benfrank

Members
  • Content count

    13
  • Joined

  • Last visited

About benfrank

  • Rank
    New Member
  1. Thank you for your response to my comments. I appreciate that Malwarebytes cannot cover all operating conditions, although applications that employ digital signal processing (audio or video) are not a uncommon. FWIW, I offer the observation because it may benefit other users who encounter similar issues and they may not necessarily be aware that Malwarebytes can cause long duration DPCs. Malwarebytes has been an excellent complement to Norton Internet Security on my PC and I will continue to use it when not running DSP applications.
  2. FYI, I use PowerSDR, a Software Defined Radio application that is used to operate a Flex 5000A amateur transceiver. This application uses real-time digital signal processing and needs to operate in a Windows environment with reasonably low duration Deferred Procedure Calls (DPC). The application is somewhat similar to digital audio processing products. Using a DPC checking tool while running PowerSDR and several other applications, including Norton Internet Security, I have discovered that Malwarebytes Pro causes long duration DPC's about every 15 to 30 seconds on the order of 6,000 to 18,000 microseconds of latency. DPC's of this duration can cause dropouts of the data stream. With Malwarebytes disabled the maximum DPC is less than 400 microseconds over several minutes of testing. While I have solved this problem by disabling Malwarebytes when the PowerSDR application is in use, this is a less than ideal work-around becasue I also use a web browser while opearting the transceiver. So for what it is worth, this charateristic is undesirable in situations where digitial signal processing applications are running. Your developers might want to take a look at the code to see if it could be made less demanding of system resources. My PC is a Dell 9000 with i7-920 processor, 8GB RAM, and Windows 7 with latest updates.
  3. Thank you -- this procedure resolved the problem.
  4. Hello: Upon a receiving a Malwarebytes message on the Task Bar that an update was ready for installation, I proceeded with the update. However, I got an error message that the installer could not delete mbam.exe. I clicked to abort the update with the intention of stopping Antu-Malware, before running the installer again; however, the Anti-Malware application was apparently deleted from the Start Menu (all programs) Malwarebytes Anti-Malware folder, which displays "(empty)". When I click on the Task Bar icon for Anti-Malware the application will not run and nothing is displayed. In the meantime MBAMservice and mbamgui.exe are shown to be running in Task Manager. My OS is Windows 7 64 bit with latest updates.
  5. Ok thanks. I've implemented all your recommendations. Again, I greatly appreciate the assistance.
  6. Actually, Norton shows that it is quarantined :-)) I can't find any substantive information on kbduserman.dll -- perhaps it was tagged by Norton's heuristic engine as a suspected virus. Whatever it is, my computer seems to be working properly and I have no other issues. Many thanks for your assistance.
  7. Ok -- thanks for the reply. Here are the log files: SystemLook 30.07.11 by jpshortstuff Log created at 18:45 on 15/11/2011 by Larry Administrator - Elevation successful WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results. ========== filefind ========== Searching for "kbduserman.dll" No files found. -= EOF =- Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8171 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 11/15/2011 6:40:15 PM mbam-log-2011-11-15 (18-40-15).txt Scan type: Quick scan Objects scanned: 181453 Time elapsed: 1 minute(s), 55 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  8. Hello: Since my last communications, I removed MacAfee and installed Norton 2012. After that change, Malwarebytes began running automatically when I boot-up. Also, Norton found and quarantined kbduserman.dll. This virus may have also been detected by Malwarebyte when it tried to connect IE with a dangerous site. The following is an entry from the Malwarebytes logs: "IP-BLOCK 64.111.196.114 (Type: outgoing, Port: 49306, Process: rundll32.exe". After this was detected I updated Malwarebyte and Norton and ran full systems scans that resulted in no threats or infections found. Presently, my computer appear to be running well and there are no indications of infections, although given the failure of MacAfee to prevent the infections that brought me here in the first place, I have acquired a strong skepticism regarding the efficacy of anti-virus sofware. I am now running WOT, Spywareblaster, Malwarebytes and Norton 2012. Please let me know if I need to take any further steps to eliminate kbduserman.dll. Thank you very much for your assistance.
  9. Thanks for the follow-up. When I reboot my computer, Malwarebytes Anti-Malware Pro does not automatically start-up as expected. I have Malwarebytes configured to "Start protection module with Windows" (checked box on the Protection form), but it does not run. I must start it manually. I've confirmed after a reboot with Task Manager that the MBAM service is NOT running. After a manual start, the service is spawned as expected and appears in the services table.
  10. Thank you very much for the follow-up. All went well and I have a performed a number of searches with Google with no redirects. After using the trial of Malwarebytes Anti-Malware I purchased a full license and since then the application does not run when Windows 7 starts or restarts. I have in the Protection form unchecked and re-checked "Enable protection module" a couple of times and checked all the other boxes including "Start protection module with Windows". But, the application still does not run when booting up Windows 7. Can you advise me how to resolve this problem? Also, I am running the MacAfee firewall, which has disabled the native Windows Firewall. I assume that is necessary to avoid conflicts. However, should I continue to run Windows Defender? Finally, I got SpywareBlaster from JavaCool and am running that along with Malwarebytes. I will also get WOT later today. Many thanks for your assistance.
  11. Thank you for the follow-up. ESET found three additional infections: tracur.f, tracur.i and B.gen. All apps have been working OK even before running ESET and Security Check, however, since discovering the initial infections with Malwarebytes, I have not been using internet search engines for fear of getting reinfected or getting new infections. I have been using my favorites and have typed in direct links with no problems or redirection. Is it safe to try using Google or Bing again? Also, I see that Java is out of date and assume that needs to be updated. log.txt: ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK checkup.txt: Results of screen317's Security Check version 0.99.24 Windows 7 x64 (UAC is enabled) Internet Explorer 8 Out of date! `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! ESET Online Scanner v3 McAfee SecurityCenter WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java 6 Update 23 Out of date Java installed! Adobe Flash Player ( 10.2.152.26) Flash Player Out of Date! Mozilla Firefox (x86 en-US..) ```````````````````````````````` Process Check: objlist.exe by Laurent Malwarebytes' Anti-Malware mbamservice.exe Malwarebytes' Anti-Malware mbamgui.exe ``````````End of Log````````````
  12. Thank you very much for your reply. I had one issue. I disabled MacAfee for 60 minutes, but combofix rebooted the computer after the scan was complete (about 5 minutes) and then generated the log file. I didn't see in the combofix manual that it mentions the reboot. MacAfee was automatically turned back on with the reboot and it apparently tried to block combofix after the log file was created. I checked ok to run whatever routine it was trying to perform. Here are the requested logs: Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 7990 Windows 6.1.7601 Service Pack 1 Internet Explorer 8.0.7601.17514 10/20/2011 7:21:07 PM mbam-log-2011-10-20 (19-21-07).txt Scan type: Quick scan Objects scanned: 192424 Time elapsed: 7 minute(s), 33 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ComboFix 11-10-24.02 - Larry 10/24/2011 7:27.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.6240 [GMT -4:00] Running from: c:\users\Larry\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\WinPCap c:\programdata\IntelOnlineNotifier.dll c:\users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\sw9njm8h.default\extensions\{fc0aac36-f340-44c1-877f-7d3a377542ab} c:\users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\sw9njm8h.default\extensions\{fc0aac36-f340-44c1-877f-7d3a377542ab}\chrome.manifest c:\users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\sw9njm8h.default\extensions\{fc0aac36-f340-44c1-877f-7d3a377542ab}\chrome\xulcache.jar c:\users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\sw9njm8h.default\extensions\{fc0aac36-f340-44c1-877f-7d3a377542ab}\defaults\preferences\xulcache.js c:\users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\sw9njm8h.default\extensions\{fc0aac36-f340-44c1-877f-7d3a377542ab}\install.rdf c:\users\Larry\Documents\passport.JPG~RF1740e5d1.TMP c:\users\Larry\g2mdlhlpx.exe c:\users\Larry\GoToAssistDownloadHelper.exe c:\windows\system32\jucheck.exe c:\windows\system32\jusched.exe c:\windows\SysWow64\zip32.dll . . ((((((((((((((((((((((((( Files Created from 2011-09-24 to 2011-10-24 ))))))))))))))))))))))))))))))) . . 2011-10-24 11:33 . 2011-10-24 11:33 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-10-21 10:35 . 2011-10-21 10:35 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0755E705-2DF0-41C7-AAED-F44ADC7F406D}\offreg.dll 2011-10-21 10:35 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0755E705-2DF0-41C7-AAED-F44ADC7F406D}\mpengine.dll 2011-10-19 16:56 . 2011-10-19 16:56 -------- d-----w- c:\users\Larry\AppData\Roaming\Malwarebytes 2011-10-19 16:56 . 2011-10-19 16:56 -------- d-----w- c:\programdata\Malwarebytes 2011-10-19 16:56 . 2011-08-31 21:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-10-19 16:56 . 2011-10-19 16:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-10-12 02:30 . 2011-10-06 20:42 28504 ----a-w- c:\program files (x86)\Mozilla Firefox\ScriptFF.dll 2011-10-12 02:30 . 2011-08-15 14:00 9984 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2011-10-12 02:30 . 2011-08-15 14:00 283744 ----a-w- c:\windows\system32\drivers\mfewfpk.sys 2011-10-12 02:30 . 2011-08-15 14:00 75672 ----a-w- c:\windows\system32\drivers\mfenlfk.sys 2011-10-12 02:30 . 2011-08-15 14:00 65128 ----a-w- c:\windows\system32\drivers\cfwids.sys 2011-10-12 02:30 . 2011-08-15 14:00 481504 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2011-10-12 02:30 . 2011-08-15 14:00 228752 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2011-10-12 02:30 . 2011-08-15 14:00 100904 ----a-w- c:\windows\system32\drivers\mferkdet.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-09-06 11:28 . 2011-09-06 11:28 62632 ----a-w- c:\windows\system32\drivers\vrtaucbl.sys 2011-08-19 19:59 . 2011-06-10 11:52 158832 ----a-w- c:\windows\system32\mfevtps.exe 2011-08-15 14:00 . 2011-03-13 15:20 642824 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2011-08-15 14:00 . 2011-03-13 15:20 158584 ----a-w- c:\windows\system32\drivers\mfeapfk.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2011-03-01 144616] "Hercules DJ Series"="c:\program files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe" [2011-01-25 1675048] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-16 1674896] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Squeezebox Server Tray Tool.lnk - c:\program files (x86)\Squeezebox\SqueezeTray.exe [2010-3-10 2351191] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R1 WDMQUA;Service for QUARTET Audio Driver;c:\windows\system32\DRIVERS\wdmqua64.sys [x] R2 CLKMSVC10_1628BCEA;CyberLink Product - 2011/04/12 18:08;c:\program files (x86)\CyberLink\PowerDVD DX\Kernel\BD\NavFilter\kmsvc.exe [2011-03-01 240360] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x] R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x] R3 cpuz130;cpuz130;c:\users\Larry\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x] R3 MADFUTRANSIT;Service for M-Audio Transit DFU;c:\windows\system32\DRIVERS\MAudioTransit_DFU.sys [x] R3 MAUSBTRANSIT;Service for M-Audio Transit;c:\windows\system32\DRIVERS\MAudioTransit.sys [x] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x] R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x] R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x] R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x] R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x] R4 RoxLiveShare10;LiveShare P2P Server 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-06-10 309744] R4 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-10 1124848] R4 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-06-10 166384] R4 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-12-02 656624] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x] S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x] S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2011/04/12 18:08];c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl [2009-05-11 21:59 146928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 HerculesDJControlMP3;Hercules DJ Control MP3;c:\program files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE [2011-03-15 20480] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [2011-08-10 102608] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-06 208272] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x] S2 MotoConnect Service;MotoConnect Service;c:\program files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-06-24 91456] S2 PhoneMyPC_Helper;PhoneMyPC_Helper;c:\program files\SoftwareForMe Inc\PhoneMyPC\PhoneMyPC_Helper.exe [2011-05-05 31232] S2 SqueezeMySQL;SqueezeMySQL;c:\progra~2\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe [2010-12-13 4149248] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys [x] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x] S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [x] S3 evserial;Virtual Serial Ports Driver (Eltima Softwate);c:\windows\system32\DRIVERS\evserial.sys [x] S3 FlexRadio;FlexRadio;c:\windows\system32\Drivers\FlexRadio.sys [x] S3 FlexRadioAudio;FlexRadio Audio;c:\windows\system32\drivers\FlexRadioAudio.sys [x] S3 FlexRadioMidi;FlexRadio MIDI;c:\windows\system32\drivers\FlexRadioMidi.sys [x] S3 HDJMidi;DJ Control MP3 e2 MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);c:\windows\system32\DRIVERS\evsbc.sys [x] . . --- Other Services/Drivers In Memory --- . *Deregistered* - CLKMDRV10_1628BCEA *Deregistered* - mfeavfk01 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000 Trusted Zone: intuit.com\ttlc TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 DPF: {72376E32-8AF2-473F-BE32-E5D0F39C865D} - hxxp://www.cyberlink.com/prog/win7/js/UpdateAdvisor.cab FF - ProfilePath - c:\users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\sw9njm8h.default\ FF - prefs.js: browser.search.selectedEngine - Secure Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-IntelOnlineNotifier - c:\programdata\IntelOnlineNotifier.dll Toolbar-Locked - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}] "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\windows\SysWOW64\rundll32.exe c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files (x86)\Motorola\MotoConnectService\MotoConnect.exe c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe . ************************************************************************** . Completion time: 2011-10-24 07:39:31 - machine was rebooted ComboFix-quarantined-files.txt 2011-10-24 11:39 . Pre-Run: 493,570,056,192 bytes free Post-Run: 495,788,077,056 bytes free . - - End Of File - - A3572F252066B44ADA179EB696EC2CBE . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_23 Run by Larry at 7:49:29 on 2011-10-24 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.6566 [GMT -4:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe C:\Windows\system32\mfevtps.exe C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files\SoftwareForMe Inc\PhoneMyPC\PhoneMyPC_Helper.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\PROGRA~2\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k HPService C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\sppsvc.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\wuauclt.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files\Common Files\McAfee\Core\mchost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111011223024.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SQUEEZ~1.LNK - C:\Program Files (x86)\Squeezebox\SqueezeTray.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: SoftwareSASGeneration = 1 (0x1) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll Trusted Zone: intuit.com\ttlc DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {72376E32-8AF2-473F-BE32-E5D0F39C865D} - hxxp://www.cyberlink.com/prog/win7/js/UpdateAdvisor.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 TCP: Interfaces\{0F478E02-66EE-4BA3-A413-D62BA21F1E60} : DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO-X64: 0x1 - No File BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO-X64: HP Print Enhancer - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll BHO-X64: McAfee Phishing Filter - No File BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO-X64: Search Helper - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111011223024.dll BHO-X64: scriptproxy - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll BHO-X64: HP Smart BHO Class - No File TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun-x64: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\sw9njm8h.default\ FF - prefs.js: browser.search.selectedEngine - Secure Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?] R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?] R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?] R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2011/04/12 18:08:49];C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [2010-3-2 146928] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 HerculesDJControlMP3;Hercules DJ Control MP3;C:\Program Files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE [2011-6-3 20480] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-19 366152] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2011-8-29 102608] R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-6-14 249936] R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-6-14 249936] R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-6-14 249936] R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-10-11 199008] R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-10-11 208272] R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?] R2 MotoConnect Service;MotoConnect Service;C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-7-21 91456] R2 PhoneMyPC_Helper;PhoneMyPC_Helper;C:\Program Files\SoftwareForMe Inc\PhoneMyPC\PhoneMyPC_Helper.exe [2010-8-22 31232] R2 SqueezeMySQL;SqueezeMySQL;C:\PROGRA~2\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe --defaults-file=C:\PROGRA~3\SQUEEZ~1\Cache\my.cnf SqueezeMySQL --> C:\PROGRA~2\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe --defaults-file=C:\PROGRA~3\SQUEEZ~1\Cache\my.cnf SqueezeMySQL [?] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 Bulk;HDJBulk;C:\Windows\system32\Drivers\HDJBulk.sys --> C:\Windows\system32\Drivers\HDJBulk.sys [?] R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?] R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\system32\DRIVERS\vrtaucbl.sys --> C:\Windows\system32\DRIVERS\vrtaucbl.sys [?] R3 evserial;Virtual Serial Ports Driver (Eltima Softwate);C:\Windows\system32\DRIVERS\evserial.sys --> C:\Windows\system32\DRIVERS\evserial.sys [?] R3 FlexRadio;FlexRadio;C:\Windows\system32\Drivers\FlexRadio.sys --> C:\Windows\system32\Drivers\FlexRadio.sys [?] R3 FlexRadioAudio;FlexRadio Audio;C:\Windows\system32\drivers\FlexRadioAudio.sys --> C:\Windows\system32\drivers\FlexRadioAudio.sys [?] R3 FlexRadioMidi;FlexRadio MIDI;C:\Windows\system32\drivers\FlexRadioMidi.sys --> C:\Windows\system32\drivers\FlexRadioMidi.sys [?] R3 HDJMidi;DJ Control MP3 e2 MIDI;C:\Windows\system32\DRIVERS\HDJMidi.sys --> C:\Windows\system32\DRIVERS\HDJMidi.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?] R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);C:\Windows\system32\DRIVERS\evsbc.sys --> C:\Windows\system32\DRIVERS\evsbc.sys [?] S2 CLKMSVC10_1628BCEA;CyberLink Product - 2011/04/12 18:08:46;C:\Program Files (x86)\CyberLink\PowerDVD DX\Kernel\BD\NavFilter\kmsvc.exe [2011-4-12 240360] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SessionLauncher;SessionLauncher;C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?] S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\system32\DRIVERS\motfilt.sys --> C:\Windows\system32\DRIVERS\motfilt.sys [?] S3 MADFUTRANSIT;Service for M-Audio Transit DFU;C:\Windows\system32\DRIVERS\MAudioTransit_DFU.sys --> C:\Windows\system32\DRIVERS\MAudioTransit_DFU.sys [?] S3 MAUSBTRANSIT;Service for M-Audio Transit;C:\Windows\system32\DRIVERS\MAudioTransit.sys --> C:\Windows\system32\DRIVERS\MAudioTransit.sys [?] S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?] S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys --> C:\Windows\system32\DRIVERS\motccgp.sys [?] S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys --> C:\Windows\system32\DRIVERS\motccgpfl.sys [?] S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\system32\DRIVERS\Motousbnet.sys --> C:\Windows\system32\DRIVERS\Motousbnet.sys [?] S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\system32\DRIVERS\motusbdevice.sys --> C:\Windows\system32\DRIVERS\motusbdevice.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?] S4 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-6-10 309744] S4 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-6-10 1124848] S4 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-6-10 166384] S4 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-3-2 656624] . =============== Created Last 30 ================ . 2011-10-24 11:35:31 -------- d-----w- C:\$RECYCLE.BIN 2011-10-24 11:26:36 98816 ----a-w- C:\Windows\sed.exe 2011-10-24 11:26:36 518144 ----a-w- C:\Windows\SWREG.exe 2011-10-24 11:26:36 256000 ----a-w- C:\Windows\PEV.exe 2011-10-24 11:26:36 208896 ----a-w- C:\Windows\MBR.exe 2011-10-24 11:26:33 -------- d-----w- C:\ComboFix 2011-10-21 10:35:57 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0755E705-2DF0-41C7-AAED-F44ADC7F406D}\mpengine.dll 2011-10-21 10:35:57 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0755E705-2DF0-41C7-AAED-F44ADC7F406D}\offreg.dll 2011-10-19 16:56:40 -------- d-----w- C:\Users\Larry\AppData\Roaming\Malwarebytes 2011-10-19 16:56:34 -------- d-----w- C:\ProgramData\Malwarebytes 2011-10-19 16:56:31 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-10-19 16:56:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2011-10-12 02:30:24 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys 2011-10-12 02:30:24 28504 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll 2011-10-12 02:30:19 283744 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys 2011-10-12 02:30:18 75672 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys 2011-10-12 02:30:18 65128 ----a-w- C:\Windows\System32\drivers\cfwids.sys 2011-10-12 02:30:18 481504 ----a-w- C:\Windows\System32\drivers\mfefirek.sys 2011-10-12 02:30:18 228752 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys 2011-10-12 02:30:18 100904 ----a-w- C:\Windows\System32\drivers\mferkdet.sys . ==================== Find3M ==================== . 2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-09-06 11:28:13 62632 ----a-w- C:\Windows\System32\drivers\vrtaucbl.sys 2011-09-06 03:03:17 3138048 ----a-w- C:\Windows\System32\win32k.sys 2011-08-27 05:37:49 861696 ----a-w- C:\Windows\System32\oleaut32.dll 2011-08-27 05:37:48 331776 ----a-w- C:\Windows\System32\oleacc.dll 2011-08-27 04:26:27 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll 2011-08-27 04:26:27 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll 2011-08-20 05:37:58 1188864 ----a-w- C:\Windows\System32\wininet.dll 2011-08-20 04:31:05 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-08-19 19:59:28 158832 ----a-w- C:\Windows\System32\mfevtps.exe 2011-08-17 05:26:46 613888 ----a-w- C:\Windows\System32\psisdecd.dll 2011-08-17 05:25:08 108032 ----a-w- C:\Windows\System32\psisrndr.ax 2011-08-17 04:24:12 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll 2011-08-17 04:19:27 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax 2011-08-15 14:00:06 642824 ----a-w- C:\Windows\System32\drivers\mfehidk.sys 2011-08-15 14:00:06 158584 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys . ============= FINISH: 7:50:25.37 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 3/9/2010 4:49:36 PM System Uptime: 10/24/2011 7:43:20 AM (0 hours ago) . Motherboard: DELL Inc. | | 0X501H Processor: IntelĀ® Core i7 CPU 920 @ 2.67GHz | CPU 1 | 2668/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 587 GiB total, 461.84 GiB free. D: is CDROM () E: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {6bdd1fc1-810f-11d0-bec7-08002be2092f} Description: 1394 OHCI Compliant Host Controller Device ID: PCI\VEN_197B&DEV_2380&SUBSYS_02B71028&REV_00\4&380C3CBC&0&00E4 Manufacturer: 1394 OHCI Compliant Host Controller Name: 1394 OHCI Compliant Host Controller PNP Device ID: PCI\VEN_197B&DEV_2380&SUBSYS_02B71028&REV_00\4&380C3CBC&0&00E4 Service: 1394ohci . ==== System Restore Points =================== . RP153: 9/26/2011 4:47:22 PM - Removed APC PowerChute Personal Edition 3.0 RP154: 9/27/2011 3:45:35 AM - Windows Update RP155: 9/28/2011 3:00:10 AM - Windows Update RP156: 9/29/2011 8:24:09 PM - Installed FlexRadio Systems PowerSDR 2.2.3. RP157: 10/2/2011 12:00:24 AM - Windows Backup RP158: 10/4/2011 8:18:19 AM - Windows Update RP159: 10/9/2011 12:00:21 AM - Windows Backup RP160: 10/11/2011 5:15:01 AM - Windows Update RP161: 10/14/2011 3:00:44 AM - Windows Update RP162: 10/16/2011 12:00:30 AM - Windows Backup RP163: 10/18/2011 2:50:51 AM - Windows Update RP164: 10/21/2011 6:35:36 AM - Windows Update RP165: 10/24/2011 7:26:39 AM - ComboFix created restore point . ==== Installed Programs ====================== . . Update for Microsoft Office 2007 (KB2508958) 7500_7600_7700_Help Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9.2 AGEIA PhysX v7.09.13 Apple Application Support Apple Software Update bpd_scan BPDSoftware BPDSoftware_Ini BufferChm Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Cisco Connect Commander D3DX10 Dell DataSafe Local Backup Dell DataSafe Local Backup - Support Software Dell DataSafe Online Dell Driver Download Manager Dell Getting Started Guide Dell Support Center (Support Software) Destinations DeviceDiscovery DirectXInstallService DocProc DXKeeper DXLabLauncher Fax Fldigi 3.21.9 FlexRadio Systems PowerSDR 2.0.22 FlexRadio Systems PowerSDR 2.2.3 foobar2000 v1.0.2.1 GPBaseService2 Hercules DJ Products Series drivers HP Update HPProductAssistant Java Auto Updater Java 6 Update 23 Junk Mail filter update L7500 Malwarebytes' Anti-Malware version 1.51.2.1300 MarketResearch McAfee SecurityCenter Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable MotoConnect Mozilla Firefox 7.0.1 (x86 en-US) MPM MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Pathfinder PowerDVD DX ProductContext QualXServ Service Agreement QuickTime Realtek High Definition Audio Driver Roxio Activation Module Roxio CinePlayer Decoder Pack Roxio Creator Audio Roxio Creator Copy Roxio Creator Data Roxio Creator Premier Roxio Creator Premier 10 Roxio Creator Tools Roxio Express Labeler 3 Roxio Update Manager Scan Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB2553074) Security Update for 2007 Microsoft Office System (KB2553089) Security Update for 2007 Microsoft Office System (KB2553090) Security Update for 2007 Microsoft Office System (KB2584063) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft Office Access 2007 (KB979440) Security Update for Microsoft Office Excel 2007 (KB2553073) Security Update for Microsoft Office Groove 2007 (KB2552997) Security Update for Microsoft Office InfoPath 2007 (KB2510061) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB2535818) Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623) Security Update for Microsoft Office Publisher 2007 (KB2284697) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) Skins SmartWebPrinting SolutionCenter Spelling Dictionaries Support For Adobe Reader 9 Squeezebox Server 7.5.2 Status Switch Sound File Converter Toolbox TrayApp TurboTax 2009 TurboTax 2009 WinPerFedFormset TurboTax 2009 WinPerReleaseEngine TurboTax 2009 WinPerTaxSupport TurboTax 2009 wmeiper TurboTax 2009 wrapper TurboTax 2010 TurboTax 2010 WinPerFedFormset TurboTax 2010 WinPerReleaseEngine TurboTax 2010 WinPerTaxSupport TurboTax 2010 wmeiper TurboTax 2010 wrapper Update for 2007 Microsoft Office System (KB2284654) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 System (KB2539530) Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB2583910) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update for Outlook 2007 Junk Email Filter (KB2596560) vspMgr 1.0.1 WebReg Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources . ==== Event Viewer Messages From Past Week ======== . 10/24/2011 7:43:48 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: WDMQUA 10/24/2011 7:43:41 AM, Error: Service Control Manager [7000] - The SessionLauncher service failed to start due to the following error: The system cannot find the file specified. 10/24/2011 7:33:49 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 10/24/2011 7:33:18 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 10/24/2011 7:25:17 AM, Error: Service Control Manager [7034] - The SqueezeMySQL service terminated unexpectedly. It has done this 1 time(s). 10/24/2011 7:25:17 AM, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s). 10/24/2011 7:25:17 AM, Error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s). 10/19/2011 1:22:46 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. 10/19/2011 1:18:08 PM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting. 10/19/2011 1:16:17 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. 10/19/2011 1:16:07 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. . ==== End Of File ===========================
  13. Hello: I installed today the latest Malwarebytes Anti_Malware today and after removal of several infected files, my browsers are still being hijacked and redirected to the wrong/spam websites. I am running Windows 7 and MacAfee with latest updates (current as of today). Some attempted redirects are blocked by Anti-Malware but others are not. After removal of the infected files I ran another scan which reported zero files were infected. Any advice or assistance in dealing with this virus/malware infection would be greatly appreciated! Per instructions on this forum I ran dds and produced the following DDS.txt and Attach.txt reports: DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_23 Run by Larry at 15:10:47 on 2011-10-19 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.6317 [GMT -4:00] . AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe C:\Windows\system32\mfevtps.exe C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files\SoftwareForMe Inc\PhoneMyPC\PhoneMyPC_Helper.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\PROGRA~2\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\Windows\system32\svchost.exe -k HPService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\system32\atieclxx.exe C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\System32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\wuauclt.exe C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll mWinlogon: Userinit=userinit.exe, BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111011223024.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [intelOnlineNotifier] rundll32.exe "C:\ProgramData\IntelOnlineNotifier.dll",DllRegisterServer mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SQUEEZ~1.LNK - C:\Program Files (x86)\Squeezebox\SqueezeTray.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) mPolicies-system: SoftwareSASGeneration = 1 (0x1) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll Trusted Zone: intuit.com\ttlc DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {72376E32-8AF2-473F-BE32-E5D0F39C865D} - hxxp://www.cyberlink.com/prog/win7/js/UpdateAdvisor.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 TCP: Interfaces\{0F478E02-66EE-4BA3-A413-D62BA21F1E60} : DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO-X64: 0x1 - No File BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO-X64: HP Print Enhancer - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll BHO-X64: McAfee Phishing Filter - No File BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO-X64: Search Helper - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111011223024.dll BHO-X64: scriptproxy - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll BHO-X64: HP Smart BHO Class - No File TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun-x64: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\sw9njm8h.default\ FF - prefs.js: browser.search.selectedEngine - Secure Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?] R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?] R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?] R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2011/04/12 18:08:49];C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [2010-3-2 146928] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 HerculesDJControlMP3;Hercules DJ Control MP3;C:\Program Files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE [2011-6-3 20480] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-19 366152] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2011-8-29 102608] R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-6-14 249936] R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-6-14 249936] R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-6-14 249936] R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-10-11 199008] R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-10-11 208272] R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?] R2 MotoConnect Service;MotoConnect Service;C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-7-21 91456] R2 PhoneMyPC_Helper;PhoneMyPC_Helper;C:\Program Files\SoftwareForMe Inc\PhoneMyPC\PhoneMyPC_Helper.exe [2010-8-22 31232] R2 SqueezeMySQL;SqueezeMySQL;C:\PROGRA~2\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe --defaults-file=C:\PROGRA~3\SQUEEZ~1\Cache\my.cnf SqueezeMySQL --> C:\PROGRA~2\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe --defaults-file=C:\PROGRA~3\SQUEEZ~1\Cache\my.cnf SqueezeMySQL [?] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 Bulk;HDJBulk;C:\Windows\system32\Drivers\HDJBulk.sys --> C:\Windows\system32\Drivers\HDJBulk.sys [?] R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?] R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\system32\DRIVERS\vrtaucbl.sys --> C:\Windows\system32\DRIVERS\vrtaucbl.sys [?] R3 evserial;Virtual Serial Ports Driver (Eltima Softwate);C:\Windows\system32\DRIVERS\evserial.sys --> C:\Windows\system32\DRIVERS\evserial.sys [?] R3 FlexRadio;FlexRadio;C:\Windows\system32\Drivers\FlexRadio.sys --> C:\Windows\system32\Drivers\FlexRadio.sys [?] R3 FlexRadioAudio;FlexRadio Audio;C:\Windows\system32\drivers\FlexRadioAudio.sys --> C:\Windows\system32\drivers\FlexRadioAudio.sys [?] R3 FlexRadioMidi;FlexRadio MIDI;C:\Windows\system32\drivers\FlexRadioMidi.sys --> C:\Windows\system32\drivers\FlexRadioMidi.sys [?] R3 HDJMidi;DJ Control MP3 e2 MIDI;C:\Windows\system32\DRIVERS\HDJMidi.sys --> C:\Windows\system32\DRIVERS\HDJMidi.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?] R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);C:\Windows\system32\DRIVERS\evsbc.sys --> C:\Windows\system32\DRIVERS\evsbc.sys [?] S2 CLKMSVC10_1628BCEA;CyberLink Product - 2011/04/12 18:08:46;C:\Program Files (x86)\CyberLink\PowerDVD DX\Kernel\BD\NavFilter\kmsvc.exe [2011-4-12 240360] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SessionLauncher;SessionLauncher;C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?] S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\system32\DRIVERS\motfilt.sys --> C:\Windows\system32\DRIVERS\motfilt.sys [?] S3 MADFUTRANSIT;Service for M-Audio Transit DFU;C:\Windows\system32\DRIVERS\MAudioTransit_DFU.sys --> C:\Windows\system32\DRIVERS\MAudioTransit_DFU.sys [?] S3 MAUSBTRANSIT;Service for M-Audio Transit;C:\Windows\system32\DRIVERS\MAudioTransit.sys --> C:\Windows\system32\DRIVERS\MAudioTransit.sys [?] S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?] S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys --> C:\Windows\system32\DRIVERS\motccgp.sys [?] S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys --> C:\Windows\system32\DRIVERS\motccgpfl.sys [?] S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\system32\DRIVERS\Motousbnet.sys --> C:\Windows\system32\DRIVERS\Motousbnet.sys [?] S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\system32\DRIVERS\motusbdevice.sys --> C:\Windows\system32\DRIVERS\motusbdevice.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?] S4 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-6-10 309744] S4 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-6-10 1124848] S4 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-6-10 166384] S4 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-3-2 656624] . =============== Created Last 30 ================ . 2011-10-19 16:56:40 -------- d-----w- C:\Users\Larry\AppData\Roaming\Malwarebytes 2011-10-19 16:56:34 -------- d-----w- C:\ProgramData\Malwarebytes 2011-10-19 16:56:31 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-10-19 16:56:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2011-10-18 19:23:15 201216 ----a-w- C:\ProgramData\IntelOnlineNotifier.dll 2011-10-18 06:51:17 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9DABF2FB-250B-4270-9B34-EDCB27B03931}\offreg.dll 2011-10-18 06:51:16 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9DABF2FB-250B-4270-9B34-EDCB27B03931}\mpengine.dll 2011-10-12 02:30:24 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys 2011-10-12 02:30:24 28504 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll 2011-10-12 02:30:19 283744 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys 2011-10-12 02:30:18 75672 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys 2011-10-12 02:30:18 65128 ----a-w- C:\Windows\System32\drivers\cfwids.sys 2011-10-12 02:30:18 481504 ----a-w- C:\Windows\System32\drivers\mfefirek.sys 2011-10-12 02:30:18 228752 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys 2011-10-12 02:30:18 100904 ----a-w- C:\Windows\System32\drivers\mferkdet.sys . ==================== Find3M ==================== . 2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-09-06 11:28:13 62632 ----a-w- C:\Windows\System32\drivers\vrtaucbl.sys 2011-09-06 03:03:17 3138048 ----a-w- C:\Windows\System32\win32k.sys 2011-08-27 05:37:49 861696 ----a-w- C:\Windows\System32\oleaut32.dll 2011-08-27 05:37:48 331776 ----a-w- C:\Windows\System32\oleacc.dll 2011-08-27 04:26:27 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll 2011-08-27 04:26:27 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll 2011-08-20 05:37:58 1188864 ----a-w- C:\Windows\System32\wininet.dll 2011-08-20 04:31:05 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-08-19 19:59:28 158832 ----a-w- C:\Windows\System32\mfevtps.exe 2011-08-17 05:26:46 613888 ----a-w- C:\Windows\System32\psisdecd.dll 2011-08-17 05:25:08 108032 ----a-w- C:\Windows\System32\psisrndr.ax 2011-08-17 04:24:12 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll 2011-08-17 04:19:27 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax 2011-08-15 14:00:06 642824 ----a-w- C:\Windows\System32\drivers\mfehidk.sys 2011-08-15 14:00:06 158584 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys . ============= FINISH: 15:11:09.08 =============== DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_23 Run by Larry at 15:10:47 on 2011-10-19 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.6317 [GMT -4:00] . AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe C:\Windows\system32\mfevtps.exe C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files\SoftwareForMe Inc\PhoneMyPC\PhoneMyPC_Helper.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\PROGRA~2\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\Windows\system32\svchost.exe -k HPService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\system32\atieclxx.exe C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\System32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\wuauclt.exe C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll mWinlogon: Userinit=userinit.exe, BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111011223024.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [intelOnlineNotifier] rundll32.exe "C:\ProgramData\IntelOnlineNotifier.dll",DllRegisterServer mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SQUEEZ~1.LNK - C:\Program Files (x86)\Squeezebox\SqueezeTray.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) mPolicies-system: SoftwareSASGeneration = 1 (0x1) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll Trusted Zone: intuit.com\ttlc DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {72376E32-8AF2-473F-BE32-E5D0F39C865D} - hxxp://www.cyberlink.com/prog/win7/js/UpdateAdvisor.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 TCP: Interfaces\{0F478E02-66EE-4BA3-A413-D62BA21F1E60} : DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO-X64: 0x1 - No File BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO-X64: HP Print Enhancer - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll BHO-X64: McAfee Phishing Filter - No File BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO-X64: Search Helper - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111011223024.dll BHO-X64: scriptproxy - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll BHO-X64: HP Smart BHO Class - No File TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun-x64: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\sw9njm8h.default\ FF - prefs.js: browser.search.selectedEngine - Secure Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?] R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?] R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?] R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2011/04/12 18:08:49];C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [2010-3-2 146928] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 HerculesDJControlMP3;Hercules DJ Control MP3;C:\Program Files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE [2011-6-3 20480] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-19 366152] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2011-8-29 102608] R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-6-14 249936] R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-6-14 249936] R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-6-14 249936] R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-10-11 199008] R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-10-11 208272] R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?] R2 MotoConnect Service;MotoConnect Service;C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-7-21 91456] R2 PhoneMyPC_Helper;PhoneMyPC_Helper;C:\Program Files\SoftwareForMe Inc\PhoneMyPC\PhoneMyPC_Helper.exe [2010-8-22 31232] R2 SqueezeMySQL;SqueezeMySQL;C:\PROGRA~2\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe --defaults-file=C:\PROGRA~3\SQUEEZ~1\Cache\my.cnf SqueezeMySQL --> C:\PROGRA~2\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe --defaults-file=C:\PROGRA~3\SQUEEZ~1\Cache\my.cnf SqueezeMySQL [?] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 Bulk;HDJBulk;C:\Windows\system32\Drivers\HDJBulk.sys --> C:\Windows\system32\Drivers\HDJBulk.sys [?] R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?] R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\system32\DRIVERS\vrtaucbl.sys --> C:\Windows\system32\DRIVERS\vrtaucbl.sys [?] R3 evserial;Virtual Serial Ports Driver (Eltima Softwate);C:\Windows\system32\DRIVERS\evserial.sys --> C:\Windows\system32\DRIVERS\evserial.sys [?] R3 FlexRadio;FlexRadio;C:\Windows\system32\Drivers\FlexRadio.sys --> C:\Windows\system32\Drivers\FlexRadio.sys [?] R3 FlexRadioAudio;FlexRadio Audio;C:\Windows\system32\drivers\FlexRadioAudio.sys --> C:\Windows\system32\drivers\FlexRadioAudio.sys [?] R3 FlexRadioMidi;FlexRadio MIDI;C:\Windows\system32\drivers\FlexRadioMidi.sys --> C:\Windows\system32\drivers\FlexRadioMidi.sys [?] R3 HDJMidi;DJ Control MP3 e2 MIDI;C:\Windows\system32\DRIVERS\HDJMidi.sys --> C:\Windows\system32\DRIVERS\HDJMidi.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?] R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);C:\Windows\system32\DRIVERS\evsbc.sys --> C:\Windows\system32\DRIVERS\evsbc.sys [?] S2 CLKMSVC10_1628BCEA;CyberLink Product - 2011/04/12 18:08:46;C:\Program Files (x86)\CyberLink\PowerDVD DX\Kernel\BD\NavFilter\kmsvc.exe [2011-4-12 240360] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SessionLauncher;SessionLauncher;C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?] S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\system32\DRIVERS\motfilt.sys --> C:\Windows\system32\DRIVERS\motfilt.sys [?] S3 MADFUTRANSIT;Service for M-Audio Transit DFU;C:\Windows\system32\DRIVERS\MAudioTransit_DFU.sys --> C:\Windows\system32\DRIVERS\MAudioTransit_DFU.sys [?] S3 MAUSBTRANSIT;Service for M-Audio Transit;C:\Windows\system32\DRIVERS\MAudioTransit.sys --> C:\Windows\system32\DRIVERS\MAudioTransit.sys [?] S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?] S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys --> C:\Windows\system32\DRIVERS\motccgp.sys [?] S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys --> C:\Windows\system32\DRIVERS\motccgpfl.sys [?] S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\system32\DRIVERS\Motousbnet.sys --> C:\Windows\system32\DRIVERS\Motousbnet.sys [?] S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\system32\DRIVERS\motusbdevice.sys --> C:\Windows\system32\DRIVERS\motusbdevice.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?] S4 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-6-10 309744] S4 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-6-10 1124848] S4 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-6-10 166384] S4 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-3-2 656624] . =============== Created Last 30 ================ . 2011-10-19 16:56:40 -------- d-----w- C:\Users\Larry\AppData\Roaming\Malwarebytes 2011-10-19 16:56:34 -------- d-----w- C:\ProgramData\Malwarebytes 2011-10-19 16:56:31 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-10-19 16:56:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2011-10-18 19:23:15 201216 ----a-w- C:\ProgramData\IntelOnlineNotifier.dll 2011-10-18 06:51:17 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9DABF2FB-250B-4270-9B34-EDCB27B03931}\offreg.dll 2011-10-18 06:51:16 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9DABF2FB-250B-4270-9B34-EDCB27B03931}\mpengine.dll 2011-10-12 02:30:24 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys 2011-10-12 02:30:24 28504 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll 2011-10-12 02:30:19 283744 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys 2011-10-12 02:30:18 75672 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys 2011-10-12 02:30:18 65128 ----a-w- C:\Windows\System32\drivers\cfwids.sys 2011-10-12 02:30:18 481504 ----a-w- C:\Windows\System32\drivers\mfefirek.sys 2011-10-12 02:30:18 228752 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys 2011-10-12 02:30:18 100904 ----a-w- C:\Windows\System32\drivers\mferkdet.sys . ==================== Find3M ==================== . 2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-09-06 11:28:13 62632 ----a-w- C:\Windows\System32\drivers\vrtaucbl.sys 2011-09-06 03:03:17 3138048 ----a-w- C:\Windows\System32\win32k.sys 2011-08-27 05:37:49 861696 ----a-w- C:\Windows\System32\oleaut32.dll 2011-08-27 05:37:48 331776 ----a-w- C:\Windows\System32\oleacc.dll 2011-08-27 04:26:27 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll 2011-08-27 04:26:27 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll 2011-08-20 05:37:58 1188864 ----a-w- C:\Windows\System32\wininet.dll 2011-08-20 04:31:05 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-08-19 19:59:28 158832 ----a-w- C:\Windows\System32\mfevtps.exe 2011-08-17 05:26:46 613888 ----a-w- C:\Windows\System32\psisdecd.dll 2011-08-17 05:25:08 108032 ----a-w- C:\Windows\System32\psisrndr.ax 2011-08-17 04:24:12 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll 2011-08-17 04:19:27 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax 2011-08-15 14:00:06 642824 ----a-w- C:\Windows\System32\drivers\mfehidk.sys 2011-08-15 14:00:06 158584 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys . ============= FINISH: 15:11:09.08 ===============