 | 000,619,206 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/06/01 11:32:32 | 000,107,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/05/31 22:31:38 | 000,293,480 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/05/31 01:52:46 | 000,003,887 | -H-- | M] () -- C:\Users\cat\Documents\uni app2.odt
[2011/05/22 18:09:52 | 000,018,942 | ---- | M] () -- C:\Users\cat\Documents\uni app.odt
[2011/05/22 18:09:52 | 000,000,088 | -H-- | M] () -- C:\Users\cat\Documents\.~lock.uni app.odt#
[2011/05/09 22:38:03 | 000,008,802 | ---- | M] () -- C:\Users\cat\Documents\jubilee app.odt

========== Files Created - No Company Name ==========

[2011/06/02 11:41:34 | 000,003,540 | ---- | C] () -- C:\Users\cat\Documents\Document.rtf
[2011/06/02 11:33:44 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/06/02 11:33:44 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/06/02 11:33:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/06/02 11:33:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/06/02 11:33:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/06/02 11:17:59 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2011/06/02 11:15:14 | 000,035,712 | ---- | C] () -- C:\Windows\SysWow64\drivers\BlackBox.sys
[2011/06/01 20:07:16 | 000,001,854 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2011/06/01 14:43:02 | 000,302,592 | ---- | C] () -- C:\Users\cat\Documents\y3chfff2.exe
[2011/06/01 11:54:38 | 000,001,151 | -H-- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/06/01 11:54:37 | 000,001,163 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/06/01 09:50:52 | 000,000,158 | ---- | C] () -- C:\Windows\wininit.ini
[2011/05/31 01:52:45 | 000,003,887 | -H-- | C] () -- C:\Users\cat\Documents\uni app2.odt
[2011/05/26 08:50:07 | 000,002,175 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Virtual Technician.lnk
[2011/05/26 08:29:20 | 000,001,048 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Online Backup Status.lnk
[2011/05/22 18:09:52 | 000,000,088 | -H-- | C] () -- C:\Users\cat\Documents\.~lock.uni app.odt#
[2011/05/22 18:09:50 | 000,018,942 | ---- | C] () -- C:\Users\cat\Documents\uni app.odt
[2011/05/09 22:37:58 | 000,008,802 | ---- | C] () -- C:\Users\cat\Documents\jubilee app.odt
[2010/12/24 10:18:14 | 000,000,065 | ---- | C] () -- C:\Users\cat\AppData\Local\Images.fl
[2009/09/23 18:21:08 | 002,050,952 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/14 15:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 12:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 12:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 10:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 09:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 07:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/11 07:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/05/30 08:59:34 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\EAC
[2011/05/31 16:26:02 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\GrabPro
[2011/05/26 08:08:18 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\Internode
[2011/06/01 11:16:16 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\IObit
[2011/02/07 15:02:25 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\OpenOffice.org
[2011/06/01 20:07:24 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\Opera
[2011/05/31 16:48:33 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\Orbit
[2011/03/15 17:26:52 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\PandoraRecovery
[2011/05/31 16:25:48 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\ProgSense
[2011/06/01 11:26:04 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\TuneUp Software
[2011/06/02 14:21:34 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\uTorrent
[2011/04/28 14:20:58 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\VSO
[2011/04/02 22:33:57 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/08/19 13:10:51 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/09/12 11:37:23 | 000,000,265 | -H-- | M] () -- C:\Boot.BAK
[2010/12/24 06:56:22 | 000,000,295 | RHS- | M] () -- C:\boot.ini
[2010/12/24 14:50:36 | 000,000,408 | RHS- | M] () -- C:\Boot.ini.saved
[2008/08/19 14:29:54 | 000,000,281 | ---- | M] () -- C:\BOOT.NI1
[2010/11/20 22:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2010/12/24 14:50:37 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2004/08/04 08:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/06/02 13:59:29 | 000,020,898 | ---- | M] () -- C:\ComboFix.txt
[2008/08/19 13:10:51 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/06/02 11:50:15 | 1591,193,600 | -HS- | M] () -- C:\hiberfil.sys
[2008/08/19 13:10:51 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/08/19 13:10:51 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/04 08:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2011/06/02 11:50:20 | 2121,592,832 | -HS- | M] () -- C:\pagefile.sys
[2010/12/23 19:26:41 | 000,003,206 | ---- | M] () -- C:\SNPlus.log
[2011/06/02 13:30:41 | 000,062,852 | ---- | M] () -- C:\TDSSKiller.2.5.3.0_02.06.2011_12.23.19_log.txt
[2008/08/20 11:49:55 | 000,512,400 | ---- | M] () -- C:\vcredist_x86.log

< %systemroot%\Fonts\*.com >
[2009/07/14 15:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 15:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 15:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 15:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/11 06:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 14:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/12/23 09:12:47 | 000,000,221 | -HS- | M] () -- C:\Users\cat\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/06/02 14:12:20 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\cat\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/11 07:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/04/11 23:40:32 | 000,000,402 | -HS- | M] () -- C:\Users\cat\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:4769CB2A

< End of report >
 
Extras.txt:

OTL Extras logfile created on: 02/06/2011 14:13:42 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\cat\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.98 Gb Total Physical Memory | 0.60 Gb Available Physical Memory | 30.31% Memory free
3.95 Gb Paging File | 2.40 Gb Available in Paging File | 60.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.53 Gb Total Space | 43.43 Gb Free Space | 58.28% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 71.89 Gb Free Space | 15.43% Space Free | Partition Type: NTFS

Computer Name: PUTEY | User Name: cat | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-3919450576-3435590440-1623751830-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{16DDB3D1-5C27-4599-9C63-E583287191CC}" = iTunes
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}" = Paint.NET v3.5.8
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 24
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{33F8EAD4-B6EC-498B-B487-696B973D1C0C}" = Windows Live Messenger
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{621AF8B2-75D2-4074-BA44-79178A617255}" = Windows Live installer
"{82AF3E91-57E1-4754-84D0-40A46E2479AB}" = OpenOffice.org 3.3
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8969CD6F-5B75-40B9-8701-86ECA4C1F263}_is1" = VSO Image Resizer 4.0.3.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{FBE569CA-BFEB-4E57-A674-F94D938E1AEF}" = e-tax 2010
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"conduitEngine" = Conduit Engine
"Easy CD-DA Extractor 2011" = Easy CD-DA Extractor 2011
"ESET Online Scanner" = ESET Online Scanner v3
"Exact Audio Copy" = Exact Audio Copy 1.0beta2
"Internode Monthly Usage Meter_is1" = Internode Monthly Usage Meter 8.2a
"IObit Security 360_is1" = IObit Security 360
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"McAfee Virtual Technician" = McAfee Virtual Technician
"Mozilla Firefox 4.0.1 (x86 en-GB)" = Mozilla Firefox 4.0.1 (x86 en-GB)
"MSC" = McAfee Total Protection
"Opera 11.11.2109" = Opera 11.11
"PandoraRecovery" = PandoraRecovery (Remove Only)
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"VLC media player" = VLC media player 1.1.9

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 31/05/2011 02:40:27 | Computer Name = putey | Source = Application Error | ID = 1000
Description = Faulting application name: vlc.exe, version: 1.1.9.0, time stamp:
0x4da3a0aa Faulting module name: vlc.exe, version: 1.1.9.0, time stamp: 0x4da3a0aa
Exception
code: 0xc0000005 Fault offset: 0x00001773 Faulting process id: 0xb20 Faulting application
start time: 0x01cc1f5ce78cb162 Faulting application path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
Faulting
module path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe Report Id: de875006-8b50-11e0-b67d-001e0b6985f6

Error - 31/05/2011 02:49:54 | Computer Name = putey | Source = Application Hang | ID = 1002
Description = The program tvp.exe version 1.3.7.1208 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 19e0 Start Time:
01cc1f5ed3f518e5 Termination Time: 45 Application Path: C:\Program Files (x86)\Total
Video Player\tvp.exe Report Id: 2e1411c1-8b52-11e0-b67d-001e0b6985f6

Error - 31/05/2011 21:28:21 | Computer Name = putey | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 2.0.1.4120 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 410 Start
Time: 01cc1ffb157da354 Termination Time: 0 Application Path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Report Id: 66e7537b-8bee-11e0-b9aa-001e0b6985f6

Error - 31/05/2011 21:29:29 | Computer Name = putey | Source = MsiInstaller | ID = 11321
Description =

Error - 01/06/2011 01:35:35 | Computer Name = putey | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 01/06/2011 04:28:57 | Computer Name = putey | Source = VSS | ID = 8194
Description =

Error - 01/06/2011 04:29:30 | Computer Name = putey | Source = VSS | ID = 8194
Description =

Error - 01/06/2011 10:31:49 | Computer Name = putey | Source = Application Hang | ID = 1002
Description = The program wmplayer.exe version 12.0.7601.17514 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: d2c Start
Time: 01cc20687f46e302 Termination Time: 25525 Application Path: C:\Program Files
(x86)\Windows Media Player\wmplayer.exe Report Id: cfd59945-8c5b-11e0-a177-001e0b6985f6


Error - 02/06/2011 00:15:03 | Computer Name = putey | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary SASDIFSV. System Error: The system cannot find the file specified. .

Error - 02/06/2011 00:15:03 | Computer Name = putey | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary SASKUTIL. System Error: The system cannot find the file specified. .

[ System Events ]
Error - 01/06/2011 21:17:59 | Computer Name = putey | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\Normandy.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 01/06/2011 21:25:56 | Computer Name = putey | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\Normandy.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 01/06/2011 21:38:05 | Computer Name = putey | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 01/06/2011 21:41:12 | Computer Name = putey | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 01/06/2011 21:41:19 | Computer Name = putey | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 01/06/2011 23:36:39 | Computer Name = putey | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 01/06/2011 23:39:28 | Computer Name = putey | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 01/06/2011 23:54:24 | Computer Name = putey | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 01/06/2011 23:56:31 | Computer Name = putey | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 01/06/2011 23:56:56 | Computer Name = putey | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.


< End of report >
 
1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

====================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
DRV - [2011/06/02 11:25:56 | 000,034,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\Normandy.sys -- (Normandy)
DRV - [2011/06/02 11:18:07 | 000,035,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\BlackBox.sys -- (BlackBox)
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - File not found
O15 - HKU\S-1-5-21-3919450576-3435590440-1623751830-1001\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-3919450576-3435590440-1623751830-1001\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3919450576-3435590440-1623751830-1001\..Trusted Domains: mcafee.com ([]https in Trusted sites)
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:4769CB2A


:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Status
Not open for further replies.

Similar threads

D
Google is changing how it shows search results to European users
Replies
1
Views
166
Mr Majestyk
M
D
Could Google charge a fee for AI search results? We don't think so.
Replies
16
Views
256
Ecurb
Ecurb
A
New study confirms the obvious, search results are only getting worse
2
Replies
25
Views
476
hahahanoobs
hahahanoobs

Latest posts

Back