Author Topic: random internet redirections and unable to turn on windows security center (Read 14177 times)

maxbvg · « **on:** June 02, 2011, 04:21:30 AM »

hi,
i think that i have a virus/trogen/worm of some sort. i have mcafee istalled but it still says i'm 'protected'

the symptoms of it are:

-when browsing google in IE or Chrome i get redirected to random webpages

-i have tried to turn on windows security center by going into services... but when i turn it on it turns back off again.

-also it will also not allow me to turn on system restore (as i thought restoring back to a previou point would get rid of it)

here is the log of

Malwaremegabytes

Windows 6.1.7600 (Safe Mode)
Internet Explorer 9.0.8112.16421

01/06/2011 15:35:26
mbam-log-2011-06-01 (15-35-26).txt

Scan type: Quick scan
Objects scanned: 190028
Time elapsed: 7 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\4ECYTQ9SIC (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\OPLE7CLDO2 (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4ECYTQ9SIC (Trojan.FakeAlert.SA) -> Value: 4ECYTQ9SIC -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\$Recycle.Bin\s-1-5-21-3746345936-3213574714-259889910-1000\$RE3LQQY.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3746345936-3213574714-259889910-1000\$RHZBO9G.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3746345936-3213574714-259889910-1000\$RLGNAL2.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3746345936-3213574714-259889910-1000\$RS83UAL.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Temp\11f334.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.

any help with this would be so much help

Allan · « **Reply #1 on:** June 02, 2011, 06:01:51 AM »

Please follow the instructions in the following link and post your logs:
http://www.computerhope.com/forum/index.php/topic,46313.0.html

maxbvg · « **Reply #2 on:** June 02, 2011, 06:07:41 AM »

this is the SuperAntiSpyware log

Application Version : 4.53.1000

Core Rules Database Version : 7182
Trace Rules Database Version: 4994

Scan type : Quick Scan
Total Scan Time : 00:23:28

Memory items scanned : 758
Memory threats detected : 0
Registry items scanned : 2886
Registry threats detected : 0
File items scanned : 18543
File threats detected : 70

Adware.Tracking Cookie
   .doubleclick.net [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .atdmt.com [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .microsoftsto.112.2o7.net [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .atdmt.com [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .findology.com [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .findology.com [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .findology.com [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .apmebf.com [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .mediaplex.com [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .mediaplex.com [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .trafficmp.com [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adbrite.com [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adbrite.com [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adbrite.com [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adbrite.com [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adbrite.com [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .specificclick.net [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   wstat.wibiya.com [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .advertise.com [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .azjmp.com [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .azjmp.com [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .azjmp.com [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .trafficmp.com [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .trafficmp.com [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .solvemedia.com [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .solvemedia.com [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tradedoubler.com [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tradedoubler.com [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tradedoubler.com [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tradedoubler.com [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .imrworldwide.com [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .imrworldwide.com [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .martiniadnetwork.com [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .martiniadnetwork.com [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .martiniadnetwork.com [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .martiniadnetwork.com [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .247realmedia.com [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   clicks.search312.com [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tribalfusion.com [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   uk.sitestat.com [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   uk.sitestat.com [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

maxbvg · « **Reply #3 on:** June 02, 2011, 08:50:08 AM »

this is the hackthis log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:49:02, on 02/06/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\vVX3000.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe
C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Logitech\Video\LogiTray.exe
C:\Program Files (x86)\Logitech\Video\FxSvr2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\sniper.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.autocompletepro.com/?si=7981&bi=400
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.autocompletepro.com/?si=7981&bi=400
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.autocompletepro.com/?si=7981&bi=400
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.autocompletepro.com/?si=7981&bi=400
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (file missing)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110511183533.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: kikin Plugin - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (file missing)
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (file missing)
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe"
O4 - HKLM\..\Run: [CPMonitor] "C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe"
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files (x86)\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files (x86)\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files (x86)\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\Max\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [USBStickWatcher] E:\Other\USB Stick Watcher\usbstickwatcher.exe
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files (x86)\kikin\ie_kikin.dll
O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files (x86)\kikin\ie_kikin.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.1.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: McAfee Online Backup (MOBKbackup) - McAfee, Inc. - C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
O23 - Service: MSCamSvc - Unknown owner - C:\Program Files\Microsoft LifeCam\MSCamS64.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxMediaDB12 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WTService - Unknown owner - C:\Windows\System32\atwtusb.exe (file missing)

SuperDave · « **Reply #4 on:** June 02, 2011, 04:18:13 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
************************************************
Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (file missing)
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (file missing)
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (file missing)
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (file missing)
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (file missing)
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.
******************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
******************************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

maxbvg · « **Reply #5 on:** June 03, 2011, 10:43:00 AM »

this is the security check log:

Results of screen317's Security Check version 0.99.12
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
McAfee Internet Security
McAfee Online Backup
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 25
Flash Player Out of Date!
Adobe Flash Player 10.2.159.1
Adobe Reader X (10.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````

maxbvg · « **Reply #6 on:** June 03, 2011, 10:49:23 AM »

this is the dds log:

.
DDS (Ver_2011-06-03.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_25
Run by Max at 17:46:24 on 2011-06-03
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2047.752 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\WTMKM.exe
C:\Windows\vVX3000.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe
C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Logitech\Video\LogiTray.exe
C:\Program Files (x86)\Logitech\Video\FxSvr2.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\System32\atwtusb.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\TeamViewer\Version6\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version6\tv_x64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\atwtusb.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\msiexec.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://search.autocompletepro.com/?si=7981&bi=400
uStart Page = hxxp://search.autocompletepro.com/?si=7981&bi=400
uDefault_Search_URL = hxxp://search.autocompletepro.com/?si=7981&bi=400
uSearch Bar = hxxp://search.autocompletepro.com/?si=7981&bi=400
uInternet Settings,ProxyOverride = local
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110511183533.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: kikin Plugin: {e601996f-e400-41ca-804b-cd6373a7eee2} - C:\Program Files (x86)\kikin\ie_kikin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [LogitechSoftwareUpdate] "C:\Program Files (x86)\Logitech\Video\ManifestEngine.exe" boot
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
uRun: [Google Update] "C:\Users\Max\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [USBStickWatcher] E:\Other\USB Stick Watcher\usbstickwatcher.exe
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [AdobeBridge]
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe"
mRun: [CPMonitor] "C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [LogitechVideoRepair] C:\Program Files (x86)\Logitech\Video\ISStart.exe
mRun: [LogitechVideoTray] C:\Program Files (x86)\Logitech\Video\LogiTray.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Max\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{71F56F4C-17F7-4CA2-ACEB-94EF1588BE94} : DhcpNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110511183533.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: kikin Plugin: {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe"
mRun-x64: [CPMonitor] "C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [LogitechVideoRepair] C:\Program Files (x86)\Logitech\Video\ISStart.exe
mRun-x64: [LogitechVideoTray] C:\Program Files (x86)\Logitech\Video\LogiTray.exe
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\586qrb0k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2786678&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Photosynth\npPhotosynthMozilla.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Max\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Users\Max\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 MOBKFilter;MOBKFilter;C:\Windows\system32\DRIVERS\MOBK.sys --> C:\Windows\system32\DRIVERS\MOBK.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-6 169408]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-1-3 355440]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-1-3 355440]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-1-3 355440]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-1-3 355440]
R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-1-3 200056]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-1-3 245352]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 MOBKbackup;McAfee Online Backup;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-18 2228008]
R2 WTService;WTService;C:\Windows\System32\atwtusb.exe -s --> C:\Windows\System32\atwtusb.exe -s [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-16 136176]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [2009-7-24 219632]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-16 136176]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 RoxMediaDB12;RoxMediaDB12;C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [2009-7-24 1116656]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
.
=============== Created Last 30 ================
.
2011-06-03 11:24:47   --------   d-----w-   C:\Users\Max\AppData\Local\{95DD4672-0DF9-495E-A2D7-FF6ABD04C515}
2011-06-02 14:45:04   --------   d-----w-   C:\Program Files (x86)\Trend Micro
2011-06-02 09:38:37   --------   d-----w-   C:\ProgramData\!SASCORE
2011-06-02 08:46:30   --------   d-----w-   C:\Users\Max\AppData\Local\{7A58BCE2-A10D-46BE-A0F1-C8476F39B981}
2011-06-01 15:57:50   --------   d-----w-   C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-06-01 14:59:41   --------   d-----w-   C:\ProgramData\SUPERAntiSpyware.com
2011-06-01 14:19:31   --------   d-----w-   C:\Users\Max\AppData\Roaming\Malwarebytes
2011-06-01 14:19:26   --------   d-----w-   C:\ProgramData\Malwarebytes
2011-06-01 14:19:23   25912   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2011-06-01 12:26:44   81920   --sha-r-   C:\Windows\SysWow64\ACCTRESR.dll
2011-06-01 08:59:55   --------   d-----w-   C:\Users\Max\AppData\Local\{00CB9DC7-5186-4D5F-9093-4A5327CFF1CB}
2011-05-30 08:42:50   --------   d-----w-   C:\Users\Max\AppData\Local\{E663A506-66E6-49C8-A945-AF833F518461}
2011-05-29 09:28:07   --------   d-----w-   C:\Users\Max\AppData\Local\{B3856120-960B-4718-AC67-66777BB79672}
2011-05-27 15:41:02   --------   d-----w-   C:\Users\Max\AppData\Local\{C205A9CE-4CC0-4B14-BE0D-F6EF74FF0C96}
2011-05-26 15:42:23   --------   d-----w-   C:\Users\Max\AppData\Local\{FB3357C9-53AD-491A-8E36-AFE1F18D06B6}
2011-05-25 15:57:19   27008   ----a-w-   C:\Windows\System32\drivers\Diskdump.sys
2011-05-25 15:36:14   --------   d-----w-   C:\Users\Max\AppData\Local\{7C1C3900-DFD7-4CE6-8839-3461F342F619}
2011-05-24 15:49:17   142336   ----a-w-   C:\Windows\System32\poqexec.exe
2011-05-24 15:49:17   123904   ----a-w-   C:\Windows\SysWow64\poqexec.exe
2011-05-24 15:45:18   --------   d-----w-   C:\Users\Max\AppData\Local\{4464AF72-D2CA-4F0E-98B8-8FCB497AA3D9}
2011-05-23 17:07:08   --------   d-----w-   C:\Users\Max\AppData\Local\{63129AFB-1377-48F5-9FAE-48F45AF1E7F5}
2011-05-22 08:32:03   --------   d-----w-   C:\Users\Max\AppData\Local\{F0F7401C-DFDF-46AD-90BE-C45456CB1928}
2011-05-20 16:23:34   --------   d-----w-   C:\Users\Max\AppData\Local\{7B0BF98B-3285-4A7E-8AC3-A2D3010BACFA}
2011-05-19 15:41:45   --------   d-----w-   C:\Users\Max\AppData\Local\{D79E6073-0FE4-455B-B633-493B60E95534}
2011-05-18 15:43:45   --------   d-----w-   C:\Users\Max\AppData\Local\{D6C22B6D-6F4B-40A3-973B-24BD2B0E23C3}
2011-05-17 16:40:15   --------   d-----w-   C:\Users\Max\AppData\Local\{59A1AD07-78F8-42E1-92CE-69D817F5606D}
2011-05-16 15:46:05   --------   d-----w-   C:\Users\Max\AppData\Local\{8A02CF3E-9069-433A-A09A-05E0C70A5502}
2011-05-15 09:54:26   --------   d-----w-   C:\Users\Max\AppData\Local\{2CA0A5BF-59E2-4E63-9BF9-0DA5A73EDE70}
2011-05-13 16:02:07   --------   d-----w-   C:\Users\Max\AppData\Local\{7BCD617E-E5F5-45C0-ABCB-BB824739FE1C}
2011-05-12 15:54:15   --------   d-----w-   C:\Users\Max\AppData\Local\{FD25DAB2-4D26-4EDD-832F-2525FEA244AD}
2011-05-11 16:02:30   5509504   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2011-05-11 16:02:30   3957632   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
2011-05-11 16:02:29   3901824   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
2011-05-11 15:57:48   --------   d-----w-   C:\Users\Max\AppData\Local\{3A8EC71D-20DF-4B13-BF16-49178D9D98B6}
2011-05-10 16:38:40   --------   d-----w-   C:\Users\Max\AppData\Local\{AA63F145-075B-4271-A40D-C67C0E0F79BB}
2011-05-09 17:08:08   --------   d-----w-   C:\Users\Max\AppData\Local\{B146BC96-8825-4DCA-B8E6-3478B6B50C4D}
2011-05-08 11:53:14   --------   d-----w-   C:\Users\Max\AppData\Local\{9FE6EC70-5CE7-485B-B4FE-3E3DA7BFED27}
2011-05-08 11:27:53   --------   d-----w-   C:\Program Files (x86)\DVD Decrypter
2011-05-08 11:14:24   --------   d-----w-   C:\Users\Max\.dvdcss
2011-05-08 11:13:19   --------   d-----w-   C:\Users\Max\AppData\Roaming\Digiarty
2011-05-08 11:13:19   --------   d-----w-   C:\OutputFolder
2011-05-08 11:13:10   --------   d-----w-   C:\Program Files (x86)\Digiarty
2011-05-08 10:53:32   --------   d-----w-   C:\Users\Max\AppData\Roaming\HandBrake
2011-05-08 10:53:32   --------   d-----w-   C:\Users\Max\AppData\Local\HandBrake
2011-05-08 10:53:24   --------   d-----w-   C:\Program Files (x86)\Handbrake
2011-05-05 18:30:53   --------   d-----w-   C:\Program Files (x86)\AutocompletePro
2011-05-05 18:30:51   --------   d-----w-   C:\Program Files (x86)\Google Hacks
2011-05-05 15:36:38   --------   d-----w-   C:\Users\Max\AppData\Local\{7EF34871-0532-4E2E-9EEB-79D8F4DCAC1A}
.
==================== Find3M ====================
.
2011-06-01 13:29:40   472808   ----a-w-   C:\Windows\SysWow64\deployJava1.dll
2011-04-14 13:01:38   9984   ----a-w-   C:\Windows\System32\drivers\mfeclnk.sys
2011-04-14 13:01:38   94992   ----a-w-   C:\Windows\System32\drivers\mferkdet.sys
2011-04-14 13:01:38   75160   ----a-w-   C:\Windows\System32\drivers\mfenlfk.sys
2011-04-14 13:01:38   63056   ----a-w-   C:\Windows\System32\drivers\cfwids.sys
2011-04-14 13:01:38   530304   ----a-w-   C:\Windows\System32\drivers\mfehidk.sys
2011-04-14 13:01:38   441840   ----a-w-   C:\Windows\System32\drivers\mfefirek.sys
2011-04-14 13:01:38   283744   ----a-w-   C:\Windows\System32\drivers\mfewfpk.sys
2011-04-14 13:01:38   190520   ----a-w-   C:\Windows\System32\drivers\mfeavfk.sys
2011-04-14 13:01:38   149032   ----a-w-   C:\Windows\System32\mfevtps.exe
2011-04-14 13:01:38   121376   ----a-w-   C:\Windows\System32\drivers\mfeapfk.sys
2011-04-13 22:40:10   4284416   ----a-w-   C:\Windows\SysWow64\GPhotos.scr
2011-03-11 06:19:26   1395712   ----a-w-   C:\Windows\System32\mfc42.dll
2011-03-11 06:19:26   1359872   ----a-w-   C:\Windows\System32\mfc42u.dll
2011-03-11 05:40:24   1164288   ----a-w-   C:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:40:24   1137664   ----a-w-   C:\Windows\SysWow64\mfc42.dll
2011-03-08 06:14:30   976896   ----a-w-   C:\Windows\System32\inetcomm.dll
2011-03-08 05:38:13   740864   ----a-w-   C:\Windows\SysWow64\inetcomm.dll
.
============= FINISH: 17:47:27.46 ===============

maxbvg · « **Reply #7 on:** June 03, 2011, 10:51:25 AM »

this is the other dds file log (named attach):

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-03.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 25/12/2009 13:47:30
System Uptime: 03/06/2011 13:20:26 (4 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5QL/EPU
Processor: Pentium(R) Dual-Core CPU E5300 @ 2.60GHz | LGA775 | 2621/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 357.496 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP279: 02/05/2011 19:46:31 - Windows Update
RP280: 03/05/2011 19:03:04 - Windows Update
RP281: 04/05/2011 07:14:49 - Windows Update
RP282: 11/05/2011 18:31:00 - Windows Update
RP283: 12/05/2011 20:20:35 - Windows Update
RP284: 24/05/2011 20:08:25 - Windows Update
RP285: 25/05/2011 18:39:04 - Windows Update
RP286: 02/06/2011 15:44:18 - Installed HiJackThis
RP287: 02/06/2011 15:50:48 - Removed HiJackThis
RP288: 02/06/2011 15:53:21 - Removed Feedback Tool
RP289: 03/06/2011 17:34:22 - Installed HiJackThis
RP290: 03/06/2011 17:43:33 - Removed HiJackThis
.
==== Installed Programs ======================
.
.
Acrobat.com
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Photoshop Elements 9
Adobe Reader X (10.0.1)
Audacity 1.2.6
AutoHotkey 1.0.48.05
AviSynth 2.5
Belkin N Wireless USB Adapter Setup
CamStudio
D3DX10
Definition update for Microsoft Office 2010 (KB982726)
Design Tools - 2D Design V2 Student
DirectX 9 Runtime
DrawPlus7
DVD Decrypter (Remove Only)
EA Download Manager
EA Download Manager UI
Edexcel GCSE Business Studies
Elements 9 Organizer
Elements STI Installer
Feedback Tool
Free Notes & Office Ink
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Java Auto Updater
Java(TM) 6 Update 25
Junk Mail filter update
kikin plugin (Stranded II Edition) 2.2
LAME v3.98.2 for Audacity
LEGO® MINDSTORMS® NXT - English Language Pack
LEGO® MINDSTORMS® NXT Software v1.0
Lightworks
Logitech QuickCam Software
MacroKey Manager
McAfee Internet Security
McAfee Online Backup
Microsoft Corporation
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Pinball Arcade
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft Visual Basic 2008 Express Edition - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 4.0 (x86 en-GB)
MSDN Library for Microsoft Visual Studio 2008 Express Editions
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Opera 11.00
PDF Settings CS5
Photosynth 2.0110.0317.1042
Picasa 3
Power Presenter RE
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio CinePlayer
Roxio CinePlayer Decoder Pack
Roxio Creator 2010
Roxio Creator 2010 Content
Roxio PhotoShow
Roxio Video Capture USB
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Excel 2010 (KB2466146)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
SharpKeys
SmartSound Quicktracks Plugin
SPORE™
Spotify
TeamViewer 6
Unity Web Player
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2441641)
VC Runtimes MSI
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
YouTube Downloader 2.7.2
.
==== Event Viewer Messages From Past Week ========
.
03/06/2011 15:20:56, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2.
03/06/2011 12:22:11, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.
03/06/2011 12:21:41, Error: Service Control Manager [7000] - The MSCamSvc service failed to start due to the following error: The system cannot find the file specified.
02/06/2011 10:42:17, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
02/06/2011 10:22:50, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TeamViewer 6 service to connect.
02/06/2011 10:22:50, Error: Service Control Manager [7000] - The TeamViewer 6 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
01/06/2011 16:20:35, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
01/06/2011 15:08:47, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
01/06/2011 15:06:48, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
01/06/2011 15:05:33, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
01/06/2011 15:05:07, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
01/06/2011 15:04:59, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
01/06/2011 15:04:59, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
01/06/2011 15:04:57, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
01/06/2011 15:04:50, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
01/06/2011 15:04:44, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MOBKFilter MpFilter spldr Wanarpv6
01/06/2011 13:38:48, Error: Service Control Manager [7000] - The MsMpSvc service failed to start due to the following error: The system cannot find the file specified.
01/06/2011 13:37:54, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
01/06/2011 13:34:44, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
01/06/2011 13:34:44, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
01/06/2011 13:34:17, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache mfehidk mfenlfk mfewfpk MOBKFilter MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr Tcpip tdx Wanarpv6 WfpLwf
01/06/2011 13:34:17, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
01/06/2011 13:34:17, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
01/06/2011 13:34:17, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
01/06/2011 13:34:17, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
01/06/2011 13:34:17, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
01/06/2011 13:34:17, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
01/06/2011 13:34:17, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
01/06/2011 13:34:17, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
01/06/2011 13:34:17, Error: Service Control Manager [7001] - The McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
01/06/2011 13:34:17, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
01/06/2011 13:34:17, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
01/06/2011 13:34:17, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.
01/06/2011 13:34:17, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
01/06/2011 13:34:17, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
01/06/2011 13:34:17, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
01/06/2011 13:34:17, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
01/06/2011 13:34:17, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
.
==== End Of File ===========================

SuperDave · « **Reply #8 on:** June 03, 2011, 01:14:34 PM »

Download OTL to your desktop.

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code: [Select]

:OTL
mRun: [<NO NAME>] 
BHO-X64:     AcroIEHelperStub - No File
BHO-X64:     scriptproxy - No File
BHO-X64:     URLRedirectionBHO - No File

:COMMANDS
[resethosts]
[purity]
[emptytemp]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
***********************************************************
Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

link # 1
Link # 2
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix login your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

maxbvg · « **Reply #9 on:** June 05, 2011, 07:02:10 AM »

This is the ODL log:

All processes killed
========== OTL ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Max
->Temp folder emptied: 96682152 bytes
->Temporary Internet Files folder emptied: 21023750 bytes
->Java cache emptied: 12600316 bytes
->FireFox cache emptied: 71157170 bytes
->Google Chrome cache emptied: 401773538 bytes
->Opera cache emptied: 18010873 bytes
->Flash cache emptied: 80760 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2912 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 323630 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 593.00 mb

OTL by OldTimer - Version 3.2.23.0 log created on 06052011_135302

Files\Folders moved on Reboot...
C:\Users\Max\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Max\AppData\Local\Temp\~DF01A11226D1A073ED.TMP not found!
File\Folder C:\Users\Max\AppData\Local\Temp\~DF170E5B58EDF775A0.TMP not found!
File\Folder C:\Users\Max\AppData\Local\Temp\~DF1E1B45F7396C2EAD.TMP not found!
File\Folder C:\Users\Max\AppData\Local\Temp\~DF25B1A9BDB7316DE7.TMP not found!
File\Folder C:\Users\Max\AppData\Local\Temp\~DF2607E91062940A18.TMP not found!
File\Folder C:\Users\Max\AppData\Local\Temp\~DF2F121EED943F1A94.TMP not found!
File\Folder C:\Users\Max\AppData\Local\Temp\~DF360CBE7E83877B19.TMP not found!
File\Folder C:\Users\Max\AppData\Local\Temp\~DF36210AE43D415F26.TMP not found!
File\Folder C:\Users\Max\AppData\Local\Temp\~DF3CE98BD25E8B8BC2.TMP not found!
File\Folder C:\Users\Max\AppData\Local\Temp\~DF436D82F116FB1EDB.TMP not found!
File\Folder C:\Users\Max\AppData\Local\Temp\~DF6038B450FFAF7A0A.TMP not found!
File\Folder C:\Users\Max\AppData\Local\Temp\~DF604BAC672E1B92EE.TMP not found!
File\Folder C:\Users\Max\AppData\Local\Temp\~DF71AC57C7D39B1E6D.TMP not found!
File\Folder C:\Users\Max\AppData\Local\Temp\~DF822D8D1C7C08FA78.TMP not found!
File\Folder C:\Users\Max\AppData\Local\Temp\~DF8AA961B249F5FD12.TMP not found!
File\Folder C:\Users\Max\AppData\Local\Temp\~DF8EC50CBCCA08435D.TMP not found!
File\Folder C:\Users\Max\AppData\Local\Temp\~DF98467C71EFF98AB2.TMP not found!
File\Folder C:\Users\Max\AppData\Local\Temp\~DF9A4D595A4817D499.TMP not found!
File\Folder C:\Users\Max\AppData\Local\Temp\~DF9DFF40D694AA1CB4.TMP not found!
File\Folder C:\Users\Max\AppData\Local\Temp\~DFA901ACA5419C4E42.TMP not found!
File\Folder C:\Users\Max\AppData\Local\Temp\~DFBC1AA19B9EDA5BA8.TMP not found!
File\Folder C:\Users\Max\AppData\Local\Temp\~DFC51134614FF6ACA4.TMP not found!
File\Folder C:\Users\Max\AppData\Local\Temp\~DFC792C0709E0797CD.TMP not found!
File\Folder C:\Users\Max\AppData\Local\Temp\~DFCCD10FA69D168B71.TMP not found!
File\Folder C:\Users\Max\AppData\Local\Temp\~DFDB78401C0EF50905.TMP not found!
File\Folder C:\Users\Max\AppData\Local\Temp\~DFDF69D9B086989441.TMP not found!
File\Folder C:\Users\Max\AppData\Local\Temp\~DFE33BFCB0245AA76A.TMP not found!
File\Folder C:\Users\Max\AppData\Local\Temp\~DFE972020A6EAC1004.TMP not found!

Registry entries deleted on Reboot...

maxbvg · « **Reply #10 on:** June 05, 2011, 07:29:44 AM »

here is the combofix log:

ComboFix 11-06-05.01 - Max 05/06/2011 14:15:59.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2047.1072 [GMT 1:00]
Running from: c:\users\Max\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\AutocompletePro
c:\program files (x86)\AutocompletePro\FireFoxExtension.exe
c:\program files (x86)\AutocompletePro\InstTracker.exe
c:\users\Max\AppData\Roaming\inst.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-05-05 to 2011-06-05 )))))))))))))))))))))))))))))))
.
.
2011-06-05 13:23 . 2011-06-05 13:23   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-06-05 13:11 . 2011-06-05 13:12   --------   d-----w-   C:\32788R22FWJFW
2011-06-05 12:53 . 2011-06-05 12:53   --------   d-----w-   C:\_OTL
2011-06-05 11:23 . 2011-06-05 11:24   --------   d-----w-   c:\users\Max\AppData\Local\{D450A6E0-961B-4A0F-945E-4A6B299569F5}
2011-06-04 13:12 . 2011-06-04 13:12   --------   d-----w-   c:\users\Max\AppData\Local\{6D746569-A748-4F23-8B0B-892D8D7FF89D}
2011-06-03 11:24 . 2011-06-03 11:25   --------   d-----w-   c:\users\Max\AppData\Local\{95DD4672-0DF9-495E-A2D7-FF6ABD04C515}
2011-06-02 14:45 . 2011-06-02 14:45   --------   d-----w-   c:\program files (x86)\Trend Micro
2011-06-02 09:38 . 2011-06-02 09:38   --------   d-----w-   c:\programdata\!SASCORE
2011-06-02 08:46 . 2011-06-02 08:46   --------   d-----w-   c:\users\Max\AppData\Local\{7A58BCE2-A10D-46BE-A0F1-C8476F39B981}
2011-06-01 15:57 . 2011-06-03 11:21   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2011-06-01 14:59 . 2011-06-01 14:59   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2011-06-01 14:19 . 2011-06-01 14:19   --------   d-----w-   c:\users\Max\AppData\Roaming\Malwarebytes
2011-06-01 14:19 . 2011-06-01 14:19   --------   d-----w-   c:\programdata\Malwarebytes
2011-06-01 14:19 . 2011-05-29 08:11   25912   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-06-01 13:30 . 2011-06-01 13:30   --------   d-----w-   c:\program files (x86)\Common Files\Java
2011-06-01 13:29 . 2011-06-01 13:29   --------   d-----w-   c:\program files (x86)\Java
2011-06-01 12:45 . 2011-06-01 12:45   --------   d-----w-   c:\windows\Sun
2011-06-01 12:26 . 2011-06-01 12:26   81920   --sha-r-   c:\windows\SysWow64\ACCTRESR.dll
2011-06-01 08:59 . 2011-06-01 09:00   --------   d-----w-   c:\users\Max\AppData\Local\{00CB9DC7-5186-4D5F-9093-4A5327CFF1CB}
2011-05-30 08:42 . 2011-05-30 08:43   --------   d-----w-   c:\users\Max\AppData\Local\{E663A506-66E6-49C8-A945-AF833F518461}
2011-05-29 09:28 . 2011-05-29 09:28   --------   d-----w-   c:\users\Max\AppData\Local\{B3856120-960B-4718-AC67-66777BB79672}
2011-05-27 15:41 . 2011-05-27 15:41   --------   d-----w-   c:\users\Max\AppData\Local\{C205A9CE-4CC0-4B14-BE0D-F6EF74FF0C96}
2011-05-26 15:42 . 2011-05-26 15:42   --------   d-----w-   c:\users\Max\AppData\Local\{FB3357C9-53AD-491A-8E36-AFE1F18D06B6}
2011-05-25 15:57 . 2011-04-22 20:18   27008   ----a-w-   c:\windows\system32\drivers\Diskdump.sys
2011-05-25 15:36 . 2011-05-25 15:36   --------   d-----w-   c:\users\Max\AppData\Local\{7C1C3900-DFD7-4CE6-8839-3461F342F619}
2011-05-24 15:49 . 2011-04-09 06:58   142336   ----a-w-   c:\windows\system32\poqexec.exe
2011-05-24 15:49 . 2011-04-09 05:56   123904   ----a-w-   c:\windows\SysWow64\poqexec.exe
2011-05-24 15:45 . 2011-05-24 15:45   --------   d-----w-   c:\users\Max\AppData\Local\{4464AF72-D2CA-4F0E-98B8-8FCB497AA3D9}
2011-05-23 17:07 . 2011-05-23 17:07   --------   d-----w-   c:\users\Max\AppData\Local\{63129AFB-1377-48F5-9FAE-48F45AF1E7F5}
2011-05-22 08:32 . 2011-05-22 08:32   --------   d-----w-   c:\users\Max\AppData\Local\{F0F7401C-DFDF-46AD-90BE-C45456CB1928}
2011-05-20 16:23 . 2011-05-20 16:23   --------   d-----w-   c:\users\Max\AppData\Local\{7B0BF98B-3285-4A7E-8AC3-A2D3010BACFA}
2011-05-19 15:41 . 2011-05-19 15:42   --------   d-----w-   c:\users\Max\AppData\Local\{D79E6073-0FE4-455B-B633-493B60E95534}
2011-05-18 15:43 . 2011-05-18 15:44   --------   d-----w-   c:\users\Max\AppData\Local\{D6C22B6D-6F4B-40A3-973B-24BD2B0E23C3}
2011-05-17 16:40 . 2011-05-17 16:40   --------   d-----w-   c:\users\Max\AppData\Local\{59A1AD07-78F8-42E1-92CE-69D817F5606D}
2011-05-16 15:46 . 2011-05-16 15:46   --------   d-----w-   c:\users\Max\AppData\Local\{8A02CF3E-9069-433A-A09A-05E0C70A5502}
2011-05-15 15:36 . 2011-05-15 15:36   --------   d-----w-   c:\users\Max\AppData\Roaming\U3
2011-05-15 09:54 . 2011-05-15 09:54   --------   d-----w-   c:\users\Max\AppData\Local\{2CA0A5BF-59E2-4E63-9BF9-0DA5A73EDE70}
2011-05-13 16:02 . 2011-05-13 16:02   --------   d-----w-   c:\users\Max\AppData\Local\{7BCD617E-E5F5-45C0-ABCB-BB824739FE1C}
2011-05-12 15:54 . 2011-05-12 15:54   --------   d-----w-   c:\users\Max\AppData\Local\{FD25DAB2-4D26-4EDD-832F-2525FEA244AD}
2011-05-11 16:02 . 2011-04-09 06:45   5509504   ----a-w-   c:\windows\system32\ntoskrnl.exe
2011-05-11 16:02 . 2011-04-09 06:13   3957632   ----a-w-   c:\windows\SysWow64\ntkrnlpa.exe
2011-05-11 16:02 . 2011-04-09 06:13   3901824   ----a-w-   c:\windows\SysWow64\ntoskrnl.exe
2011-05-11 15:57 . 2011-05-11 15:58   --------   d-----w-   c:\users\Max\AppData\Local\{3A8EC71D-20DF-4B13-BF16-49178D9D98B6}
2011-05-10 16:38 . 2011-05-10 16:39   --------   d-----w-   c:\users\Max\AppData\Local\{AA63F145-075B-4271-A40D-C67C0E0F79BB}
2011-05-09 17:08 . 2011-05-09 17:08   --------   d-----w-   c:\users\Max\AppData\Local\{B146BC96-8825-4DCA-B8E6-3478B6B50C4D}
2011-05-08 11:53 . 2011-05-08 11:53   --------   d-----w-   c:\users\Max\AppData\Local\{9FE6EC70-5CE7-485B-B4FE-3E3DA7BFED27}
2011-05-08 11:27 . 2011-05-08 11:27   --------   d-----w-   c:\program files (x86)\DVD Decrypter
2011-05-08 11:17 . 2011-05-08 11:19   --------   d-----w-   c:\programdata\DVD Shrink
2011-05-08 11:14 . 2011-05-08 11:14   --------   d-----w-   c:\users\Max\.dvdcss
2011-05-08 11:13 . 2011-05-08 11:13   --------   d-----w-   c:\users\Max\AppData\Roaming\Digiarty
2011-05-08 11:13 . 2011-05-08 11:13   --------   d-----w-   C:\OutputFolder
2011-05-08 11:13 . 2011-05-08 11:13   --------   d-----w-   c:\program files (x86)\Digiarty
2011-05-08 10:53 . 2011-05-08 11:02   --------   d-----w-   c:\users\Max\AppData\Roaming\HandBrake
2011-05-08 10:53 . 2011-05-08 10:53   --------   d-----w-   c:\users\Max\AppData\Local\HandBrake
2011-05-08 10:53 . 2011-05-08 11:10   --------   d-----w-   c:\program files (x86)\Handbrake
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-01 13:29 . 2010-05-23 08:46   472808   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2011-04-28 15:48 . 2010-03-03 17:22   710976   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-04-24 13:15 . 2010-03-03 17:22   2594584   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-04-24 13:15 . 2010-05-20 15:46   42776   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-04-24 13:15 . 2009-12-29 10:03   710976   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-04-14 13:01 . 2011-01-03 11:18   9984   ----a-w-   c:\windows\system32\drivers\mfeclnk.sys
2011-04-14 13:01 . 2011-01-03 11:17   94992   ----a-w-   c:\windows\system32\drivers\mferkdet.sys
2011-04-14 13:01 . 2011-01-03 11:17   75160   ----a-w-   c:\windows\system32\drivers\mfenlfk.sys
2011-04-14 13:01 . 2011-01-03 11:17   63056   ----a-w-   c:\windows\system32\drivers\cfwids.sys
2011-04-14 13:01 . 2011-01-03 11:17   441840   ----a-w-   c:\windows\system32\drivers\mfefirek.sys
2011-04-14 13:01 . 2011-01-03 11:17   283744   ----a-w-   c:\windows\system32\drivers\mfewfpk.sys
2011-04-14 13:01 . 2011-01-03 11:17   190520   ----a-w-   c:\windows\system32\drivers\mfeavfk.sys
2011-04-14 13:01 . 2011-01-03 11:09   149032   ----a-w-   c:\windows\system32\mfevtps.exe
2011-04-14 13:01 . 2010-10-13 22:28   530304   ----a-w-   c:\windows\system32\drivers\mfehidk.sys
2011-04-14 13:01 . 2010-10-13 22:28   121376   ----a-w-   c:\windows\system32\drivers\mfeapfk.sys
2011-04-13 22:40 . 2011-04-13 22:40   4284416   ----a-w-   c:\windows\SysWow64\GPhotos.scr
2011-04-02 15:48 . 2011-04-02 15:48   74752   ----a-w-   c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-04-02 15:48 . 2011-04-02 15:48   1797632   ----a-w-   c:\windows\SysWow64\jscript9.dll
2011-04-02 15:48 . 2011-04-02 15:48   161792   ----a-w-   c:\windows\SysWow64\msls31.dll
2011-04-02 15:48 . 2011-04-02 15:48   1126912   ----a-w-   c:\windows\SysWow64\wininet.dll
2011-04-02 15:48 . 2011-04-02 15:48   86528   ----a-w-   c:\windows\SysWow64\iesysprep.dll
2011-04-02 15:48 . 2011-04-02 15:48   76800   ----a-w-   c:\windows\SysWow64\SetIEInstalledDate.exe
2011-04-02 15:48 . 2011-04-02 15:48   63488   ----a-w-   c:\windows\SysWow64\tdc.ocx
2011-04-02 15:48 . 2011-04-02 15:48   48640   ----a-w-   c:\windows\SysWow64\mshtmler.dll
2011-04-02 15:48 . 2011-04-02 15:48   367104   ----a-w-   c:\windows\SysWow64\html.iec
2011-04-02 15:48 . 2011-04-02 15:48   110592   ----a-w-   c:\windows\SysWow64\IEAdvpack.dll
2011-04-02 15:48 . 2011-04-02 15:48   74752   ----a-w-   c:\windows\SysWow64\iesetup.dll
2011-04-02 15:48 . 2011-04-02 15:48   420864   ----a-w-   c:\windows\SysWow64\vbscript.dll
2011-04-02 15:48 . 2011-04-02 15:48   35840   ----a-w-   c:\windows\SysWow64\imgutil.dll
2011-04-02 15:48 . 2011-04-02 15:48   2382848   ----a-w-   c:\windows\SysWow64\mshtml.tlb
2011-04-02 15:48 . 2011-04-02 15:48   23552   ----a-w-   c:\windows\SysWow64\licmgr10.dll
2011-04-02 15:48 . 2011-04-02 15:48   152064   ----a-w-   c:\windows\SysWow64\wextract.exe
2011-04-02 15:48 . 2011-04-02 15:48   150528   ----a-w-   c:\windows\SysWow64\iexpress.exe
2011-04-02 15:48 . 2011-04-02 15:48   142848   ----a-w-   c:\windows\SysWow64\ieUnatt.exe
2011-04-02 15:48 . 2011-04-02 15:48   1427456   ----a-w-   c:\windows\SysWow64\inetcpl.cpl
2011-04-02 15:48 . 2011-04-02 15:48   11776   ----a-w-   c:\windows\SysWow64\mshta.exe
2011-04-02 15:48 . 2011-04-02 15:48   101888   ----a-w-   c:\windows\SysWow64\admparse.dll
2011-04-02 15:48 . 2011-04-02 15:48   91648   ----a-w-   c:\windows\system32\SetIEInstalledDate.exe
2011-04-02 15:48 . 2011-04-02 15:48   89088   ----a-w-   c:\windows\system32\RegisterIEPKEYs.exe
2011-04-02 15:48 . 2011-04-02 15:48   85504   ----a-w-   c:\windows\system32\iesetup.dll
2011-04-02 15:48 . 2011-04-02 15:48   76800   ----a-w-   c:\windows\system32\tdc.ocx
2011-04-02 15:48 . 2011-04-02 15:48   603648   ----a-w-   c:\windows\system32\vbscript.dll
2011-04-02 15:48 . 2011-04-02 15:48   49664   ----a-w-   c:\windows\system32\imgutil.dll
2011-04-02 15:48 . 2011-04-02 15:48   48640   ----a-w-   c:\windows\system32\mshtmler.dll
2011-04-02 15:48 . 2011-04-02 15:48   448512   ----a-w-   c:\windows\system32\html.iec
2011-04-02 15:48 . 2011-04-02 15:48   30720   ----a-w-   c:\windows\system32\licmgr10.dll
2011-04-02 15:48 . 2011-04-02 15:48   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
2011-04-02 15:48 . 2011-04-02 15:48   2303488   ----a-w-   c:\windows\system32\jscript9.dll
2011-04-02 15:48 . 2011-04-02 15:48   222208   ----a-w-   c:\windows\system32\msls31.dll
2011-04-02 15:48 . 2011-04-02 15:48   173056   ----a-w-   c:\windows\system32\ieUnatt.exe
2011-04-02 15:48 . 2011-04-02 15:48   165888   ----a-w-   c:\windows\system32\iexpress.exe
2011-04-02 15:48 . 2011-04-02 15:48   160256   ----a-w-   c:\windows\system32\wextract.exe
2011-04-02 15:48 . 2011-04-02 15:48   1492992   ----a-w-   c:\windows\system32\inetcpl.cpl
2011-04-02 15:48 . 2011-04-02 15:48   1389056   ----a-w-   c:\windows\system32\wininet.dll
2011-04-02 15:48 . 2011-04-02 15:48   135168   ----a-w-   c:\windows\system32\IEAdvpack.dll
2011-04-02 15:48 . 2011-04-02 15:48   12288   ----a-w-   c:\windows\system32\mshta.exe
2011-04-02 15:48 . 2011-04-02 15:48   114176   ----a-w-   c:\windows\system32\admparse.dll
2011-04-02 15:48 . 2011-04-02 15:48   111616   ----a-w-   c:\windows\system32\iesysprep.dll
2011-04-01 16:43 . 2009-12-29 10:03   2594584   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-04-01 16:43 . 2010-05-19 16:33   42776   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-03-31 15:47 . 2011-03-31 15:47   2594584   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-7\markup.dll
2011-03-11 06:19 . 2011-04-15 08:12   1359872   ----a-w-   c:\windows\system32\mfc42u.dll
2011-03-11 06:19 . 2011-04-15 08:12   1395712   ----a-w-   c:\windows\system32\mfc42.dll
2011-03-11 05:40 . 2011-04-15 08:12   1164288   ----a-w-   c:\windows\SysWow64\mfc42u.dll
2011-03-11 05:40 . 2011-04-15 08:12   1137664   ----a-w-   c:\windows\SysWow64\mfc42.dll
2011-03-09 16:44 . 2010-06-24 10:33   18328   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-08 06:14 . 2011-04-15 08:12   976896   ----a-w-   c:\windows\system32\inetcomm.dll
2011-03-08 05:38 . 2011-04-15 08:12   740864   ----a-w-   c:\windows\SysWow64\inetcomm.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2010-05-06 16:06   777904   ----a-w-   c:\program files (x86)\kikin\ie_kikin.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-28 39408]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe" [2009-07-24 240112]
"CPMonitor"="c:\program files (x86)\Roxio 2010\5.0\CPMonitor.exe" [2009-07-21 84464]
"Desktop Disc Tool"="c:\program files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-23 494064]
"LogitechVideoTray"="c:\program files (x86)\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1486392]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
c:\users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ     autocheck autochk /k:C *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ     kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-16 136176]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [2009-07-24 219632]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-16 136176]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RoxMediaDB12;RoxMediaDB12;c:\program files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [2009-07-24 1116656]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys

S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys

S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys

S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-06 169408]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 245352]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe

S2 MOBKbackup;McAfee Online Backup;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-04-13 231224]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S2 WTService;WTService;c:\windows\System32\atwtusb.exe

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys

S3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys

.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-16 15:54]
.
2011-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-16 15:54]
.
2011-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3746345936-3213574714-259889910-1000Core.job
- c:\users\Max\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-14 12:36]
.
2011-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3746345936-3213574714-259889910-1000UA.job
- c:\users\Max\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-14 12:36]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-13 20:11   3816248   ----a-w-   c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-13 20:11   3816248   ----a-w-   c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-13 20:11   3816248   ----a-w-   c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MacroKeyManager"="WTMKM.exe" [2009-08-11 5634792]
"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.autocompletepro.com/?si=7981&bi=400
uDefault_Search_URL = hxxp://search.autocompletepro.com/?si=7981&bi=400
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files (x86)\kikin\ie_kikin.dll
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\586qrb0k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2786678&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files (x86)\ConduitEngine\ConduitEngine.dll
BHO-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files (x86)\uTorrentBar\tbuTor.dll
Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files (x86)\uTorrentBar\tbuTor.dll
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files (x86)\ConduitEngine\ConduitEngine.dll
Wow6432Node-HKCU-Run-LogitechSoftwareUpdate - c:\program files (x86)\Logitech\Video\ManifestEngine.exe
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Wow6432Node-HKCU-Run-USBStickWatcher - e:\other\USB Stick Watcher\usbstickwatcher.exe
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-LogitechVideoRepair - c:\program files (x86)\Logitech\Video\ISStart.exe
HKLM-Run-MSSE - c:\program files\Microsoft Security Essentials\msseces.exe
HKLM-Run-ASUSWebStorage - c:\program files (x86)\ASUS\ASUS WebStorage\2.2.3.15\ASUSWSDashBoard.exe
HKLM-Run-(Default) - (no file)
AddRemove-AutoHotkey - c:\program files (x86)\AutoHotkey\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3746345936-3213574714-259889910-1000\Software\SecuROM\License information*]
"datasecu"=hex:36,23,59,2d,86,1f,c3,bc,07,cf,51,23,5c,96,6c,f2,3d,67,82,90,46,
d4,7c,68,b9,3c,2c,af,e5,45,e0,a8,ea,b4,84,6b,67,5d,ba,11,9e,9b,67,b0,df,08,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-06-05 14:26:22
ComboFix-quarantined-files.txt 2011-06-05 13:26
.
Pre-Run: 386,239,217,664 bytes free
Post-Run: 387,727,495,168 bytes free
.
- - End Of File - - B7667C40616D2AB7AC9D04D1DB3BE768

SuperDave · « **Reply #11 on:** June 05, 2011, 04:40:00 PM »

Please download Rooter and Save it to your desktop.

Double click it to start the tool.Vista and Windows7 run as administrator.
Click Scan.
Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.

Computer Hope Forum

News:

Author Topic: random internet redirections and unable to turn on windows security center (Read 14177 times)

maxbvg

random internet redirections and unable to turn on windows security center

Allan

Re: random internet redirections and unable to turn on windows security center

maxbvg

Re: random internet redirections and unable to turn on windows security center

maxbvg

Re: random internet redirections and unable to turn on windows security center

SuperDave

Re: random internet redirections and unable to turn on windows security center

maxbvg

Re: random internet redirections and unable to turn on windows security center

maxbvg

Re: random internet redirections and unable to turn on windows security center

maxbvg

Re: random internet redirections and unable to turn on windows security center

SuperDave

Re: random internet redirections and unable to turn on windows security center

maxbvg

Re: random internet redirections and unable to turn on windows security center

maxbvg

Re: random internet redirections and unable to turn on windows security center

SuperDave

Re: random internet redirections and unable to turn on windows security center