TheDoctor152003
Posts: 7 +0
So far, all I've observed are google search results being redirected when clicking the links. No other symptoms yet. I use McAfee Antivirus, in case that's relevant. Requested preliminary logs are all pasted below:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7624
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
8/31/2011 8:58:45 PM
mbam-log-2011-08-31 (20-58-45).txt
Scan type: Quick scan
Objects scanned: 173837
Time elapsed: 13 minute(s), 35 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3Z1Y3ZXH2BYV6W0DCAOJEAPNBIGY (Trojan.SpyEyes) -> Value: 3Z1Y3ZXH2BYV6W0DCAOJEAPNBIGY -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
c:\usxxxxxxxx (Trojan.SpyEyes) -> Quarantined and deleted successfully.
Files Infected:
c:\Users\Steve\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\usxxxxxxxx\161b2756baa7e0f (Trojan.SpyEyes) -> Quarantined and deleted successfully.
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-09-01 07:20:41
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500BEVT-60ZCT1 rev.13.01A13
Running: ywugr39n.exe; Driver: C:\Users\Steve\AppData\Local\Temp\ugloypob.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x88C47D48]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x88C47D72]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x88C47D5E]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x88C47D34]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 87625350
Device \Driver\atapi \Device\Ide\IdePort0 87625350
Device \Driver\atapi \Device\Ide\IdePort1 87625350
Device \Driver\atapi \Device\Ide\IdePort2 87625350
Device \Driver\atapi \Device\Ide\IdePort3 87625350
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 87625350
Device \Driver\VClone \Device\Scsi\VClone1Port5Path0Target0Lun0 876B30F8
Device \Driver\VClone \Device\Scsi\VClone1 876B30F8
AttachedDevice \Driver\tdx \Device\Tcp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/10/2008 11:19:35 AM
System Uptime: 9/1/2011 6:06:43 AM (1 hours ago)
.
Motherboard: Wistron | | 3612
Processor: Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz | CPU | 2166/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 222 GiB total, 90.234 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.827 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
.
µTorrent
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9.1
Adobe Shockwave Player
Alcohol 120%
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
Baldur's Gate(TM) II - Throne of Bhaal (TM)
Bonjour
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Combined Community Codec Pack 2008-09-21 16:18
Compatibility Pack for the 2007 Office system
Conexant HD Audio
Crimson Editor 3.72
CyberLink DVD Suite
dj_sf_software_req
EAX(tm) Unified (SHELL)
ESU for Microsoft Vista
FINAL FANTASY VIII
Google Chrome
GTK+ Runtime 2.12.12 rev a (remove only)
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Deskjet Printer Driver Software 9.0
HP Doc Viewer
HP DVD Play 3.7
HP Help and Support
HP Quick Launch Buttons 6.40 H2
HP Total Care Advisor
HP Update
HP User Guides 0118
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
HPTCSSetup
ImgBurn
Intel(R) Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 26
Java(TM) 6 Update 7
Juno Preloader
LabelPrint
LightScribe System Software 1.14.17.1
Malwarebytes' Anti-Malware version 1.51.1.1800
MATLAB R2006a
McAfee AntiVirus Plus
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Age of Empires
Microsoft Live Search Toolbar
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MiKTeX 2.7
Move Media Player
Mozilla Firefox 6.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
My HP Games
NetWaiting
NetZero Preloader
Neverwinter Nights Gold Edition
Norton Internet Security
Pidgin
Power2Go
PowerDirector
Python 2.6.4
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
SPORE Creature Creator Trial Edition
Synaptics Pointing Device Driver
TeXnicCenter Version 1 Beta 7.01 (Greengrass)
Toolbox
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Office 2007 (KB934528)
VirtualCloneDrive
VLC media player 1.1.5
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
9/1/2011 6:16:02 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2518870).
9/1/2011 6:16:01 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2539636).
9/1/2011 6:09:08 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/29/2011 8:17:33 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
8/28/2011 9:06:43 PM, Error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
8/28/2011 9:04:10 PM, Error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
8/27/2011 9:32:29 AM, Error: Service Control Manager [7034] - The MATLAB Server service terminated unexpectedly. It has done this 1 time(s).
8/26/2011 7:25:55 AM, Error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 1 time(s).
8/25/2011 6:24:26 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the hpqwmiex service to connect.
8/25/2011 6:24:26 AM, Error: Service Control Manager [7000] - The hpqwmiex service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/25/2011 6:24:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service hpqwmiex with arguments "" in order to run the server: {F5539356-2F02-40D4-999E-FA61F45FE12E}
.
==== End Of File ===========================
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_26
Run by Steve at 7:26:23 on 2011-09-01
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1978.850 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\MATLAB\R2006a\webserver\bin\win32\matlabserver.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\MATLAB\R2006a\bin\win32\MATLAB.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110828210133.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [Google Update] "c:\users\steve\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [xggjwkav] rundll32 "c:\users\steve\appdata\roaming\SCP32F.dll",Zrdrceko
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{705F09E2-C31B-4BE5-B8FD-B98333A1B7F2} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{7DB687C1-18C6-4ADA-ADA5-3CAFB1A98A5A} : DhcpNameServer = 192.168.2.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\steve\appdata\roaming\mozilla\firefox\profiles\rwb69frk.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\steve\appdata\local\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\users\steve\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\steve\appdata\roaming\move networks\plugins\npqmp071505000010.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-2-14 459728]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-1-6 64648]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-1-6 163400]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-2-15 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-6 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-6 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-6 214904]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-1-6 165000]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-1-6 159832]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-1-6 148520]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-23 365952]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-1-6 57432]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-23 193840]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-2-14 179248]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-1-6 337912]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-2-14 59288]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-1-6 85984]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-2-14 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-2-14 40552]
.
=============== Created Last 30 ================
.
2011-09-01 01:43:24 -------- d-----w- c:\users\steve\appdata\roaming\Malwarebytes
2011-09-01 01:43:19 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-01 01:43:15 -------- d-----w- c:\programdata\Malwarebytes
2011-09-01 01:43:10 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-01 01:43:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-30 22:43:28 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-08-30 22:42:04 -------- d-----w- c:\programdata\Hitman Pro
2011-08-29 02:01:33 24376 ----a-w- c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll
2011-08-28 16:55:16 62976 --sha-r- c:\users\steve\appdata\roaming\SCP32F.dll
2011-08-23 23:28:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-23 01:48:04 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll
2011-08-23 01:48:04 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll
2011-08-23 01:48:04 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll
2011-08-23 01:48:04 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll
2011-08-23 01:48:04 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll
2011-08-23 01:48:03 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll
2011-08-23 01:46:30 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-08-23 01:46:30 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-08-23 01:44:19 -------- d-----w- c:\program files\iPod
2011-08-23 01:44:15 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-08-23 01:44:15 -------- d-----w- c:\program files\iTunes
2011-08-23 01:41:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-08-23 01:41:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-08-23 01:41:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-08-23 01:41:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-08-23 01:41:22 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-08-23 01:41:22 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-08-23 01:41:22 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-08-23 01:31:28 -------- d-----w- c:\program files\Bonjour
2011-08-09 23:33:45 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-09 23:33:45 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-09 23:33:42 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
==================== Find3M ====================
.
2011-07-22 13:54:40 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-19 00:49:13 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-12 16:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 16:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 16:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-06 15:31:47 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-05 23:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 23:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-06-21 15:49:52 834048 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 14:13:51 389632 ----a-w- c:\windows\system32\html.iec
2011-06-17 16:03:18 375808 ----a-w- c:\windows\system32\winsrv.dll
.
============= FINISH: 7:27:02.75 ===============
Thanks in advance for your support.
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7624
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
8/31/2011 8:58:45 PM
mbam-log-2011-08-31 (20-58-45).txt
Scan type: Quick scan
Objects scanned: 173837
Time elapsed: 13 minute(s), 35 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3Z1Y3ZXH2BYV6W0DCAOJEAPNBIGY (Trojan.SpyEyes) -> Value: 3Z1Y3ZXH2BYV6W0DCAOJEAPNBIGY -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
c:\usxxxxxxxx (Trojan.SpyEyes) -> Quarantined and deleted successfully.
Files Infected:
c:\Users\Steve\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\usxxxxxxxx\161b2756baa7e0f (Trojan.SpyEyes) -> Quarantined and deleted successfully.
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-09-01 07:20:41
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500BEVT-60ZCT1 rev.13.01A13
Running: ywugr39n.exe; Driver: C:\Users\Steve\AppData\Local\Temp\ugloypob.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x88C47D48]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x88C47D72]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x88C47D5E]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x88C47D34]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 87625350
Device \Driver\atapi \Device\Ide\IdePort0 87625350
Device \Driver\atapi \Device\Ide\IdePort1 87625350
Device \Driver\atapi \Device\Ide\IdePort2 87625350
Device \Driver\atapi \Device\Ide\IdePort3 87625350
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 87625350
Device \Driver\VClone \Device\Scsi\VClone1Port5Path0Target0Lun0 876B30F8
Device \Driver\VClone \Device\Scsi\VClone1 876B30F8
AttachedDevice \Driver\tdx \Device\Tcp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/10/2008 11:19:35 AM
System Uptime: 9/1/2011 6:06:43 AM (1 hours ago)
.
Motherboard: Wistron | | 3612
Processor: Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz | CPU | 2166/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 222 GiB total, 90.234 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.827 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
.
µTorrent
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9.1
Adobe Shockwave Player
Alcohol 120%
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
Baldur's Gate(TM) II - Throne of Bhaal (TM)
Bonjour
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Combined Community Codec Pack 2008-09-21 16:18
Compatibility Pack for the 2007 Office system
Conexant HD Audio
Crimson Editor 3.72
CyberLink DVD Suite
dj_sf_software_req
EAX(tm) Unified (SHELL)
ESU for Microsoft Vista
FINAL FANTASY VIII
Google Chrome
GTK+ Runtime 2.12.12 rev a (remove only)
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Deskjet Printer Driver Software 9.0
HP Doc Viewer
HP DVD Play 3.7
HP Help and Support
HP Quick Launch Buttons 6.40 H2
HP Total Care Advisor
HP Update
HP User Guides 0118
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
HPTCSSetup
ImgBurn
Intel(R) Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 26
Java(TM) 6 Update 7
Juno Preloader
LabelPrint
LightScribe System Software 1.14.17.1
Malwarebytes' Anti-Malware version 1.51.1.1800
MATLAB R2006a
McAfee AntiVirus Plus
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Age of Empires
Microsoft Live Search Toolbar
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MiKTeX 2.7
Move Media Player
Mozilla Firefox 6.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
My HP Games
NetWaiting
NetZero Preloader
Neverwinter Nights Gold Edition
Norton Internet Security
Pidgin
Power2Go
PowerDirector
Python 2.6.4
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
SPORE Creature Creator Trial Edition
Synaptics Pointing Device Driver
TeXnicCenter Version 1 Beta 7.01 (Greengrass)
Toolbox
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Office 2007 (KB934528)
VirtualCloneDrive
VLC media player 1.1.5
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
9/1/2011 6:16:02 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2518870).
9/1/2011 6:16:01 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2539636).
9/1/2011 6:09:08 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/29/2011 8:17:33 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
8/28/2011 9:06:43 PM, Error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
8/28/2011 9:04:10 PM, Error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
8/27/2011 9:32:29 AM, Error: Service Control Manager [7034] - The MATLAB Server service terminated unexpectedly. It has done this 1 time(s).
8/26/2011 7:25:55 AM, Error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 1 time(s).
8/25/2011 6:24:26 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the hpqwmiex service to connect.
8/25/2011 6:24:26 AM, Error: Service Control Manager [7000] - The hpqwmiex service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/25/2011 6:24:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service hpqwmiex with arguments "" in order to run the server: {F5539356-2F02-40D4-999E-FA61F45FE12E}
.
==== End Of File ===========================
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_26
Run by Steve at 7:26:23 on 2011-09-01
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1978.850 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\MATLAB\R2006a\webserver\bin\win32\matlabserver.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\MATLAB\R2006a\bin\win32\MATLAB.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110828210133.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [Google Update] "c:\users\steve\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [xggjwkav] rundll32 "c:\users\steve\appdata\roaming\SCP32F.dll",Zrdrceko
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{705F09E2-C31B-4BE5-B8FD-B98333A1B7F2} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{7DB687C1-18C6-4ADA-ADA5-3CAFB1A98A5A} : DhcpNameServer = 192.168.2.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\steve\appdata\roaming\mozilla\firefox\profiles\rwb69frk.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\steve\appdata\local\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\users\steve\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\steve\appdata\roaming\move networks\plugins\npqmp071505000010.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-2-14 459728]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-1-6 64648]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-1-6 163400]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-2-15 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-6 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-6 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-6 214904]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-1-6 165000]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-1-6 159832]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-1-6 148520]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-23 365952]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-1-6 57432]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-23 193840]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-2-14 179248]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-1-6 337912]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-2-14 59288]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-1-6 85984]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-2-14 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-2-14 40552]
.
=============== Created Last 30 ================
.
2011-09-01 01:43:24 -------- d-----w- c:\users\steve\appdata\roaming\Malwarebytes
2011-09-01 01:43:19 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-01 01:43:15 -------- d-----w- c:\programdata\Malwarebytes
2011-09-01 01:43:10 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-01 01:43:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-30 22:43:28 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-08-30 22:42:04 -------- d-----w- c:\programdata\Hitman Pro
2011-08-29 02:01:33 24376 ----a-w- c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll
2011-08-28 16:55:16 62976 --sha-r- c:\users\steve\appdata\roaming\SCP32F.dll
2011-08-23 23:28:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-23 01:48:04 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll
2011-08-23 01:48:04 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll
2011-08-23 01:48:04 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll
2011-08-23 01:48:04 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll
2011-08-23 01:48:04 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll
2011-08-23 01:48:03 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll
2011-08-23 01:46:30 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-08-23 01:46:30 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-08-23 01:44:19 -------- d-----w- c:\program files\iPod
2011-08-23 01:44:15 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-08-23 01:44:15 -------- d-----w- c:\program files\iTunes
2011-08-23 01:41:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-08-23 01:41:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-08-23 01:41:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-08-23 01:41:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-08-23 01:41:22 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-08-23 01:41:22 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-08-23 01:41:22 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-08-23 01:31:28 -------- d-----w- c:\program files\Bonjour
2011-08-09 23:33:45 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-09 23:33:45 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-09 23:33:42 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
==================== Find3M ====================
.
2011-07-22 13:54:40 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-19 00:49:13 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-12 16:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 16:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 16:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-06 15:31:47 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-05 23:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 23:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-06-21 15:49:52 834048 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 14:13:51 389632 ----a-w- c:\windows\system32\html.iec
2011-06-17 16:03:18 375808 ----a-w- c:\windows\system32\winsrv.dll
.
============= FINISH: 7:27:02.75 ===============
Thanks in advance for your support.