Sign in to follow this  
Followers 0


28 posts in this topic

Recently I've been getting redirected to this clearly bogus site and a thorough Google search has led me to believe this is a virus. I've experience it on both Chrome and Firefox. I've done multiple malware/virus searches and it's still happening.

Any and all advise will be greatly appreciated.

I apologize, here are the requested logs.


DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 10.5.1

Run by Alicia at 23:25:54 on 2012-06-23

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3962.1225 [GMT -4:00]


AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}


============== Running Processes ===============




C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs


C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService



C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe



C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe




C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe


C:\Program Files\Windows Defender\MSASCui.exe



C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe


C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Sony\VAIO Power Management\SPMService.exe

C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe

C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe

C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup



C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe


C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe


C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe


C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files (x86)\Sony\VAIO Event Service\VESGfxMgr.exe

C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe




C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe



C:\Program Files\\Agent\mcagent.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe


C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe

C:\Program Files\McAfee\VirusScan\mcods.exe



C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe







============== Pseudo HJT Report ===============


uDefault_Page_URL = hxxp://

uStart Page = hxxp://

mStart Page = hxxp://

mDefault_Page_URL = hxxp://

mDefault_Search_URL = hxxp://*

mSearch Page = hxxp://*

mSearch Bar = hxxp://*

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120427201355.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\\GenericAskToolbar.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

uRunOnce: [blekkotb] reg.exe delete "HKCU\Software\AppDataLow\Software\blekkotb" /f

uRunOnce: [blekkotb_XP] reg.exe delete "HKCU\Software\blekkotb" /f

uRunOnce: [blekkotb_DATA_FOLDER] cmd.exe /c rmdir "C:\ProgramData\Anti-phishing Domain Advisor" /s /q

uRunOnce: [blekkotb_INSTALL_FOLDER] cmd.exe /c rmdir "C:\Users\Alicia\AppData\Local\blekkotb" /s /q

uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10s_Plugin.exe -update plugin

mRun: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

mRun: [VAIOMyMemCenter] "C:\Program Files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe" 1

mRun: [VWLASU] "C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe"

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [mcui_exe] "C:\Program Files\\Agent\mcagent.exe" /runkey

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRunOnce: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent

StartupFolder: C:\Users\Alicia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

Trusted Zone:

Trusted Zone:

Trusted Zone:

Trusted Zone:

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://


TCP: DhcpNameServer =

TCP: Interfaces\{1E42561D-F5F3-4104-A2FE-B9DDC19753D3} : DhcpNameServer =

TCP: Interfaces\{71C35341-B0AE-4A19-8C6F-55925B0AE5D8} : DhcpNameServer =

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Notify: VESWinlogon - VESWinlogon.dll

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO-X64: McAfee Phishing Filter - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120427201355.dll

BHO-X64: scriptproxy - No File

BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\\GenericAskToolbar.dll

BHO-X64: Ask Toolbar BHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\\GenericAskToolbar.dll

TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

mRun-x64: [VAIOMyMemCenter] "C:\Program Files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe" 1

mRun-x64: [VWLASU] "C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe"

mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun-x64: [mcui_exe] "C:\Program Files\\Agent\mcagent.exe" /runkey

mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRunOnce-x64: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm


================= FIREFOX ===================


FF - ProfilePath - C:\Users\Alicia\AppData\Roaming\Mozilla\Firefox\Profiles\axjzwob7.default\

FF - prefs.js: - hxxp://{searchTerms}

FF - prefs.js: keyword.URL - hxxp://

FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\\npGoogleOneClick8.dll

FF - plugin: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMyGames.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll

FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll

FF - plugin: C:\Windows\system32\TVUAx\npTVUAx.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll



FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.homepage.dontask, true);user_pref(network.protocol-handler.warn-external.dnupdate, false

FF - user.js: browser.sessionstore.resume_from_crash - false

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

============= SERVICES / DRIVERS ===============


R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]

R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

R1 SBRE;SBRE;\??\C:\Windows\system32\drivers\SBREdrv.sys --> C:\Windows\system32\drivers\SBREdrv.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]

R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2010-6-29 102608]

R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-2 249936]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-2 249936]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-2 249936]

R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-8-2 199272]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-8-2 210584]

R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]

R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]

R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]

R3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

R3 NETw5v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit ;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]

R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]

R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-4 135664]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-8-18 2152152]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-4 135664]

S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys --> C:\Windows\system32\DRIVERS\ManyCam_x64.sys [?]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]

S3 Point64;Microsoft IntelliPoint Filter Driver;C:\Windows\system32\DRIVERS\point64k.sys --> C:\Windows\system32\DRIVERS\point64k.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-18 89920]


=============== Created Last 30 ================


2012-06-24 02:51:51 116016 ----a-w- C:\Windows\System32\drivers\05706613.sys

2012-06-24 02:51:50 -------- d-----w- C:\TDSSKiller_Quarantine

2012-06-24 00:13:23 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-06-22 22:05:52 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{40C954DD-67AC-412E-85E5-25568FCE8A96}\offreg.dll

2012-06-22 10:15:13 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{40C954DD-67AC-412E-85E5-25568FCE8A96}\mpengine.dll

2012-06-19 04:14:05 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-19 04:13:16 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-19 04:13:16 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe

2012-06-19 04:13:16 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-19 04:13:16 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll

2012-06-17 17:05:25 -------- d-----w- C:\Program Files (x86)\Oracle

2012-06-17 17:04:30 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-06-17 01:46:25 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot

2012-06-17 01:44:07 -------- d-----w- C:\ProgramData\FreeRIP

2012-06-17 01:26:39 -------- d-----w- C:\ProgramData\blekko toolbars

2012-06-17 01:26:06 84832 ----a-w- C:\Windows\SysWow64\drivers\ASPI32.SYS

2012-06-17 01:26:06 45056 ----a-w- C:\Windows\SysWow64\WNASPI32.DLL

2012-06-17 01:25:34 -------- d-----w- C:\Users\Alicia\AppData\Local\blekkotb_031

2012-06-17 01:25:25 -------- d-----w- C:\ProgramData\Anti-phishing Domain Advisor

2012-06-13 00:40:47 -------- d-----w- C:\ProgramData\

2012-06-13 00:40:04 -------- d-----w- C:\Program Files (x86)\

2012-06-12 22:06:07 209920 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-06-12 22:06:05 2767360 ----a-w- C:\Windows\System32\win32k.sys

2012-06-12 22:04:59 1383424 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-12 22:04:59 1383424 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-12 10:36:24 -------- d-----w- C:\Program Files\iPod

2012-06-12 10:36:16 -------- d-----w- C:\Program Files\iTunes


==================== Find3M ====================


2012-05-15 22:18:23 1032192 ----a-w- C:\Windows\System32\wininet.dll

2012-05-15 22:04:50 834048 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-04 23:29:16 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-04-25 16:11:36 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys

2012-04-25 16:11:36 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll

2012-04-23 16:25:30 174592 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-04-23 16:25:30 132096 ----a-w- C:\Windows\System32\cryptnet.dll

2012-04-23 16:25:30 1267200 ----a-w- C:\Windows\System32\crypt32.dll

2012-04-23 16:00:53 984064 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-04-23 16:00:53 98304 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-04-23 16:00:53 133120 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-04-19 14:53:39 485376 ----a-w- C:\Windows\System32\html.iec

2012-04-19 14:18:04 389632 ----a-w- C:\Windows\SysWow64\html.iec

2012-04-19 00:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2012-04-19 00:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-04-03 08:22:15 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-03-30 12:45:03 1423744 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2010-06-26 10:15:45 499 ----a-w- C:\Program Files (x86)\062620106154536.bat


============= FINISH: 23:32:56.73 ===============



Share this post

Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, they're not all bad!!!!!!!)

Post back the report.


Share this post

Link to post
Share on other sites

OK, that scan looks OK, please do this.........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.


If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.


Share this post

Link to post
Share on other sites

As a novice with these sorts of programs, I seem unable to get ComboFix to work properly. Is there something else I could run?

Share this post

Link to post
Share on other sites

What particular problems are you having??

ComboFix is very easy to run. MrC

Share this post

Link to post
Share on other sites

It's giving me error messages repeatedly and since I'm not accustomed to using these types of programs I'm afraid for my computer. The culprit shows up on the first log "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe".

Share this post

Link to post
Share on other sites

OK, do this instead......

Please download OTL from one of the links below: (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized


Share this post

Link to post
Share on other sites

Please do this..............

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

4. If ComboFix wants to update.....please allow it to.


uStart Page = hxxp://


C:\ProgramData\blekko toolbars



Save this as CFScript.txt, in the same location as ComboFix.exe


Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......

Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.


Share this post

Link to post
Share on other sites

Please do this:


  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    FF - "Blekko"
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKU\S-1-5-21-2021167427-2316871478-3002587922-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    IE - HKU\S-1-5-21-2021167427-2316871478-3002587922-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
    [2012/06/16 21:25:34 | 000,000,000 | ---D | C] -- C:\Users\Alicia\AppData\Local\blekkotb_031
    C:\ProgramData\blekko toolbars
    C:\ProgramData\blekko toolbars

  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Share this post

Link to post
Share on other sites

I've done as requested but now it's saying that my Window's Security Center cannot be turned on. What did this removal do to my Security settings for Windows? I'm slightly worried now.


Share this post

Link to post
Share on other sites

Security Center doesn't show up on that list. All I see is Security Accounts.

Share this post

Link to post
Share on other sites

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update

    [*]Press "Scan".

    [*]It will create a log (FSS.txt) in the same directory the tool is run.

    [*]Please copy and paste the log to your reply.


Share this post

Link to post
Share on other sites

Download wscsvc.reg from the link below:


Double click on it or right click on it and choose "Run as Administrator" and allow it to merge into the registry.

Reboot and run another FSS scan.


Share this post

Link to post
Share on other sites

Thank you so much! I genuinely appreciate it. Does this mean that the domain advisor garbage is gone? I checked and it's no longer in that folder.

Share this post

Link to post
Share on other sites

Also, does that mean it's safe to download Chrome again?

Share this post

Link to post
Share on other sites

Yes, go a head and use it, let me know how it is, MrC

Share this post

Link to post
Share on other sites

I'll probably give Chrome about a day or so then I'll be back. Thank you so much for your help <3

Share this post

Link to post
Share on other sites
This topic is now closed to further replies.
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.