Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser crashing - logs included


  • This topic is locked This topic is locked
30 replies to this topic

#1 sophitus

sophitus

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 24 November 2011 - 08:37 PM

Referred from here: http://www.bleepingcomputer.com/forums/topic429135.html ~ OB


For the past day, my Firefox browser has been repeatedly crashing. It seems to crash whenever I go to any Web site except for a few like gmail and this site. I posted this problem to the "Am I Infected" forum but site did not allow me to copy and paste my logs, perhaps because they were too long. Whenever I tried to post more than a few lines in the text body, I got a message saying that "the connection was reset." I was then told to try posting here.

It started a couple of days ago when I found that if I clicked a google search result, my browser redirected to some unrelated site. I ran McAfee and IObit Security, found some infected files, and removed them, but the problem persisted. So yesterday I downloaded Ad-Aware and ran it. Again, some infected files emerged and were removed. The redirection problem went away, but instead Firefox simply began crashing. I tried Opera and Internet Explorer, and they both have the same problem. I updated Firefox and got the latest Windows security updates (I'm running Vista). Then I downloaded and ran MBAM and Super Antispyware. Once again, they came up with infected files, which I removed. But the problem has not gone away.

Right now, one of two problems usually occur when I open my browser and go to almost any site: either firefox simply crashes or it begins opening multiple new tabs and windows and then promptly crashes.

Logs are attached. I tried to add the "attach" file I got when I ran DDS, but for some reason the forum refused to let me attach it to this post. I'd be grateful for any help.

Attached Files

  • Attached File  DDS.txt   16.85KB   1 downloads
  • Attached File  ark.txt   97.24KB   2 downloads

Edited by Orange Blossom, 24 November 2011 - 09:02 PM.


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:50 PM

Posted 24 November 2011 - 10:21 PM

Hi,

Please do the following:

  • Please download GetPartitions from here
  • You must right click on the link and choose Save as....
  • Save it as GetPartitions.bat to your desktop
  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator").
  • It will produce a log on your C:\ drive C:\DiskReport.txt
  • please navigate to that file and post the contents of the log in your next reply



NEXT


Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)



NEXT


Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.


    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------


NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Edited by CatByte, 24 November 2011 - 10:39 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 sophitus

sophitus
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 25 November 2011 - 01:51 AM

Logs for GetPartitions and TDSSKiller are attached. I was unable to run ComboFix properly. The first time I loaded it, the window just sat there for several hours saying it was scanning. Since it said it would take no more than 20 minutes, I shut it down and tried again. On my second attempt, I was no longer able to shut down all my antivirus programs because windows said the McAfee host was no longer functioning. I tried running ComboFix even with McAfee running, and the window just said something like "nirkmd" couldn't be found. Also, I found I was no longer able to access firefox because a "firefox process" was already running. I am only able to get on and post here by running firefox as an admin.

Attached Files



#4 sophitus

sophitus
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 25 November 2011 - 02:33 AM

I should also add that firefox has no problems with crashing when I run it as an admin.

#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:50 PM

Posted 25 November 2011 - 02:58 PM

Hi,

Please delete the copy of ComboFix that you have on your desktop > download a fresh copy from the link below, but rename it to svchost.exe before saving it to your desktop

Try running it in normal mode, but if it still wont run > log into safe mode and run it > give it lots of time, this is a nast infection and it could take an extra long time to run.

ComboFix


To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode
  • Then press the Enter Key on your Keyboard
  • go into your usual account

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 sophitus

sophitus
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 25 November 2011 - 08:26 PM

I ran ComboFix in safe mode. Once again, McAfee was unable to close down for reasons I don't understand, but Windows gave me a message saying that the "McAfee Host" was not working. Also, again, ComboFix told me as it began that NIRKMD was not working. I should also add that though I renamed ComboFix as svchost.exe, the name switched back to ComboFix as soon as I ran the program.

After about two hours, ComboFix said it was done but did not produce any log I can find. There's now a ComboFix folder in my C: folder that contains 242 files but none as far as I could make out were logs. Any ideas?

Thanks,
Adam

#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:50 PM

Posted 25 November 2011 - 08:44 PM

Hi,

Please give TDSSKiller another run then reboot the computer.

Delete the copy of ComboFix that you have as well as the combofix folder you describe

download a fresh copy of combofix and save it to your desktop

then run it by using the following command:


Go Start > Run and copy/paste the following single-line command into the Run box and click OK:

"%userprofile%\desktop\combofix.exe" /nombr

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 sophitus

sophitus
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 25 November 2011 - 11:48 PM

I ran TDSSKiller. The scan showed no threats. And ComboFix finally worked - the log is attached.

Attached Files



#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:50 PM

Posted 26 November 2011 - 11:02 AM

Hi

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

FireFox::
FF - ProfilePath - C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\a8u25ma2.default\
FF - prefs.js: network.proxy.http_port - 50370

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT



  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 sophitus

sophitus
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 26 November 2011 - 04:03 PM

Right, I ran all three programs. Once again, I couldn't manually close McAfee, but windows showed me something saying the "McAfee service host" wasn't working. Also, when I ran ComboFix, windows popped up repeatedly saying "NIRKMD" could not be found. First, the log for Combofix:

ComboFix 11-11-26.04 - Adam 11/26/2011 12:36:06.2.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3032.1886 [GMT -5:00]
Running from: c:\users\Adam\Desktop\ComboFix.exe
Command switches used :: c:\users\Adam\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: IObit Security 360 *Disabled/Updated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\users\Adam\AppData\Local\{0C6ADC4A-7D72-4BB7-ABEC-C54C27CD386B}\chrome.manifest
c:\users\Adam\AppData\Local\{0C6ADC4A-7D72-4BB7-ABEC-C54C27CD386B}\install.rdf
c:\users\Adam\AppData\Local\Application Data\{0C6ADC4A-7D72-4BB7-ABEC-C54C27CD386B}\chrome.manifest
c:\users\Adam\AppData\Local\Application Data\{0C6ADC4A-7D72-4BB7-ABEC-C54C27CD386B}\install.rdf
c:\users\Adam\AppData\Local\Application Data\Application Data\{0C6ADC4A-7D72-4BB7-ABEC-C54C27CD386B}\chrome.manifest
c:\users\Adam\AppData\Local\Application Data\Application Data\{0C6ADC4A-7D72-4BB7-ABEC-C54C27CD386B}\install.rdf
c:\users\Adam\AppData\Local\Application Data\Application Data\Application Data\{0C6ADC4A-7D72-4BB7-ABEC-C54C27CD386B}\chrome.manifest
c:\users\Adam\AppData\Local\Application Data\Application Data\Application Data\{0C6ADC4A-7D72-4BB7-ABEC-C54C27CD386B}\install.rdf
c:\users\Adam\AppData\Local\Application Data\Application Data\Application Data\Application Data\{0C6ADC4A-7D72-4BB7-ABEC-C54C27CD386B}\chrome.manifest
c:\users\Adam\AppData\Local\Application Data\Application Data\Application Data\Application Data\{0C6ADC4A-7D72-4BB7-ABEC-C54C27CD386B}\install.rdf
c:\users\Adam\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\{0C6ADC4A-7D72-4BB7-ABEC-C54C27CD386B}\chrome.manifest
c:\users\Adam\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\{0C6ADC4A-7D72-4BB7-ABEC-C54C27CD386B}\install.rdf
c:\users\Adam\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{0C6ADC4A-7D72-4BB7-ABEC-C54C27CD386B}\chrome.manifest
c:\users\Adam\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{0C6ADC4A-7D72-4BB7-ABEC-C54C27CD386B}\install.rdf
c:\users\Adam\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{0C6ADC4A-7D72-4BB7-ABEC-C54C27CD386B}\chrome.manifest
c:\users\Adam\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{0C6ADC4A-7D72-4BB7-ABEC-C54C27CD386B}\install.rdf
c:\users\Adam\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{0C6ADC4A-7D72-4BB7-ABEC-C54C27CD386B}\chrome.manifest
c:\users\Adam\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{0C6ADC4A-7D72-4BB7-ABEC-C54C27CD386B}\install.rdf
c:\users\Adam\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{0C6ADC4A-7D72-4BB7-ABEC-C54C27CD386B}\chrome.manifest
c:\users\Adam\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{0C6ADC4A-7D72-4BB7-ABEC-C54C27CD386B}\install.rdf
c:\users\Adam\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{0C6ADC4A-7D72-4BB7-ABEC-C54C27CD386B}\chrome.manifest
c:\users\Adam\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{0C6ADC4A-7D72-4BB7-ABEC-C54C27CD386B}\chrome\content\overlay.xul
c:\users\Adam\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{0C6ADC4A-7D72-4BB7-ABEC-C54C27CD386B}\install.rdf
c:\users\Adam\AppData\Roaming\Install.dat
c:\users\Adam\AppData\Roaming\jqee55ou3.exe
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery\Uninstall Windows Vista Recovery.lnk
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery\Windows Vista Recovery.lnk
c:\users\Adam\AppData\Roaming\s1lyk0dv.exe
E:\AUTORUN.INF
.
.
((((((((((((((((((((((((( Files Created from 2011-10-26 to 2011-11-26 )))))))))))))))))))))))))))))))
.
.
2011-11-26 18:02 . 2011-11-26 18:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-26 13:32 . 2011-11-26 13:32 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B5578198-4DEC-4B86-967C-F9A8C2B0C8E7}\offreg.dll
2011-11-24 15:05 . 2011-10-06 20:42 28504 ----a-w- c:\program files\Mozilla Firefox\ScriptFF.dll
2011-11-24 05:18 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-24 05:18 . 2011-11-24 05:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-24 02:23 . 2011-11-24 02:23 -------- d-----w- c:\users\Adam\AppData\Local\Opera
2011-11-24 02:06 . 2011-11-24 02:06 -------- d-----w- c:\users\Adam\AppData\Roaming\SUPERAntiSpyware.com
2011-11-24 02:03 . 2011-11-24 02:03 -------- d-----w- c:\program files\Apple Software Update
2011-11-24 01:07 . 2011-11-24 01:07 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-11-24 01:07 . 2011-11-24 01:07 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-11-24 01:07 . 2011-11-24 01:07 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-11-24 01:07 . 2011-11-24 01:07 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-11-24 01:07 . 2011-11-24 01:07 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-11-24 01:07 . 2011-11-24 01:07 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-11-24 01:07 . 2011-11-24 01:07 1989592 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-11-24 01:07 . 2011-11-24 01:07 801752 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-11-23 09:09 . 2011-11-23 03:22 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-11-23 03:22 . 2011-11-23 03:22 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-11-23 03:17 . 2011-11-23 03:17 -------- d-----w- c:\users\Adam\AppData\Local\adaware
2011-11-23 03:17 . 2011-11-26 13:39 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2011-11-23 03:17 . 2011-11-23 03:17 -------- d-----w- c:\program files\Toolbar Cleaner
2011-11-23 03:17 . 2011-11-23 03:17 -------- d-----w- c:\program files\adawaretb
2011-11-23 03:17 . 2011-11-03 17:06 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-11-23 03:16 . 2011-11-23 03:17 -------- d-----w- c:\programdata\Lavasoft
2011-11-23 03:16 . 2011-11-23 03:16 -------- d-----w- c:\program files\Lavasoft
2011-11-23 03:05 . 2011-10-18 06:28 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B5578198-4DEC-4B86-967C-F9A8C2B0C8E7}\mpengine.dll
2011-11-23 03:05 . 2011-05-24 23:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-09 20:09 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-09 20:09 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 20:09 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 00:49 . 2011-07-23 16:23 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-09-30 23:06 . 2011-10-11 18:56 916480 ----a-w- c:\windows\system32\wininet.dll
2011-09-30 23:02 . 2011-10-11 18:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-30 23:01 . 2011-10-11 18:56 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-30 23:01 . 2011-10-11 18:56 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-30 23:01 . 2011-10-11 18:56 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-09-30 22:07 . 2011-10-11 18:56 385024 ----a-w- c:\windows\system32\html.iec
2011-09-30 21:29 . 2011-10-11 18:56 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-30 21:28 . 2011-10-11 18:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-06 13:30 . 2011-10-11 18:56 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-08-29 05:46 . 2010-12-19 04:37 0 ----a-w- c:\users\Adam\AppData\Local\Nxetuwus.bin
2011-11-24 01:07 . 2011-11-24 01:07 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 18:01 . 2010-08-18 15:31 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2011-10-21 09:10 87440 ----a-w- c:\program files\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}"= "c:\program files\vShare.tv plugin\BarLcher.dll" [2011-06-01 177712]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2011-10-21 87440]
.
[HKEY_CLASSES_ROOT\clsid\{7ac3e13b-3bca-4158-b330-f66dbb03c1b5}]
[HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher.1]
[HKEY_CLASSES_ROOT\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3}]
[HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}"= "c:\program files\vShare.tv plugin\BarLcher.dll" [2011-06-01 177712]
.
[HKEY_CLASSES_ROOT\clsid\{7ac3e13b-3bca-4158-b330-f66dbb03c1b5}]
[HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher.1]
[HKEY_CLASSES_ROOT\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3}]
[HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Adam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Adam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Adam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TouchFreeze"="c:\program files\TouchFreeze\TouchFreeze.exe" [2005-04-29 45056]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"i6g8xs"="c:\users\Adam\AppData\Roaming\i6g8xs.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-31 483428]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-16 1318552]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2010-06-11 1280344]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2009-08-28 614400]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
Dropbox.lnk - c:\users\Adam\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-8-22 24182896]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
RCA Detective.lnk - c:\users\Adam\Documents\RCA Detective\RCADetective.exe [2011-4-23 804352]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-09-20 05:09 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 07:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2009-03-31 14:18 217088 ----a-w- c:\program files\DellTPad\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2008-12-21 18:34 3810304 ----a-w- c:\windows\System32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Chacuvurovilox]
c:\users\Adam\AppData\Local\KBDT42.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell DataSafe Online]
2009-07-07 15:23 1779952 ----a-w- c:\program files\Dell DataSafe Online\DataSafeOnline.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
2009-06-03 19:46 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-03-31 16:55 173592 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-06-15 11:12 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-03-31 16:55 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-21 20:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcui_exe]
2011-09-16 22:38 1318552 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-04-24 16:05 250192 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2008-12-03 03:41 3882312 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2009-02-05 02:26 128232 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-03-31 16:55 150552 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QrmdkgvrDyBAXe]
c:\programdata\QrmdkgvrDyBAXe.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickSet]
2009-03-26 23:26 1735760 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
2009-03-31 15:00 483428 ----a-w- c:\program files\IDT\WDM\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:33 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:35 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wsomawogepukogib]
c:\users\Adam\AppData\Local\icogovagifobaw.dll [BU]
.
R1 SASDIFSV;SASDIFSV;c:\users\Adam\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\Adam\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 214904]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-11-03 2152152]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-08-15 87808]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-11-03 64512]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-08-15 64712]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-08-15 164776]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [2009-03-31 81920]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-08-19 160344]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-08-19 148520]
S2 SftService;SoftThinks Agent Service;c:\program files\Dell DataSafe Local Backup\sftservice.EXE [2009-04-17 636144]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-08-27 5120]
S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-08-15 57432]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-08-15 338040]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\a8u25ma2.default\
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - prefs.js: browser.startup.homepage - hxxps://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=http://mail.google.com/mail/&scc=1&ltmpl=default&ltmplcache=2
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=utf-8&mssrc=ms_kwd&mstb=adawaretb&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.type - 4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-26 13:03
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(10040)
c:\users\Adam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
Completion time: 2011-11-26 13:07:41
ComboFix-quarantined-files.txt 2011-11-26 18:07
.
Pre-Run: 183,587,119,104 bytes free
Post-Run: 183,561,117,696 bytes free
.
- - End Of File - - 2A4551FC283166A3768E311B16667330





Next, the log for MBAM:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8248

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154

11/26/2011 1:20:58 PM
mbam-log-2011-11-26 (13-20-58).txt

Scan type: Quick scan
Objects scanned: 172826
Time elapsed: 4 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Finally, the log for ESET:
C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application

#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:50 PM

Posted 26 November 2011 - 04:57 PM

How is the computer running now? Are there any outstanding issues?

Please run a fresh DDS Log and Attach.txt
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 sophitus

sophitus
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 26 November 2011 - 08:54 PM

Nothing seems to have changed as far as the computer running. I still can only open firefox as an administrator. I still can't create or save documents. The recycling bin has disappeared, and McAfee still won't respond. Logs are below:



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19154 BrowserJavaVersion: 1.6.0_22
Run by Adam at 20:43:54 on 2011-11-26
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3032.1512 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Security 360 *Disabled/Updated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\TouchFreeze\TouchFreeze.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\IObit\IObit Security 360\is360.exe
C:\Windows\Explorer.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111124100507.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: VShareToolBar: {7ac3e13b-3bca-4158-b330-f66dbb03c1b5} - c:\program files\vshare.tv plugin\BarLcher.dll
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
uRun: [TouchFreeze] c:\program files\touchfreeze\TouchFreeze.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [i6g8xs] c:\users\adam\appdata\roaming\i6g8xs.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [IObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\ssmmgr.exe /autorun
mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\users\adam\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\users\adam\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\adam\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\adam\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\users\adam\appdata\roaming\micros~1\windows\startm~1\programs\startup\rcadet~1.lnk - c:\users\adam\documents\rca detective\RCADetective.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{0E20ACE1-AC49-483D-9BDB-C87AD5FCF911} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{2EAF41D8-90A4-463E-9A58-40086062D497} : DhcpNameServer = 68.237.161.12 71.250.0.12
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\adam\appdata\roaming\mozilla\firefox\profiles\a8u25ma2.default\
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - prefs.js: browser.startup.homepage - hxxps://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=http://mail.google.com/mail/&scc=1&ltmpl=default&ltmplcache=2
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=utf-8&mssrc=ms_kwd&mstb=adawaretb&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvsharetvplg.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-11-22 64512]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-18 461864]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-8-18 64712]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-8-18 164776]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_f6ef8056\AEstSrv.exe [2009-9-20 81920]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2011-5-14 312152]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-18 166024]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-18 160344]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-18 148520]
R2 SftService;SoftThinks Agent Service;c:\program files\dell datasafe local backup\SftService.exe [2009-9-20 636144]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2011-9-18 5120]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-18 180072]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-18 338040]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-18 214904]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-18 214904]
S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-18 214904]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-18 57432]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-11-3 2152152]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-18 59288]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-18 87808]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-11-26 18:31:40 -------- d-----w- c:\program files\ESET
2011-11-26 18:05:42 -------- d-sh--w- C:\$RECYCLE.BIN
2011-11-26 13:32:12 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b5578198-4dec-4b86-967c-f9a8c2b0c8e7}\offreg.dll
2011-11-25 04:00:19 98816 ----a-w- c:\windows\sed.exe
2011-11-25 04:00:19 518144 ----a-w- c:\windows\SWREG.exe
2011-11-25 04:00:19 256000 ----a-w- c:\windows\PEV.exe
2011-11-25 04:00:19 208896 ----a-w- c:\windows\MBR.exe
2011-11-24 15:05:07 28504 ----a-w- c:\program files\mozilla firefox\ScriptFF.dll
2011-11-24 05:18:21 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-24 05:18:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-24 02:23:58 -------- d-----w- c:\users\adam\appdata\local\Opera
2011-11-24 02:06:55 -------- d-----w- c:\users\adam\appdata\roaming\SUPERAntiSpyware.com
2011-11-24 01:07:43 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-11-24 01:07:43 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-11-24 01:07:42 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-11-24 01:07:39 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-11-24 01:07:38 478168 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-11-24 01:07:38 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-11-24 01:07:37 801752 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-11-24 01:07:37 1989592 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-11-23 09:09:49 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-11-23 03:22:23 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-11-23 03:17:48 -------- d-----w- c:\users\adam\appdata\local\adaware
2011-11-23 03:17:46 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2011-11-23 03:17:39 -------- d-----w- c:\program files\Toolbar Cleaner
2011-11-23 03:17:11 -------- d-----w- c:\program files\adawaretb
2011-11-23 03:17:04 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-11-23 03:16:48 -------- d-----w- c:\program files\Lavasoft
2011-11-23 03:05:43 2730536 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-11-23 03:05:37 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b5578198-4dec-4b86-967c-f9a8c2b0c8e7}\mpengine.dll
2011-11-23 03:05:36 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-09 20:09:40 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-11-09 20:09:36 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 20:09:32 707584 ----a-w- c:\program files\common files\system\wab32.dll
.
==================== Find3M ====================
.
2011-11-25 00:49:55 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-10-24 19:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 19:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-09-30 23:06:24 916480 ----a-w- c:\windows\system32\wininet.dll
2011-09-30 23:02:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-30 23:01:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-30 23:01:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-09-30 23:01:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-30 22:07:25 385024 ----a-w- c:\windows\system32\html.iec
2011-09-30 21:29:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-30 21:28:36 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-06 13:30:12 2043392 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 20:50:16.28 ===============









.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 9/19/2009 7:45:40 PM
System Uptime: 11/26/2011 11:39:49 AM (9 hours ago)
.
Motherboard: Dell Inc. | | 0G848F
Processor: Pentium® Dual-Core CPU T4200 @ 2.00GHz | Microprocessor | 1200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 218 GiB total, 170.854 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 15 GiB total, 6.575 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP579: 11/26/2011 12:33:49 PM - ComboFix created restore point
.
==== Installed Programs ======================
.
µTorrent
Acrobat.com
Ad-Aware
Ad-Aware Security Toolbar
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Choice Guard
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell-eBay
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Touchpad
Dell Wireless WLAN Card Utility
DELL0703
DirectVobSub 2.40.3644 x86
Dropbox
ESET Online Scanner v3
Free Opener
GoToAssist 8.0.0.514
GRE POWERPREP
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel® TV Wizard
Intel® Matrix Storage Manager
IObit Security 360
iTunes
Java Auto Updater
Java™ 6 Update 22
JDownloader 0.9
Junk Mail filter update
K-Lite Codec Pack 7.0.0 (Standard)
LoJack Factory Installer
Maintenance Samsung ML-2525W Series
Malwarebytes' Anti-Malware version 1.51.2.1300
McAfee SecurityCenter
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 8.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OpenOffice.org 3.3
Opera 11.52
PowerDVD DX
QuickSet
QuickTime
RCA Detective™ 3.0.1.1
RCA Digital Voice Manager 5.3.3.0
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Excel 2010 (KB2553070)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
TouchFreeze
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
VLC media player 1.0.1
vShare.tv plugin 1.3
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Xvid Video Codec
.
==== Event Viewer Messages From Past Week ========
.
11/26/2011 8:39:54 AM, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/26/2011 8:39:54 AM, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/26/2011 8:39:54 AM, Error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/26/2011 8:39:54 AM, Error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/26/2011 8:39:54 AM, Error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/26/2011 8:33:56 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
11/26/2011 8:33:56 AM, Error: Service Control Manager [7000] - The Intel® PRO/1000 PCI Express Network Connection Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
11/26/2011 8:33:56 AM, Error: Service Control Manager [7000] - The Intel® PRO/1000 NDIS 6 Adapter Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
11/26/2011 8:33:56 AM, Error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the file specified.
11/26/2011 12:35:15 PM, Error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
11/26/2011 12:31:49 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee Services service, but this action failed with the following error: An instance of the service is already running.
11/26/2011 12:30:49 PM, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/26/2011 12:30:49 PM, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/26/2011 12:30:49 PM, Error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/26/2011 12:30:49 PM, Error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/26/2011 12:30:49 PM, Error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/26/2011 1:35:08 PM, Error: Service Control Manager [7034] - The McAfee Services service terminated unexpectedly. It has done this 3 time(s).
11/26/2011 1:35:08 PM, Error: Service Control Manager [7034] - The McAfee Proxy Service service terminated unexpectedly. It has done this 3 time(s).
11/26/2011 1:35:08 PM, Error: Service Control Manager [7034] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 3 time(s).
11/26/2011 1:35:08 PM, Error: Service Control Manager [7034] - The McAfee Network Agent service terminated unexpectedly. It has done this 3 time(s).
11/26/2011 1:35:08 PM, Error: Service Control Manager [7034] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 3 time(s).
11/26/2011 1:30:04 PM, Error: Service Control Manager [7023] - The McAfee VirusScan Announcer service terminated with the following error: Invalid handle
11/26/2011 1:03:02 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
11/25/2011 8:04:53 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McMPFSvc service.
11/25/2011 8:02:30 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
11/25/2011 6:15:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
11/25/2011 6:14:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/25/2011 6:14:42 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC mfehidk mfenlfk mfewfpk NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr tdx Wanarpv6
11/25/2011 6:14:42 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/25/2011 6:14:42 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
11/25/2011 6:14:42 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
11/25/2011 6:14:42 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/25/2011 6:14:42 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
11/25/2011 6:14:42 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/25/2011 6:14:42 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/25/2011 6:14:42 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
11/25/2011 6:14:42 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/25/2011 6:14:42 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
11/25/2011 6:14:42 PM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
11/25/2011 6:14:42 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
11/25/2011 6:14:42 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
11/25/2011 6:14:42 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
11/25/2011 6:14:42 PM, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
11/25/2011 6:14:42 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/25/2011 6:14:42 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/25/2011 6:14:42 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/25/2011 6:14:42 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
11/25/2011 6:14:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
11/25/2011 6:14:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
11/25/2011 6:14:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/25/2011 6:14:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/25/2011 11:43:07 PM, Error: EventLog [6008] - The previous system shutdown at 10:51:24 PM on 11/25/2011 was unexpected.
11/25/2011 10:43:43 PM, Error: Service Control Manager [7022] - The McAfee VirusScan Announcer service hung on starting.
11/25/2011 10:36:07 PM, Error: Service Control Manager [7034] - The Marvell Yukon Service service terminated unexpectedly. It has done this 1 time(s).
11/25/2011 1:33:46 AM, Error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/24/2011 2:09:50 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.
11/24/2011 2:09:50 PM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.
11/24/2011 12:08:07 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Internet Explorer 9 for Windows Vista.
11/23/2011 8:28:09 PM, Error: EventLog [6008] - The previous system shutdown at 8:26:54 PM on 11/23/2011 was unexpected.
11/23/2011 11:20:35 PM, Error: EventLog [6008] - The previous system shutdown at 11:19:17 PM on 11/23/2011 was unexpected.
11/23/2011 11:11:25 PM, Error: EventLog [6008] - The previous system shutdown at 10:56:17 PM on 11/23/2011 was unexpected.
11/22/2011 9:41:56 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
.
==== End Of File ===========================

#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:50 PM

Posted 26 November 2011 - 11:18 PM

Hi

Please do the following:


  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

http://www.bleepingcomputer.com/forums/topic429206.html/page__pid__2487616#entry2487616

Collect::
c:\users\adam\appdata\roaming\i6g8xs.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"i6g8xs"=-

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT


Please download MiniToolBox, save it to your desktop and run it.

Place a checkmark in the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.


Note: When using the "Reset FF Proxy Settings" option, Firefox should be closed

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 sophitus

sophitus
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 27 November 2011 - 12:57 AM

Thanks again for all of your ongoing help. Here is the ComboFix log:

ComboFix 11-11-26.04 - Adam 11/27/2011 0:12.3.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3032.1574 [GMT -5:00]
Running from: c:\users\Adam\Desktop\ComboFix.exe
Command switches used :: c:\users\Adam\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: IObit Security 360 *Disabled/Updated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((( Files Created from 2011-10-27 to 2011-11-27 )))))))))))))))))))))))))))))))
.
.
2011-11-27 05:40 . 2011-11-27 05:40 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B5578198-4DEC-4B86-967C-F9A8C2B0C8E7}\offreg.dll
2011-11-27 05:39 . 2011-11-27 05:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-26 18:31 . 2011-11-26 18:31 -------- d-----w- c:\program files\ESET
2011-11-24 15:05 . 2011-10-06 20:42 28504 ----a-w- c:\program files\Mozilla Firefox\ScriptFF.dll
2011-11-24 05:18 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-24 05:18 . 2011-11-24 05:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-24 02:23 . 2011-11-24 02:23 -------- d-----w- c:\users\Adam\AppData\Local\Opera
2011-11-24 02:06 . 2011-11-24 02:06 -------- d-----w- c:\users\Adam\AppData\Roaming\SUPERAntiSpyware.com
2011-11-24 02:03 . 2011-11-24 02:03 -------- d-----w- c:\program files\Apple Software Update
2011-11-24 01:07 . 2011-11-24 01:07 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-11-24 01:07 . 2011-11-24 01:07 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-11-24 01:07 . 2011-11-24 01:07 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-11-24 01:07 . 2011-11-24 01:07 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-11-24 01:07 . 2011-11-24 01:07 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-11-24 01:07 . 2011-11-24 01:07 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-11-24 01:07 . 2011-11-24 01:07 1989592 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-11-24 01:07 . 2011-11-24 01:07 801752 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-11-23 09:09 . 2011-11-23 03:22 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-11-23 03:22 . 2011-11-23 03:22 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-11-23 03:17 . 2011-11-23 03:17 -------- d-----w- c:\users\Adam\AppData\Local\adaware
2011-11-23 03:17 . 2011-11-26 13:39 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2011-11-23 03:17 . 2011-11-23 03:17 -------- d-----w- c:\program files\Toolbar Cleaner
2011-11-23 03:17 . 2011-11-23 03:17 -------- d-----w- c:\program files\adawaretb
2011-11-23 03:17 . 2011-11-03 17:06 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-11-23 03:16 . 2011-11-23 03:17 -------- d-----w- c:\programdata\Lavasoft
2011-11-23 03:16 . 2011-11-23 03:16 -------- d-----w- c:\program files\Lavasoft
2011-11-23 03:05 . 2011-10-18 06:28 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B5578198-4DEC-4B86-967C-F9A8C2B0C8E7}\mpengine.dll
2011-11-23 03:05 . 2011-05-24 23:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-09 20:09 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-09 20:09 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 20:09 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 00:49 . 2011-07-23 16:23 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-09-30 23:06 . 2011-10-11 18:56 916480 ----a-w- c:\windows\system32\wininet.dll
2011-09-30 23:02 . 2011-10-11 18:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-30 23:01 . 2011-10-11 18:56 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-30 23:01 . 2011-10-11 18:56 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-30 23:01 . 2011-10-11 18:56 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-09-30 22:07 . 2011-10-11 18:56 385024 ----a-w- c:\windows\system32\html.iec
2011-09-30 21:29 . 2011-10-11 18:56 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-30 21:28 . 2011-10-11 18:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-06 13:30 . 2011-10-11 18:56 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-08-29 05:46 . 2010-12-19 04:37 0 ----a-w- c:\users\Adam\AppData\Local\Nxetuwus.bin
2011-11-24 01:07 . 2011-11-24 01:07 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 18:01 . 2010-08-18 15:31 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2011-10-21 09:10 87440 ----a-w- c:\program files\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}"= "c:\program files\vShare.tv plugin\BarLcher.dll" [2011-06-01 177712]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2011-10-21 87440]
.
[HKEY_CLASSES_ROOT\clsid\{7ac3e13b-3bca-4158-b330-f66dbb03c1b5}]
[HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher.1]
[HKEY_CLASSES_ROOT\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3}]
[HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}"= "c:\program files\vShare.tv plugin\BarLcher.dll" [2011-06-01 177712]
.
[HKEY_CLASSES_ROOT\clsid\{7ac3e13b-3bca-4158-b330-f66dbb03c1b5}]
[HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher.1]
[HKEY_CLASSES_ROOT\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3}]
[HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Adam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Adam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Adam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TouchFreeze"="c:\program files\TouchFreeze\TouchFreeze.exe" [2005-04-29 45056]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-31 483428]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-16 1318552]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2010-06-11 1280344]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2009-08-28 614400]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
Dropbox.lnk - c:\users\Adam\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-8-22 24182896]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
RCA Detective.lnk - c:\users\Adam\Documents\RCA Detective\RCADetective.exe [2011-4-23 804352]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-09-20 05:09 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 07:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2009-03-31 14:18 217088 ----a-w- c:\program files\DellTPad\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2008-12-21 18:34 3810304 ----a-w- c:\windows\System32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Chacuvurovilox]
c:\users\Adam\AppData\Local\KBDT42.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell DataSafe Online]
2009-07-07 15:23 1779952 ----a-w- c:\program files\Dell DataSafe Online\DataSafeOnline.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
2009-06-03 19:46 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-03-31 16:55 173592 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-06-15 11:12 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-03-31 16:55 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-21 20:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcui_exe]
2011-09-16 22:38 1318552 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-04-24 16:05 250192 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2008-12-03 03:41 3882312 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2009-02-05 02:26 128232 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-03-31 16:55 150552 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QrmdkgvrDyBAXe]
c:\programdata\QrmdkgvrDyBAXe.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickSet]
2009-03-26 23:26 1735760 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
2009-03-31 15:00 483428 ----a-w- c:\program files\IDT\WDM\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:33 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:35 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wsomawogepukogib]
c:\users\Adam\AppData\Local\icogovagifobaw.dll [BU]
.
R1 SASDIFSV;SASDIFSV;c:\users\Adam\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\Adam\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 214904]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-11-03 2152152]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-08-15 87808]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-11-03 64512]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-08-15 64712]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-08-15 164776]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [2009-03-31 81920]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-08-19 160344]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-08-19 148520]
S2 SftService;SoftThinks Agent Service;c:\program files\Dell DataSafe Local Backup\sftservice.EXE [2009-04-17 636144]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-08-27 5120]
S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-08-15 57432]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-08-15 338040]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\a8u25ma2.default\
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - prefs.js: browser.startup.homepage - hxxps://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=http://mail.google.com/mail/&scc=1&ltmpl=default&ltmplcache=2
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=utf-8&mssrc=ms_kwd&mstb=adawaretb&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.type - 4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-27 00:43
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2692)
c:\users\Adam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2011-11-27 00:50:39 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-27 05:50
ComboFix2.txt 2011-11-26 18:07
.
Pre-Run: 183,385,903,104 bytes free
Post-Run: 183,354,998,784 bytes free
.
- - End Of File - - B97D5FAE66C26EC96A0EC589C6F0A87A






And the mini Toolbox log:

MiniToolBox by Farbar
Ran by Adam (administrator) on 27-11-2011 at 00:55:41
Windows Vista ™ Home Basic Service Pack 2 (X86)

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.http", "127.0.0.1"
"network.proxy.type", 4

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Dell Wireless 1397 WLAN Mini-Card = Wireless Network Connection (Connected)
Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Adam-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Belkin

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Dell Wireless 1397 WLAN Mini-Card
Physical Address. . . . . . . . . : 70-1A-04-13-EF-EA
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::a108:2501:731e:51bc%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, November 27, 2011 12:40:51 AM
Lease Expires . . . . . . . . . . : Wednesday, January 03, 2148 7:24:08 AM
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 292559364
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-47-24-F1-00-25-64-5E-F7-FD
DNS Servers . . . . . . . . . . . : 192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
Physical Address. . . . . . . . . : 00-25-64-5E-F7-FD
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:42:19bd:3f57:fdfd(Preferred)
Link-local IPv6 Address . . . . . : fe80::42:19bd:3f57:fdfd%10(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : isatap.Belkin
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{2EAF41D8-90A4-463E-9A58-40086062D497}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: luhze
Address: 192.168.2.1

Name: google.com
Address: 74.125.224.114



Pinging google.com [74.125.224.114] with 32 bytes of data:

Request timed out.

Reply from 74.125.224.114: bytes=32 time=26ms TTL=53



Ping statistics for 74.125.224.114:

Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),

Approximate round trip times in milli-seconds:

Minimum = 26ms, Maximum = 26ms, Average = 26ms

Server: luhze
Address: 192.168.2.1

Name: yahoo.com
Addresses: 98.139.180.149
209.191.122.70
72.30.2.43
98.137.149.56



Pinging yahoo.com [98.139.180.149] with 32 bytes of data:

Request timed out.

Reply from 98.139.180.149: bytes=32 time=128ms TTL=47



Ping statistics for 98.139.180.149:

Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),

Approximate round trip times in milli-seconds:

Minimum = 128ms, Maximum = 128ms, Average = 128ms

Server: luhze
Address: 192.168.2.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Request timed out.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
12 ...70 1a 04 13 ef ea ...... Dell Wireless 1397 WLAN Mini-Card
11 ...00 25 64 5e f7 fd ...... Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
1 ........................... Software Loopback Interface 1
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
14 ...00 00 00 00 00 00 00 e0 isatap.Belkin
13 ...00 00 00 00 00 00 00 e0 isatap.{2EAF41D8-90A4-463E-9A58-40086062D497}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.2 26
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.2.0 255.255.255.0 On-link 192.168.2.2 281
192.168.2.2 255.255.255.255 On-link 192.168.2.2 281
192.168.2.255 255.255.255.255 On-link 192.168.2.2 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.2.2 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.2.2 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
10 18 ::/0 On-link
1 306 ::1/128 On-link
10 18 2001::/32 On-link
10 266 2001:0:4137:9e76:42:19bd:3f57:fdfd/128
On-link
12 281 fe80::/64 On-link
10 266 fe80::/64 On-link
10 266 fe80::42:19bd:3f57:fdfd/128
On-link
12 281 fe80::a108:2501:731e:51bc/128
On-link
1 306 ff00::/8 On-link
10 266 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/27/2011 00:51:34 AM) (Source: Application Error) (User: )
Description: Faulting application McSvHost.exe, version 2.0.230.0, time stamp 0x4d41ff35, faulting module naiann.dll_unloaded, version 0.0.0.0, time stamp 0x4d545190, exception code 0xc0000005, fault offset 0x6c630296,
process id 0xb8c, application start time 0xMcSvHost.exe0.

Error: (11/27/2011 00:42:29 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/26/2011 11:57:45 PM) (Source: Application Error) (User: )
Description: Faulting application McSvHost.exe, version 2.0.230.0, time stamp 0x4d41ff35, faulting module naiann.dll_unloaded, version 0.0.0.0, time stamp 0x4d545190, exception code 0xc0000005, fault offset 0x6b1333a3,
process id 0x131c, application start time 0xMcSvHost.exe0.

Error: (11/26/2011 08:58:02 PM) (Source: Application Error) (User: )
Description: Faulting application McSvHost.exe, version 2.0.230.0, time stamp 0x4d41ff35, faulting module naiann.dll_unloaded, version 0.0.0.0, time stamp 0x4d545190, exception code 0xc0000005, fault offset 0x6b110296,
process id 0x23cc, application start time 0xMcSvHost.exe0.

Error: (11/26/2011 01:34:59 PM) (Source: Application Error) (User: )
Description: Faulting application McSvHost.exe, version 2.0.230.0, time stamp 0x4d41ff35, faulting module naiann.dll_unloaded, version 0.0.0.0, time stamp 0x4d545190, exception code 0xc0000005, fault offset 0x6b110296,
process id 0x2138, application start time 0xMcSvHost.exe0.

Error: (11/26/2011 00:30:26 PM) (Source: Application Error) (User: )
Description: Faulting application McSvHost.exe, version 2.0.230.0, time stamp 0x4d41ff35, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x6b1b0296,
process id 0x119c, application start time 0xMcSvHost.exe0.

Error: (11/26/2011 08:39:30 AM) (Source: Application Error) (User: )
Description: Faulting application McSvHost.exe, version 2.0.230.0, time stamp 0x4d41ff35, faulting module naiann.dll_unloaded, version 0.0.0.0, time stamp 0x4d545190, exception code 0xc0000005, fault offset 0x6dee0296,
process id 0xb28, application start time 0xMcSvHost.exe0.

Error: (11/26/2011 08:33:56 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/26/2011 08:16:23 AM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (11/26/2011 01:36:36 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\ADAM\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\A8U25MA2.DEFAULT\CACHE\0\5F> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


System errors:
=============
Error: (11/27/2011 00:51:51 AM) (Source: Service Control Manager) (User: )
Description: McAfee Anti-Spam Service1600001Restart the service

Error: (11/27/2011 00:51:51 AM) (Source: Service Control Manager) (User: )
Description: McAfee Proxy Service1600001Restart the service

Error: (11/27/2011 00:51:51 AM) (Source: Service Control Manager) (User: )
Description: McAfee Network Agent1600001Restart the service

Error: (11/27/2011 00:51:51 AM) (Source: Service Control Manager) (User: )
Description: McAfee Services1600001Restart the service

Error: (11/27/2011 00:51:51 AM) (Source: Service Control Manager) (User: )
Description: McAfee Personal Firewall Service1600001Restart the service

Error: (11/27/2011 00:47:12 AM) (Source: Service Control Manager) (User: )
Description: McAfee VirusScan Announcer%%2147942406

Error: (11/27/2011 00:42:30 AM) (Source: Service Control Manager) (User: )
Description: SASDIFSV
SASKUTIL

Error: (11/27/2011 00:42:30 AM) (Source: Service Control Manager) (User: )
Description: DgiVecp%%2

Error: (11/27/2011 00:42:30 AM) (Source: Service Control Manager) (User: )
Description: Intel® PRO/1000 NDIS 6 Adapter Driver%%1058

Error: (11/27/2011 00:42:30 AM) (Source: Service Control Manager) (User: )
Description: Intel® PRO/1000 PCI Express Network Connection Driver%%1058


Microsoft Office Sessions:
=========================
Error: (11/27/2011 00:51:34 AM) (Source: Application Error)(User: )
Description: McSvHost.exe2.0.230.04d41ff35naiann.dll_unloaded0.0.0.04d545190c00000056c630296b8c01ccacc7231581da

Error: (11/27/2011 00:42:29 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/26/2011 11:57:45 PM) (Source: Application Error)(User: )
Description: McSvHost.exe2.0.230.04d41ff35naiann.dll_unloaded0.0.0.04d545190c00000056b1333a3131c01ccacc1100651e8

Error: (11/26/2011 08:58:02 PM) (Source: Application Error)(User: )
Description: McSvHost.exe2.0.230.04d41ff35naiann.dll_unloaded0.0.0.04d545190c00000056b11029623cc01ccaca74b24a370

Error: (11/26/2011 01:34:59 PM) (Source: Application Error)(User: )
Description: McSvHost.exe2.0.230.04d41ff35naiann.dll_unloaded0.0.0.04d545190c00000056b110296213801ccac612cfa2633

Error: (11/26/2011 00:30:26 PM) (Source: Application Error)(User: )
Description: McSvHost.exe2.0.230.04d41ff35unknown0.0.0.000000000c00000056b1b0296119c01ccac41054d2c8b

Error: (11/26/2011 08:39:30 AM) (Source: Application Error)(User: )
Description: McSvHost.exe2.0.230.04d41ff35naiann.dll_unloaded0.0.0.04d545190c00000056dee0296b2801ccac3fd64d64fb

Error: (11/26/2011 08:33:56 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/26/2011 08:16:23 AM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (11/26/2011 01:36:36 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\ADAM\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\A8U25MA2.DEFAULT\CACHE\0\5F


=========================== Installed Programs ============================

µTorrent (Version: 1.8.4)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Ad-Aware (Version: 9.6.0)
Ad-Aware Security Toolbar (Version: 0.9.1.8)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 10 ActiveX (Version: 10.2.152.32)
Adobe Flash Player 10 Plugin (Version: 10.0.32.18)
Adobe Reader 9 (Version: 9.0.0)
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 2.6.0.32)
Apple Software Update (Version: 2.1.3.127)
Bonjour (Version: 1.0.106)
Choice Guard (Version: 1.2.87.0)
Cisco EAP-FAST Module (Version: 2.1.6)
Cisco LEAP Module (Version: 1.0.12)
Cisco PEAP Module (Version: 1.0.13)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
Dell-eBay (Version: 1.00.0000)
Dell DataSafe Local Backup - Support Software (Version: 2.25)
Dell DataSafe Local Backup (Version: 9.3.10 x86)
Dell DataSafe Online (Version: 1.1.0029)
Dell Dock (Version: 1.0.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Support Center (Support Software) (Version: 2.2.09085)
Dell Touchpad (Version: 7.4.115.101)
Dell Wireless WLAN Card Utility (Version: 5.10.38.30)
DELL0703 (Version: 1.0.0)
DirectVobSub 2.40.3644 x86 (Version: 2.40.3644)
ESET Online Scanner v3
Free Opener (Version: 1.0)
GoToAssist 8.0.0.514
GRE POWERPREP
HiJackThis (Version: 1.0.0)
Intel® TV Wizard
Intel® Matrix Storage Manager
IObit Security 360 (Version: 1.0)
iTunes (Version: 9.0.1.8)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 22 (Version: 6.0.220)
JDownloader 0.9 (Version: 0.9)
Junk Mail filter update (Version: 14.0.8050.1202)
K-Lite Codec Pack 7.0.0 (Standard) (Version: 7.0.0)
LoJack Factory Installer (Version: 1.00.0032)
Maintenance Samsung ML-2525W Series
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
McAfee SecurityCenter (Version: 11.0.623)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Default Manager (Version: 2.0.69.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6425.1000)
Microsoft Office Professional 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Suite Activation Assistant (Version: 1.2.1)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Search Enhancement Pack (Version: 1.2.121.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
Mozilla Firefox 8.0 (x86 en-US) (Version: 8.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
OpenOffice.org 3.3 (Version: 3.3.9567)
Opera 11.52 (Version: 11.52.1100)
PowerDVD DX (Version: 8.2.5024)
QuickSet (Version: 9.2.18)
QuickTime (Version: 7.71.80.42)
RCA Detective™ 3.0.1.1
RCA Digital Voice Manager 5.3.3.0
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator DE (Version: 10.1)
Roxio Creator DE (Version: 3.7.0)
Roxio Creator Tools (Version: 3.7.0)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio Update Manager (Version: 6.0.0)
TouchFreeze (Version: 1.0.2)
VLC media player 1.0.1 (Version: 1.0.1)
vShare.tv plugin 1.3 (Version: 1.3)
Windows Live Call (Version: 14.0.8050.1202)
Windows Live Communications Platform (Version: 14.0.8050.1202)
Windows Live Essentials (Version: 14.0.8050.1202)
Windows Live Mail (Version: 14.0.8050.1202)
Windows Live Messenger (Version: 14.0.8050.1202)
Windows Live Photo Gallery (Version: 14.0.8051.1204)
Windows Live Sign-in Assistant (Version: 5.000.818.6)
Windows Live Sync (Version: 14.0.8050.1202)
Windows Live Toolbar (Version: 14.0.8052.1208)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8050.1202)
Xvid Video Codec (Version: 1.3.2)

========================= Memory info: ===================================

Percentage of memory in use: 37%
Total physical RAM: 3031.63 MB
Available physical RAM: 1906.15 MB
Total Pagefile: 6285.55 MB
Available Pagefile: 5066 MB
Total Virtual: 2047.88 MB
Available Virtual: 1950.13 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:170.81 GB) NTFS
3 Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:6.57 GB) NTFS

========================= Users: ========================================

User accounts for \\ADAM-PC

Adam Administrator Guest

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:50 PM

Posted 27 November 2011 - 10:31 AM

double post

Edited by CatByte, 27 November 2011 - 04:35 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users