Hi - I have some kind of problem with security on my laptop as my ebay account and possibly email accounts have been compromised.
I have been running McAfee constantly and no alerts and have run virus scan and malware bytes and no alerts. I followed the steps in the revised 8 step virus/spyware removal and I include the info as required below so that hopefully someone can help me.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4488
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
27/08/2010 11:01:35 PM
mbam-log-2010-08-27 (23-01-35).txt
Scan type: Quick scan
Objects scanned: 130830
Time elapsed: 11 minute(s), 36 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
DDS (Ver_10-03-17.01) - NTFSx86
Run by Jenni at 23:05:48.20 on Fri 27/08/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.1790.1004 [GMT 10:00]
============== Running Processes ===============
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\Dwm.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\windows\system32\rundll32.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
C:\windows\SYSTEM32\Rezip.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\wuauclt.exe
C:\windows\System32\rundll32.exe
C:\windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\explorer.exe
C:\Users\Jenni\Downloads\dds.scr
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com.au/ig?hl=en&source=iglk
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100820235027.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 10\Snagit32.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\jenni\appdata\roaming\mozilla\firefox\profiles\2hxks07h.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - component: c:\program files\mozilla firefox\components\Scriptff.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\citrix\access gateway\npcagse.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\jenni\appdata\roaming\mozilla\plugins\npatgpc.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
============= SERVICES / DRIVERS ===============
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-9-22 385880]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-8-20 64304]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-8-20 160720]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2009-9-22 10752]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 cag;Citrix cag plugin for Access Gateway;c:\program files\common files\deterministic networks\common files\cag.sys [2009-8-10 78360]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-6-23 93320]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-20 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-20 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-20 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-20 170144]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-20 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-20 141792]
R2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\samsung casual games\gameconsole\OberonGameConsoleService.exe [2009-9-22 44312]
R2 Rezip;Rezip;c:\windows\system32\Rezip.exe [2009-9-22 311296]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-20 55456]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-9-22 152320]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-9-22 51688]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-20 312616]
R3 NETGEARUHOST;NETGEAR Network USB Host Controller;c:\windows\system32\drivers\NETGEARUHOST.sys [2009-12-7 13824]
R3 NETGEARUHUB;NETGEAR Network USB Root Hub;c:\windows\system32\drivers\NETGEARUHUB.sys [2009-12-7 35840]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-8-21 66592]
R3 rtl819xp;Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\drivers\rtl819xp.sys [2009-9-22 538624]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-2-21 25704]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-6-15 313856]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-12-5 29472]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2009-9-22 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-20 83496]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-9-22 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-9-22 40552]
S3 NETGEARUCOMP;NETGEAR Network USB Composite Device;c:\windows\system32\drivers\NETGEARUCOMP.sys [2009-12-7 14336]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-11 139776]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-7 1343400]
=============== Created Last 30 ================
2010-08-26 13:25:01 0 d-----w- c:\users\jenni\appdata\roaming\Malwarebytes
2010-08-26 13:24:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-26 13:24:38 0 d-----w- c:\programdata\Malwarebytes
2010-08-26 13:24:37 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-26 13:24:37 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-25 09:24:31 571904 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-20 13:50:27 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-08-20 13:49:40 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-08-20 13:49:40 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-08-20 13:49:40 160720 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-08-20 13:49:39 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-08-20 13:49:39 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-08-20 13:49:39 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-08-12 22:06:26 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-03 12:12:37 0 d-----w- c:\programdata\TechSmith
2010-08-01 05:39:38 0 d-----w- c:\program files\etax2010
2010-07-31 11:33:21 0 d-----w- C:\etax2009
==================== Find3M ====================
2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-21 18:36:29 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-19 06:33:29 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33:29 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23:50 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 04:07:18 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-06-16 05:48:35 224256 ----a-w- c:\windows\system32\schannel.dll
2010-06-08 06:02:06 1233920 ----a-w- c:\windows\system32\msxml3.dll
2010-06-03 02:41:44 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
============= FINISH: 23:08:06.54 ===============
I wasn't sure about adding the DDS attach ? should I also just cut and paste that into the thread ?
I have been running McAfee constantly and no alerts and have run virus scan and malware bytes and no alerts. I followed the steps in the revised 8 step virus/spyware removal and I include the info as required below so that hopefully someone can help me.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4488
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
27/08/2010 11:01:35 PM
mbam-log-2010-08-27 (23-01-35).txt
Scan type: Quick scan
Objects scanned: 130830
Time elapsed: 11 minute(s), 36 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
DDS (Ver_10-03-17.01) - NTFSx86
Run by Jenni at 23:05:48.20 on Fri 27/08/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.1790.1004 [GMT 10:00]
============== Running Processes ===============
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\Dwm.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\windows\system32\rundll32.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
C:\windows\SYSTEM32\Rezip.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\wuauclt.exe
C:\windows\System32\rundll32.exe
C:\windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\explorer.exe
C:\Users\Jenni\Downloads\dds.scr
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com.au/ig?hl=en&source=iglk
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100820235027.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 10\Snagit32.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\jenni\appdata\roaming\mozilla\firefox\profiles\2hxks07h.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - component: c:\program files\mozilla firefox\components\Scriptff.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\citrix\access gateway\npcagse.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\jenni\appdata\roaming\mozilla\plugins\npatgpc.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
============= SERVICES / DRIVERS ===============
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-9-22 385880]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-8-20 64304]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-8-20 160720]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2009-9-22 10752]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 cag;Citrix cag plugin for Access Gateway;c:\program files\common files\deterministic networks\common files\cag.sys [2009-8-10 78360]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-6-23 93320]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-20 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-20 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-20 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-20 170144]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-20 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-20 141792]
R2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\samsung casual games\gameconsole\OberonGameConsoleService.exe [2009-9-22 44312]
R2 Rezip;Rezip;c:\windows\system32\Rezip.exe [2009-9-22 311296]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-20 55456]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-9-22 152320]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-9-22 51688]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-20 312616]
R3 NETGEARUHOST;NETGEAR Network USB Host Controller;c:\windows\system32\drivers\NETGEARUHOST.sys [2009-12-7 13824]
R3 NETGEARUHUB;NETGEAR Network USB Root Hub;c:\windows\system32\drivers\NETGEARUHUB.sys [2009-12-7 35840]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-8-21 66592]
R3 rtl819xp;Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\drivers\rtl819xp.sys [2009-9-22 538624]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-2-21 25704]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-6-15 313856]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-12-5 29472]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2009-9-22 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-20 83496]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-9-22 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-9-22 40552]
S3 NETGEARUCOMP;NETGEAR Network USB Composite Device;c:\windows\system32\drivers\NETGEARUCOMP.sys [2009-12-7 14336]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-11 139776]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-7 1343400]
=============== Created Last 30 ================
2010-08-26 13:25:01 0 d-----w- c:\users\jenni\appdata\roaming\Malwarebytes
2010-08-26 13:24:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-26 13:24:38 0 d-----w- c:\programdata\Malwarebytes
2010-08-26 13:24:37 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-26 13:24:37 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-25 09:24:31 571904 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-20 13:50:27 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-08-20 13:49:40 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-08-20 13:49:40 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-08-20 13:49:40 160720 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-08-20 13:49:39 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-08-20 13:49:39 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-08-20 13:49:39 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-08-12 22:06:26 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-03 12:12:37 0 d-----w- c:\programdata\TechSmith
2010-08-01 05:39:38 0 d-----w- c:\program files\etax2010
2010-07-31 11:33:21 0 d-----w- C:\etax2009
==================== Find3M ====================
2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-21 18:36:29 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-19 06:33:29 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33:29 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23:50 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 04:07:18 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-06-16 05:48:35 224256 ----a-w- c:\windows\system32\schannel.dll
2010-06-08 06:02:06 1233920 ----a-w- c:\windows\system32\msxml3.dll
2010-06-03 02:41:44 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
============= FINISH: 23:08:06.54 ===============
I wasn't sure about adding the DDS attach ? should I also just cut and paste that into the thread ?