Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer recently infected with Win 7 Antispyware 2012.


  • This topic is locked This topic is locked
44 replies to this topic

#1 LovesAnime411

LovesAnime411

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 20 January 2012 - 12:03 AM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 8.0.7600.16385
Run by Nicole at 20:41:40 on 2012-01-19
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3895.3180 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\mfevtps.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\bin\TSVNCache.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111220031717.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [PlayNC Launcher]
uRun: [SansaDispatch] C:\Users\Nicole\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D9327CC1-651B-4814-9D6C-C2F1CD7D9998} : NameServer = 216.146.35.240,216.146.36.240,192.168.1.1
TCP: Interfaces\{D9327CC1-651B-4814-9D6C-C2F1CD7D9998} : DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111220031717.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\37xg9g1c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 FSProFilter;FSPro File Filter;C:\Windows\system32\Drivers\FSPFltd.sys --> C:\Windows\system32\Drivers\FSPFltd.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]
R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?]
R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\system32\drivers\pctEFA64.sys --> C:\Windows\system32\drivers\pctEFA64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 pctgntdi;pctgntdi;\??\C:\WINDOWS\System32\drivers\pctgntdi64.sys --> C:\WINDOWS\System32\drivers\pctgntdi64.sys [?]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-12-16 249936]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-3-8 208536]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 pctNdisMP;PC Tools Driver;C:\Windows\system32\DRIVERS\pctNdis64.sys --> C:\Windows\system32\DRIVERS\pctNdis64.sys [?]
S1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
S1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\system32\Drivers\PCTSD64.sys --> C:\Windows\system32\Drivers\PCTSD64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-16 136176]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-7 652872]
S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-12-16 249936]
S2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-12-16 249936]
S2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-3-8 199272]
S2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-12-16 1153368]
S2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-13 994360]
S2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-10-13 399416]
S2 Sendori;Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2011-12-1 98624]
S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-3-8 689472]
S2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2011-12-30 6583160]
S2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-16 2984832]
S2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2011-12-30 528760]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-16 136176]
S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-3-8 220528]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2011-12-13 25072]
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;\??\C:\Windows\system32\drivers\pctNdis-PacketFilter64.sys --> C:\Windows\system32\drivers\pctNdis-PacketFilter64.sys [?]
S3 pctNdis;PC Tools Firewall Intermediate Filter Service;C:\Windows\system32\DRIVERS\pctNdis64.sys --> C:\Windows\system32\DRIVERS\pctNdis64.sys [?]
S3 pctplfw;pctplfw;\??\C:\WINDOWS\System32\drivers\pctplfw64.sys --> C:\WINDOWS\System32\drivers\pctplfw64.sys [?]
S3 pctplsg;pctplsg;\??\C:\WINDOWS\System32\drivers\pctplsg64.sys --> C:\WINDOWS\System32\drivers\pctplsg64.sys [?]
S3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2012-1-7 371472]
S3 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2012-1-7 1117144]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-12-16 249936]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-01-19 00:32:20 -------- d-----w- C:\Users\Nicole\AppData\Roaming\UNOUndercover
2012-01-19 00:32:10 -------- d-----w- C:\Users\Nicole\AppData\Roaming\Oberon Media
2012-01-19 00:32:01 -------- d-----w- C:\Program Files (x86)\Common Files\Oberon Media
2012-01-19 00:31:45 -------- d-----w- C:\ProgramData\Oberon Media
2012-01-19 00:31:44 -------- d-----w- C:\Program Files (x86)\Oberon Media
2012-01-19 00:31:43 -------- d-----w- C:\Program Files (x86)\Yahoo! Games
2012-01-18 23:49:12 -------- d-----w- C:\1a8f10da53b13b0d8c004e
2012-01-14 05:16:15 1739160 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-14 05:16:13 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-14 05:16:11 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-14 05:16:10 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-12 21:39:56 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-12 21:39:56 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-12 21:39:56 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-12 21:39:56 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2012-01-09 04:20:46 -------- d-----w- C:\Users\Nicole\AppData\Local\{E72CC45D-F0FC-486F-96E6-AC481F39FABF}
2012-01-09 04:20:35 -------- d-----w- C:\Users\Nicole\AppData\Local\{C3819959-8A04-4DE9-ACF2-B7384F881B99}
2012-01-09 01:13:14 -------- d-----w- C:\sh4ldr
2012-01-09 01:13:14 -------- d-----w- C:\Program Files\Enigma Software Group
2012-01-09 01:13:04 -------- d-----w- C:\Windows\89A072791DB3485AB1DF584DF86774B9.TMP
2012-01-08 02:42:24 709968 ----a-w- C:\Windows\isRS-000.tmp
2012-01-08 01:46:20 -------- d-----w- C:\Users\Nicole\AppData\Roaming\PCToolsFirewallPlus
2012-01-08 01:46:16 -------- d-----w- C:\Users\Nicole\AppData\Roaming\Spam Monitor
2012-01-08 01:45:18 -------- d-----w- C:\Users\Nicole\AppData\Roaming\PCTools
2012-01-08 01:40:53 180488 ----a-w- C:\Windows\System32\drivers\pctplfw64.sys
2012-01-08 01:40:44 77784 ----a-w- C:\Windows\System32\drivers\pctNdis64.sys
2012-01-08 01:40:43 119688 ----a-w- C:\Windows\System32\drivers\pctNdis-PacketFilter64.sys
2012-01-08 01:40:42 42968 ----a-w- C:\Windows\System32\drivers\pctNdis-DNS64.sys
2012-01-08 01:40:28 -------- d-----w- C:\Windows\SysWow64\sdtmp
2012-01-08 01:08:09 816016 ----a-w- C:\Windows\System32\drivers\pctEFA64.sys
2012-01-08 01:08:09 452872 ----a-w- C:\Windows\System32\drivers\pctDS64.sys
2012-01-08 01:08:06 334976 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys
2012-01-08 01:08:06 140800 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys
2012-01-08 01:07:57 282440 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys
2012-01-08 01:07:45 279344 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2012-01-08 01:07:33 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys
2012-01-08 01:07:11 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-01-08 01:07:08 -------- d-----w- C:\ProgramData\PC Tools
2012-01-08 01:07:08 -------- d-----w- C:\Program Files (x86)\PC Tools Security
2012-01-07 19:35:20 -------- d-----w- C:\Users\Nicole\AppData\Local\{CC84CE33-34F2-419B-A21B-609ACF9E22F9}
2012-01-07 19:35:06 -------- d-----w- C:\Users\Nicole\AppData\Local\{87B93ECA-CD16-4D8B-9192-24E45F40C0DC}
2012-01-07 19:35:06 -------- d-----w- C:\Users\Nicole\AppData\Local\{10B03892-CF90-4620-BC6F-52C2154748DE}
2012-01-06 18:00:00 -------- d-----w- C:\Users\Nicole\AppData\Local\{3B2BED8A-BE59-4800-BEA7-65C243490F58}
2012-01-06 17:59:47 -------- d-----w- C:\Users\Nicole\AppData\Local\{B77D7FB6-B21C-463E-A097-AF5EF232809C}
2012-01-05 10:32:21 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{25999C13-D4AE-4469-81AF-17F6EA410B68}\offreg.dll
2012-01-05 10:32:17 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{25999C13-D4AE-4469-81AF-17F6EA410B68}\mpengine.dll
2012-01-03 23:07:57 -------- d-----w- C:\Users\Nicole\AppData\Local\{CC3F73B0-B963-4651-8D68-2112FB392F2F}
2012-01-03 23:07:44 -------- d-----w- C:\Users\Nicole\AppData\Local\{D9FDE172-0859-422A-BF1B-5DBA6FA74328}
2012-01-03 11:07:28 -------- d-----w- C:\Users\Nicole\AppData\Local\{3C40CE47-CB0A-4A14-8DC1-D9BBEACA10C2}
2012-01-03 11:07:06 -------- d-----w- C:\Users\Nicole\AppData\Local\{D1F98839-5313-472F-B4B2-F737D1E15462}
2012-01-03 02:30:17 -------- d-----w- C:\Users\Nicole\AppData\Local\ElevatedDiagnostics
2012-01-03 01:31:40 -------- d-----w- C:\Users\Nicole\AppData\Roaming\SanDisk
2012-01-02 21:51:10 -------- d-----w- C:\Users\Nicole\AppData\Roaming\Macrovision
2012-01-02 01:44:00 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-01-02 01:43:46 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-01-02 01:43:36 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-01-02 01:43:28 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-31 07:47:18 -------- d-----w- C:\Users\Nicole\AppData\Roaming\Wacom
2011-12-31 07:47:11 -------- d-----w- C:\ProgramData\Wacom
2011-12-31 07:37:53 -------- d-----w- C:\Users\Nicole\AppData\Local\{31834402-6D24-458C-AC7F-EF1DFEF4AE68}
2011-12-31 07:37:42 -------- d-----w- C:\Users\Nicole\AppData\Local\{9075B2EE-22AE-4E71-A4B0-25507C42FEF7}
2011-12-31 05:37:46 -------- d-----w- C:\Windows\en
2011-12-31 05:37:40 -------- d-----w- C:\Users\Nicole\AppData\Local\Adobe
2011-12-31 05:37:33 -------- d-----w- C:\Program Files (x86)\Bamboo Dock
2011-12-31 05:36:18 -------- d-----w- C:\Users\Nicole\AppData\Roaming\WTablet
2011-12-31 05:36:16 1326456 ----a-w- C:\Windows\System32\Pen_Touch_Tablet.dll
2011-12-31 05:36:16 1107832 ----a-w- C:\Windows\SysWow64\Pen_Touch_Tablet.dll
2011-12-31 05:36:08 -------- d-----w- C:\Program Files (x86)\TabletPlugins
2011-12-31 05:35:48 12848 ----a-w- C:\Windows\System32\drivers\wacommousefilter.sys
2011-12-31 05:35:21 16168 ----a-w- C:\Windows\System32\drivers\wacomvhid.sys
2011-12-31 05:35:17 1152888 ----a-w- C:\Windows\SysWow64\WacomMT.dll
2011-12-31 05:35:16 1401208 ----a-w- C:\Windows\System32\Wintab32.dll
2011-12-31 05:35:16 1392504 ----a-w- C:\Windows\System32\WacomMT.dll
2011-12-31 05:35:16 1156472 ----a-w- C:\Windows\SysWow64\Wintab32.dll
2011-12-31 05:35:15 1665400 ----a-w- C:\Windows\System32\Pen_Tablet.dll
2011-12-31 05:35:15 1369464 ----a-w- C:\Windows\SysWow64\Pen_Tablet.dll
2011-12-31 05:35:10 -------- d-----w- C:\Program Files\Tablet
2011-12-31 05:34:20 18328 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-12-31 05:33:53 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2011-12-31 05:33:51 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2011-12-31 05:33:49 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2011-12-31 05:33:49 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2011-12-31 05:32:36 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9a5f5d541ccc77d03\MeshBetaRemover.exe
2011-12-31 03:58:44 -------- d-----w- C:\Users\Nicole\AppData\Local\{2E6F7143-D280-4CE2-852A-8298B8802B4C}
2011-12-31 03:58:32 -------- d-----w- C:\Users\Nicole\AppData\Local\{31CB53B2-DD06-4415-B3A5-20721326649A}
2011-12-28 05:19:03 -------- d-----w- C:\Users\Nicole\AppData\Local\{F3DABEA0-4F8F-49C3-A47D-AA9B80F7B0F8}
2011-12-28 05:18:51 -------- d-----w- C:\Users\Nicole\AppData\Local\{03C2E4B5-B3D0-4759-A572-E565629C6A3B}
2011-12-22 06:51:52 -------- d-----w- C:\Users\Nicole\dwhelper
.
==================== Find3M ====================
.
2011-12-18 03:38:05 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-17 02:50:45 525544 ----a-w- C:\Windows\System32\deployJava1.dll
2011-12-17 00:21:58 36069 ----a-w- C:\Program Files (x86)\uninstall.exe
2011-12-16 22:12:46 103784 ----a-w- C:\Users\Nicole\GoToAssistDownloadHelper.exe
2011-12-10 23:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-11-24 05:00:47 3141632 ----a-w- C:\Windows\System32\win32k.sys
2011-11-10 11:54:13 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-11-05 05:26:29 1197568 ----a-w- C:\Windows\System32\wininet.dll
2011-11-05 05:23:10 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-11-05 05:17:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-05 04:35:50 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-05 04:34:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-11-05 04:30:11 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-05 04:07:32 482816 ----a-w- C:\Windows\System32\html.iec
2011-11-05 03:28:41 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-11-05 03:25:44 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-05 02:55:38 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-26 05:19:07 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-10-24 22:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 22:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-10-22 11:23:12 68272 ----a-w- C:\Program Files (x86)\fraps64.dat
2011-10-22 11:23:10 2366128 ----a-w- C:\Program Files (x86)\fraps.exe
2011-10-22 11:21:42 71680 ----a-w- C:\Windows\System32\frapsv64.dll
2011-10-22 11:21:38 65536 ----a-w- C:\Windows\SysWow64\frapsvid.dll
2011-10-22 11:21:00 139776 ----a-w- C:\Program Files (x86)\frapslcd.dll
2011-10-22 11:06:32 231600 ----a-w- C:\Program Files (x86)\fraps32.dll
2011-10-22 11:06:32 185520 ----a-w- C:\Program Files (x86)\fraps64.dll
.
============= FINISH: 20:42:08.86 ===============


After scanning with GMER, it said that: nothing was found. Plus, when I saved the ark text, it was empty.

Original Post

Attached Files



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:11 AM

Posted 25 January 2012 - 03:25 PM

Greetings LovesAnime411 and :welcome: to the Virus/Trojan/Spyware/Malware Removal forum

I am Oh My! and I am here to help you!

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.

In the upper right hand corner of the topic you will see a button called Watch this topic. Click on this then choose Immediate E-Mail notification and then Proceed and you will be advised when I respond to your topic by email.

After 5 days if your topic is not replied I we assume it has been abandoned and I will close it.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.


===================================================


Please take note:

  • If you have since resolved the original problem you were having, I would appreciate you letting me know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and I will guide you.
  • Please tell me if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps I have recommended please try one more time and if unsuccessful alert us of such and I will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.
I need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.

  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • DDS log
  • Attach.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 LovesAnime411

LovesAnime411
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 29 January 2012 - 06:45 AM

I'm going to be busy for the next few days. But I have read your reply and will do it as soon as possible. I'll try to be back on by late Tuesday or Early Wednesday. & Thank you for taking the time to help!

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:11 AM

Posted 29 January 2012 - 09:09 AM

Greetings LovesAnime411,

No problem at all. Whenever you are ready just post the information and we will begin. There is plenty of other work to do!

Thank you for letting me know. I do appreciate it.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 LovesAnime411

LovesAnime411
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 01 February 2012 - 06:11 AM

------------------
System Information
------------------
Time of this report: 2/1/2012, 03:01:47
Machine name: NICOLE-PC
Operating System: Windows 7 Home Premium 64-bit (6.1, Build 7600) (7600.win7_ldr.110622-1505)
Language: English (Regional Setting: English)
System Manufacturer: Dell Inc.
System Model: Inspiron 580
BIOS: Default System BIOS
Processor: Intel® Core™ i5 CPU 650 @ 3.20GHz (4 CPUs), ~3.2GHz
Memory: 4096MB RAM
Available OS Memory: 3896MB RAM
Page File: 817MB used, 6970MB available
Windows Dir: C:\Windows
DirectX Version: DirectX 11
DX Setup Parameters: Not found
User DPI Setting: Using System DPI
System DPI Setting: 96 DPI (100 percent)
DWM DPI Scaling: Disabled
DxDiag Version: 6.01.7600.16385 32bit Unicode

------------------
DDS Log
------------------
.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 8.0.7600.16385
Run by Nicole at 3:04:27 on 2012-02-01
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3895.2927 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\mfevtps.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\bin\TSVNCache.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111220031717.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [PlayNC Launcher]
uRun: [SansaDispatch] C:\Users\Nicole\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D9327CC1-651B-4814-9D6C-C2F1CD7D9998} : NameServer = 216.146.35.240,216.146.36.240,192.168.1.1
TCP: Interfaces\{D9327CC1-651B-4814-9D6C-C2F1CD7D9998} : DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111220031717.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\37xg9g1c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 FSProFilter;FSPro File Filter;C:\Windows\system32\Drivers\FSPFltd.sys --> C:\Windows\system32\Drivers\FSPFltd.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]
R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?]
R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\system32\drivers\pctEFA64.sys --> C:\Windows\system32\drivers\pctEFA64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 pctgntdi;pctgntdi;\??\C:\WINDOWS\System32\drivers\pctgntdi64.sys --> C:\WINDOWS\System32\drivers\pctgntdi64.sys [?]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-12-16 249936]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-3-8 208536]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 pctNdisMP;PC Tools Driver;C:\Windows\system32\DRIVERS\pctNdis64.sys --> C:\Windows\system32\DRIVERS\pctNdis64.sys [?]
S1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
S1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\system32\Drivers\PCTSD64.sys --> C:\Windows\system32\Drivers\PCTSD64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-16 136176]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-7 652872]
S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-12-16 249936]
S2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-12-16 249936]
S2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-3-8 199272]
S2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-12-16 1153368]
S2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-13 994360]
S2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-10-13 399416]
S2 Sendori;Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2011-12-1 98624]
S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-3-8 689472]
S2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2011-12-30 6583160]
S2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-16 2984832]
S2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2011-12-30 528760]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-16 136176]
S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-3-8 220528]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2011-12-13 25072]
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;\??\C:\Windows\system32\drivers\pctNdis-PacketFilter64.sys --> C:\Windows\system32\drivers\pctNdis-PacketFilter64.sys [?]
S3 pctNdis;PC Tools Firewall Intermediate Filter Service;C:\Windows\system32\DRIVERS\pctNdis64.sys --> C:\Windows\system32\DRIVERS\pctNdis64.sys [?]
S3 pctplfw;pctplfw;\??\C:\WINDOWS\System32\drivers\pctplfw64.sys --> C:\WINDOWS\System32\drivers\pctplfw64.sys [?]
S3 pctplsg;pctplsg;\??\C:\WINDOWS\System32\drivers\pctplsg64.sys --> C:\WINDOWS\System32\drivers\pctplsg64.sys [?]
S3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2012-1-7 371472]
S3 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2012-1-7 1117144]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-12-16 249936]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-01-31 01:07:55 -------- d-----w- C:\ProgramData\Wild Tangent
2012-01-31 01:05:17 -------- d-----w- C:\Users\Nicole\AppData\Roaming\WildTangent
2012-01-19 00:32:20 -------- d-----w- C:\Users\Nicole\AppData\Roaming\UNOUndercover
2012-01-19 00:32:10 -------- d-----w- C:\Users\Nicole\AppData\Roaming\Oberon Media
2012-01-19 00:32:01 -------- d-----w- C:\Program Files (x86)\Common Files\Oberon Media
2012-01-19 00:31:45 -------- d-----w- C:\ProgramData\Oberon Media
2012-01-19 00:31:44 -------- d-----w- C:\Program Files (x86)\Oberon Media
2012-01-19 00:31:43 -------- d-----w- C:\Program Files (x86)\Yahoo! Games
2012-01-18 23:49:12 -------- d-----w- C:\1a8f10da53b13b0d8c004e
2012-01-14 05:16:15 1739160 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-14 05:16:13 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-14 05:16:11 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-14 05:16:10 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-12 21:39:56 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-12 21:39:56 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-12 21:39:56 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-12 21:39:56 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2012-01-09 04:20:46 -------- d-----w- C:\Users\Nicole\AppData\Local\{E72CC45D-F0FC-486F-96E6-AC481F39FABF}
2012-01-09 04:20:35 -------- d-----w- C:\Users\Nicole\AppData\Local\{C3819959-8A04-4DE9-ACF2-B7384F881B99}
2012-01-09 01:13:14 -------- d-----w- C:\sh4ldr
2012-01-09 01:13:14 -------- d-----w- C:\Program Files\Enigma Software Group
2012-01-09 01:13:04 -------- d-----w- C:\Windows\89A072791DB3485AB1DF584DF86774B9.TMP
2012-01-08 02:42:24 709968 ----a-w- C:\Windows\isRS-000.tmp
2012-01-08 01:46:20 -------- d-----w- C:\Users\Nicole\AppData\Roaming\PCToolsFirewallPlus
2012-01-08 01:46:16 -------- d-----w- C:\Users\Nicole\AppData\Roaming\Spam Monitor
2012-01-08 01:45:18 -------- d-----w- C:\Users\Nicole\AppData\Roaming\PCTools
2012-01-08 01:40:53 180488 ----a-w- C:\Windows\System32\drivers\pctplfw64.sys
2012-01-08 01:40:44 77784 ----a-w- C:\Windows\System32\drivers\pctNdis64.sys
2012-01-08 01:40:43 119688 ----a-w- C:\Windows\System32\drivers\pctNdis-PacketFilter64.sys
2012-01-08 01:40:42 42968 ----a-w- C:\Windows\System32\drivers\pctNdis-DNS64.sys
2012-01-08 01:40:28 -------- d-----w- C:\Windows\SysWow64\sdtmp
2012-01-08 01:08:09 816016 ----a-w- C:\Windows\System32\drivers\pctEFA64.sys
2012-01-08 01:08:09 452872 ----a-w- C:\Windows\System32\drivers\pctDS64.sys
2012-01-08 01:08:06 334976 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys
2012-01-08 01:08:06 140800 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys
2012-01-08 01:07:57 282440 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys
2012-01-08 01:07:45 279344 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2012-01-08 01:07:33 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys
2012-01-08 01:07:11 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-01-08 01:07:08 -------- d-----w- C:\ProgramData\PC Tools
2012-01-08 01:07:08 -------- d-----w- C:\Program Files (x86)\PC Tools Security
2012-01-07 19:35:20 -------- d-----w- C:\Users\Nicole\AppData\Local\{CC84CE33-34F2-419B-A21B-609ACF9E22F9}
2012-01-07 19:35:06 -------- d-----w- C:\Users\Nicole\AppData\Local\{87B93ECA-CD16-4D8B-9192-24E45F40C0DC}
2012-01-07 19:35:06 -------- d-----w- C:\Users\Nicole\AppData\Local\{10B03892-CF90-4620-BC6F-52C2154748DE}
2012-01-06 18:00:00 -------- d-----w- C:\Users\Nicole\AppData\Local\{3B2BED8A-BE59-4800-BEA7-65C243490F58}
2012-01-06 17:59:47 -------- d-----w- C:\Users\Nicole\AppData\Local\{B77D7FB6-B21C-463E-A097-AF5EF232809C}
2012-01-05 10:32:21 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{25999C13-D4AE-4469-81AF-17F6EA410B68}\offreg.dll
2012-01-05 10:32:17 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{25999C13-D4AE-4469-81AF-17F6EA410B68}\mpengine.dll
2012-01-03 23:07:57 -------- d-----w- C:\Users\Nicole\AppData\Local\{CC3F73B0-B963-4651-8D68-2112FB392F2F}
2012-01-03 23:07:44 -------- d-----w- C:\Users\Nicole\AppData\Local\{D9FDE172-0859-422A-BF1B-5DBA6FA74328}
2012-01-03 11:07:28 -------- d-----w- C:\Users\Nicole\AppData\Local\{3C40CE47-CB0A-4A14-8DC1-D9BBEACA10C2}
2012-01-03 11:07:06 -------- d-----w- C:\Users\Nicole\AppData\Local\{D1F98839-5313-472F-B4B2-F737D1E15462}
2012-01-03 02:30:17 -------- d-----w- C:\Users\Nicole\AppData\Local\ElevatedDiagnostics
2012-01-03 01:31:40 -------- d-----w- C:\Users\Nicole\AppData\Roaming\SanDisk
2012-01-02 21:51:10 -------- d-----w- C:\Users\Nicole\AppData\Roaming\Macrovision
.
==================== Find3M ====================
.
2011-12-18 03:38:05 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-17 02:50:45 525544 ----a-w- C:\Windows\System32\deployJava1.dll
2011-12-17 00:21:58 36069 ----a-w- C:\Program Files (x86)\uninstall.exe
2011-12-16 22:12:46 103784 ----a-w- C:\Users\Nicole\GoToAssistDownloadHelper.exe
2011-12-10 23:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-11-24 05:00:47 3141632 ----a-w- C:\Windows\System32\win32k.sys
2011-11-10 11:54:13 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-11-05 05:26:29 1197568 ----a-w- C:\Windows\System32\wininet.dll
2011-11-05 05:23:10 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-11-05 05:17:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-05 04:35:50 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-05 04:34:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-11-05 04:30:11 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-05 04:07:32 482816 ----a-w- C:\Windows\System32\html.iec
2011-11-05 03:28:41 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-11-05 03:25:44 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-05 02:55:38 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-22 11:23:12 68272 ----a-w- C:\Program Files (x86)\fraps64.dat
2011-10-22 11:23:10 2366128 ----a-w- C:\Program Files (x86)\fraps.exe
2011-10-22 11:21:00 139776 ----a-w- C:\Program Files (x86)\frapslcd.dll
2011-10-22 11:06:32 231600 ----a-w- C:\Program Files (x86)\fraps32.dll
2011-10-22 11:06:32 185520 ----a-w- C:\Program Files (x86)\fraps64.dll
.
============= FINISH: 3:04:43.22 ===============

------------------
Attach Log
------------------

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/16/2011 11:52:00 AM
System Uptime: 1/23/2012 8:38:47 AM (211 hours ago)
.
Motherboard: Dell Inc. | | 0C2KJT
Processor: Intel® Core™ i5 CPU 650 @ 3.20GHz | CPU 1 | 3192/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 918 GiB total, 865.124 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP58: 1/18/2012 3:44:54 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Reader 9.1.2
Apple Application Support
Apple Software Update
Bamboo Dock
Consumer In-Home Service Agreement
Corel PaintShop Pro X4
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Getting Started Guide
Dell Marketplace Webslice IE8
Dell MusicStage
Dell PhotoStage
Dell Stage
Dell VideoStage
DirectX 9 Runtime
Filzip 3.06
Fraps
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist Corporate
HiJackThis
ICA
Intel® Graphics Media Accelerator Driver
Internet Explorer
IPM_PSP_COM
iRO 13.2 VIP Full Client
Java Auto Updater
Java™ 6 Update 30
Junk Mail filter update
Lineage II
Malwarebytes Anti-Malware version 1.60.0.1800
McAfee SecurityCenter
Mesh Runtime
Messenger Companion
Microsoft Office 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 9.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multimedia Card Reader
NCsoft Launcher
PC Tools Internet Security
PDFCreator
PhotoShowExpress
PSPPContent
PSPPHelp
QuickTime
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Sansa Updater
Secunia PSI (2.0.0.4003)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Sendori
Setup
Sonic CinePlayer Decoder Pack
Spybot - Search & Destroy
TeamViewer 7
TrustedID
UNO Undercover
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
WebTablet FB Plugin
WebTablet IE Plugin
WebTablet Netscape Plugin
WildTangent Games
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
2/1/2012 2:58:15 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
1/31/2012 9:31:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
1/31/2012 9:31:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
1/31/2012 9:16:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
1/31/2012 8:40:04 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/31/2012 8:06:28 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
1/31/2012 8:06:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/31/2012 11:44:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/31/2012 10:03:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/30/2012 7:12:41 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
1/30/2012 5:06:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service GameConsoleService with arguments "" in order to run the server: {2055A7EE-51B2-4208-A41B-6A1569C0A1CA}
1/30/2012 5:05:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service GameConsoleService with arguments "" in order to run the server: {8E3486D8-20E5-4121-B855-BDAD58FB8336}
.
==== End Of File ===========================

#6 LovesAnime411

LovesAnime411
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 01 February 2012 - 06:13 AM

I do not have the OS CD, and the information hasn't changed since the Original Post.

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:11 AM

Posted 01 February 2012 - 09:49 AM

Greetings LovesAnime411,

Welcome back :)

Please allow me some time to review your log. Even though things seem the same as your first post described, if you notice any major changes in your machine please do let me know.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:11 AM

Posted 01 February 2012 - 01:03 PM

Greetings LovesAnime411,

You have multiple antivirus programs on your computer which can cause symptoms that appear to be virus related. I would like address that first then see if you notice any changes. Please feel free to take some time to test your machine if necessary. Please perform the below:


===================================================


Multiple Antivirus Programs

-------------------

I do not recommend that you have more than one anti virus product installed on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and delete 2 of the 3 programs, leaving only the one you wish to keep.

  • Microsoft Security Essentials
  • McAfee
  • PC Tools

===================================================


Please run another DDS and post the results for me.


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • DDS.txt
  • Please describe any changes in your computer's behavior.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 LovesAnime411

LovesAnime411
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 03 February 2012 - 03:29 AM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Nicole at 14:25:54 on 2012-02-02
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3895.433 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Sendori\SendoriSvc.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files (x86)\bin\TSVNCache.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111220031717.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [PlayNC Launcher]
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D9327CC1-651B-4814-9D6C-C2F1CD7D9998} : NameServer = 216.146.35.240,216.146.36.240,192.168.1.1
TCP: Interfaces\{D9327CC1-651B-4814-9D6C-C2F1CD7D9998} : DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111220031717.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun-x64: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\37xg9g1c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 FSProFilter;FSPro File Filter;C:\Windows\system32\Drivers\FSPFltd.sys --> C:\Windows\system32\Drivers\FSPFltd.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-7 652872]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-12-16 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-12-16 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-12-16 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-3-8 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-3-8 208536]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-16 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-16 136176]
S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-3-8 220528]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-12-16 249936]
.
=============== Created Last 30 ================
.
2012-01-31 01:07:55 -------- d-----w- C:\ProgramData\Wild Tangent
2012-01-31 01:05:17 -------- d-----w- C:\Users\Nicole\AppData\Roaming\WildTangent
2012-01-19 00:32:20 -------- d-----w- C:\Users\Nicole\AppData\Roaming\UNOUndercover
2012-01-19 00:32:10 -------- d-----w- C:\Users\Nicole\AppData\Roaming\Oberon Media
2012-01-19 00:32:01 -------- d-----w- C:\Program Files (x86)\Common Files\Oberon Media
2012-01-19 00:31:45 -------- d-----w- C:\ProgramData\Oberon Media
2012-01-19 00:31:44 -------- d-----w- C:\Program Files (x86)\Oberon Media
2012-01-19 00:31:43 -------- d-----w- C:\Program Files (x86)\Yahoo! Games
2012-01-18 23:49:12 -------- d-----w- C:\1a8f10da53b13b0d8c004e
2012-01-14 05:16:23 1328640 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-01-14 05:16:22 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-01-14 05:16:21 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-14 05:16:20 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-01-14 05:16:15 1739160 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-14 05:16:13 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-14 05:16:11 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-14 05:16:10 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-12 21:39:56 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-12 21:39:56 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-12 21:39:56 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-12 21:39:56 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2012-01-09 04:20:46 -------- d-----w- C:\Users\Nicole\AppData\Local\{E72CC45D-F0FC-486F-96E6-AC481F39FABF}
2012-01-09 04:20:35 -------- d-----w- C:\Users\Nicole\AppData\Local\{C3819959-8A04-4DE9-ACF2-B7384F881B99}
2012-01-09 01:13:14 -------- d-----w- C:\sh4ldr
2012-01-09 01:13:14 -------- d-----w- C:\Program Files\Enigma Software Group
2012-01-09 01:13:04 -------- d-----w- C:\Windows\89A072791DB3485AB1DF584DF86774B9.TMP
2012-01-08 02:42:24 709968 ----a-w- C:\Windows\isRS-000.tmp
2012-01-08 01:46:20 -------- d-----w- C:\Users\Nicole\AppData\Roaming\PCToolsFirewallPlus
2012-01-08 01:46:16 -------- d-----w- C:\Users\Nicole\AppData\Roaming\Spam Monitor
2012-01-08 01:45:18 -------- d-----w- C:\Users\Nicole\AppData\Roaming\PCTools
2012-01-08 01:40:28 -------- d-----w- C:\Windows\SysWow64\sdtmp
2012-01-08 01:07:08 -------- d-----w- C:\ProgramData\PC Tools
2012-01-07 19:35:20 -------- d-----w- C:\Users\Nicole\AppData\Local\{CC84CE33-34F2-419B-A21B-609ACF9E22F9}
2012-01-07 19:35:06 -------- d-----w- C:\Users\Nicole\AppData\Local\{87B93ECA-CD16-4D8B-9192-24E45F40C0DC}
2012-01-07 19:35:06 -------- d-----w- C:\Users\Nicole\AppData\Local\{10B03892-CF90-4620-BC6F-52C2154748DE}
2012-01-06 18:00:00 -------- d-----w- C:\Users\Nicole\AppData\Local\{3B2BED8A-BE59-4800-BEA7-65C243490F58}
2012-01-06 17:59:47 -------- d-----w- C:\Users\Nicole\AppData\Local\{B77D7FB6-B21C-463E-A097-AF5EF232809C}
2012-01-03 23:07:57 -------- d-----w- C:\Users\Nicole\AppData\Local\{CC3F73B0-B963-4651-8D68-2112FB392F2F}
2012-01-03 23:07:44 -------- d-----w- C:\Users\Nicole\AppData\Local\{D9FDE172-0859-422A-BF1B-5DBA6FA74328}
.
==================== Find3M ====================
.
2011-12-18 03:38:05 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-17 02:50:45 525544 ----a-w- C:\Windows\System32\deployJava1.dll
2011-12-17 00:21:58 36069 ----a-w- C:\Program Files (x86)\uninstall.exe
2011-12-16 22:12:46 103784 ----a-w- C:\Users\Nicole\GoToAssistDownloadHelper.exe
2011-12-10 23:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-11-24 05:00:47 3141632 ----a-w- C:\Windows\System32\win32k.sys
2011-11-17 07:17:03 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 07:17:02 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 07:15:08 460296 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 07:12:02 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 07:11:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 07:11:33 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 07:11:02 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 07:10:58 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 07:08:18 1446912 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 07:05:16 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:39:28 314368 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:39:21 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:39:21 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:35:13 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2011-11-10 11:54:13 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-11-05 05:26:29 1197568 ----a-w- C:\Windows\System32\wininet.dll
2011-11-05 05:23:10 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-11-05 05:17:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-05 04:35:50 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-05 04:34:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-11-05 04:30:11 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-05 04:07:32 482816 ----a-w- C:\Windows\System32\html.iec
2011-11-05 03:28:41 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-11-05 03:25:44 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-05 02:55:38 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-22 11:23:12 68272 ----a-w- C:\Program Files (x86)\fraps64.dat
2011-10-22 11:23:10 2366128 ----a-w- C:\Program Files (x86)\fraps.exe
2011-10-22 11:21:00 139776 ----a-w- C:\Program Files (x86)\frapslcd.dll
2011-10-22 11:06:32 231600 ----a-w- C:\Program Files (x86)\fraps32.dll
2011-10-22 11:06:32 185520 ----a-w- C:\Program Files (x86)\fraps64.dll
.
============= FINISH: 14:27:54.09 ===============

#10 LovesAnime411

LovesAnime411
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 03 February 2012 - 03:36 AM

I uninstalled Microsoft Security Essentials and PCTools. I used Msconfig to disable Malwarebytes startup and used windows updates. Since doing so, I have been able to use my PC without safe mode. Though it still stalls occasionally and seems a little slow.

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:11 AM

Posted 03 February 2012 - 09:45 AM

Greetings LovesAnime411,

Sounds like we made a little bit of progress. Please allow me some time to investigate your log. I will post back as soon as I have the next steps for you to take.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:11 AM

Posted 03 February 2012 - 02:09 PM

Greetings LovesAnime411,

Please perform the below steps.


===================================================


Spybot S&D No Longer Recommended

--------------------

MVPS.org is no longer recommending Spybot S&D due to poor testing results. (scroll down on the web site and read under Freeware Antispyware Products)

Further, most people don't understand Spybot's TeaTimer or how to use it and that feature can cause more problems than it's worth. TeaTimer monitors changes to certain critical keys in Windows registry but does not indicate if the change is normal or a modification made by a malware infection. The user must have an understanding of the registry and how TeaTimer works in order to make informed decisions to allow or deny the detected changes. Additionally, TeaTimer may conflict with other security tools which do a much better job of protecting your computer and even prevent disinfection of malware by those tools.

I strongly recommend uninstalling Spybot Search & Destroy. The presence of this program can make cleaning your computer more difficult.

Please go to Start > Control Panel > Add/Remove Programs (or Programs and Features) and delete the program.

Reboot your computer prior to the next step.


===================================================


Run Combofix

--------------------

  • Please download ComboFix from one of these locations:

    BleepingComputer

    ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • When finished, it will produce a log. Please include the C:\Combofix.txt log in your next reply.

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Combofix.txt
  • How is your machine running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 LovesAnime411

LovesAnime411
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 05 February 2012 - 07:54 AM

I've uninstalled Spybot S&D. The uninstall dialog said: There is still components which couldn't be removed. And to remove them manually. I rebooted the computer afterwards to run Combofix. I then had trouble with a error called NIRKMD. So I looked it up and followed that topics directions. Combofix then was able to finish scanning successfully. As for my machines performance, no changes have occurred... Since 2 days ago from the previous post. :/

Combofix Log:

ComboFix 12-02-05.02 - Nicole 02/05/2012 3:51.2.4 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3895.2831 [GMT -8:00]
Running from: c:\users\Nicole\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Uninstall.exe
c:\programdata\PCDr\5907\Downloads\6305a029-cca8-4f63-a756-55a8f8892c65.dll
c:\programdata\PCDr\5907\Downloads\82c29976-999d-4c8f-bac9-590e78eef64b.dll
c:\programdata\PCDr\5907\Downloads\8d357f17-07ad-4392-ba06-fb67564c98cd.dll
c:\programdata\PCDr\5907\Downloads\d1f4dc82-bc4c-4916-b37c-3ab9c30ae468.dll
c:\programdata\PCDr\5907\Downloads\f8338de4-40cb-4494-bc70-93db3ab9e32d.dll
c:\programdata\PCDr\5907\Downloads\fa2ff61b-2c58-4071-916b-f881289a3959.dll
c:\users\Nicole\AppData\Local\assembly\tmp
c:\users\Nicole\GoToAssistDownloadHelper.exe
c:\windows\isRS-000.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-01-05 to 2012-02-05 )))))))))))))))))))))))))))))))
.
.
2012-02-05 11:55 . 2012-02-05 11:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-31 01:07 . 2012-01-31 01:07 -------- d-----w- c:\programdata\Wild Tangent
2012-01-31 01:05 . 2012-01-31 01:05 -------- d-----w- c:\users\Nicole\AppData\Roaming\WildTangent
2012-01-19 00:32 . 2012-01-19 00:32 -------- d-----w- c:\users\Nicole\AppData\Roaming\UNOUndercover
2012-01-19 00:32 . 2012-01-19 00:32 -------- d-----w- c:\users\Nicole\AppData\Roaming\Oberon Media
2012-01-19 00:32 . 2012-01-19 00:32 -------- d-----w- c:\program files (x86)\Common Files\Oberon Media
2012-01-19 00:31 . 2012-01-19 00:31 -------- d-----w- c:\programdata\Oberon Media
2012-01-19 00:31 . 2012-01-19 00:31 -------- d-----w- c:\program files (x86)\Oberon Media
2012-01-19 00:31 . 2012-01-19 00:31 -------- d-----w- c:\program files (x86)\Yahoo! Games
2012-01-18 23:49 . 2012-01-18 23:49 -------- d-----w- C:\1a8f10da53b13b0d8c004e
2012-01-14 05:16 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-14 05:16 . 2011-10-26 05:22 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-14 05:16 . 2011-10-26 04:33 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-14 05:16 . 2011-10-26 05:33 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-14 05:16 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll
2012-01-14 05:16 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-14 05:16 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-14 05:16 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-12 21:39 . 2012-02-03 17:33 45016 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-12 21:39 . 2012-01-12 21:39 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-12 21:39 . 2012-01-12 21:39 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-12 21:39 . 2012-01-12 21:39 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-09 01:13 . 2012-01-09 01:45 -------- d-----w- C:\sh4ldr
2012-01-09 01:13 . 2012-01-09 01:13 -------- d-----w- c:\program files\Enigma Software Group
2012-01-09 01:13 . 2012-01-09 01:45 -------- d-----w- c:\windows\89A072791DB3485AB1DF584DF86774B9.TMP
2012-01-08 01:46 . 2012-01-08 01:46 -------- d-----w- c:\users\Nicole\AppData\Roaming\Spam Monitor
2012-01-08 01:45 . 2012-01-08 01:45 -------- d-----w- c:\users\Nicole\AppData\Roaming\PCTools
2012-01-08 01:40 . 2012-01-08 01:42 -------- d-----w- c:\windows\SysWow64\sdtmp
2012-01-08 01:07 . 2012-02-02 06:34 -------- d-----w- c:\programdata\PC Tools
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-02 01:44 . 2012-01-02 01:44 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-01-02 01:43 . 2012-01-02 01:43 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-01-02 01:43 . 2012-01-02 01:43 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-01-02 01:43 . 2012-01-02 01:43 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-31 05:34 . 2011-12-31 05:34 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-12-18 03:38 . 2011-12-17 00:36 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-17 02:50 . 2011-03-09 05:25 525544 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-17 02:02 . 2011-12-17 02:02 388096 ----a-r- c:\users\Nicole\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-16 21:54 . 2011-12-16 21:54 158056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin
2011-12-10 23:24 . 2011-12-17 01:34 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-24 05:00 . 2011-12-17 11:15 3141632 ----a-w- c:\windows\system32\win32k.sys
2011-11-10 11:54 . 2011-12-16 22:34 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-10-22 11:23 . 2011-10-22 11:23 68272 ----a-w- c:\program files (x86)\fraps64.dat
2011-10-22 11:23 . 2011-10-22 11:23 2366128 ----a-w- c:\program files (x86)\fraps.exe
2011-10-22 11:21 . 2011-10-22 11:21 139776 ----a-w- c:\program files (x86)\frapslcd.dll
2011-10-22 11:06 . 2011-10-22 11:06 231600 ----a-w- c:\program files (x86)\fraps32.dll
2011-10-22 11:06 . 2011-10-22 11:06 185520 ----a-w- c:\program files (x86)\fraps64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-12-17 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-01-27 237568]
"BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2011-09-27 646232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-17 136176]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\NCsoft\Lineage II\system\GameGuard\dump_wmimmc.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-17 136176]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2010-08-30 220528]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-28 249936]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-25 652872]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
S2 Sendori;Sendori;c:\program files (x86)\Sendori\SendoriSvc.exe [2011-12-01 98624]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-09 6583160]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-09 528760]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-17 00:36]
.
2012-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-17 00:36]
.
2012-02-02 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
2012-01-15 c:\windows\Tasks\SidebarExecute.job
- c:\program files\Windows Sidebar\sidebar.exe [2009-07-13 01:39]
.
2012-02-05 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060832]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-07 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-07 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-07 413720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D9327CC1-651B-4814-9D6C-C2F1CD7D9998}: NameServer = 216.146.35.240,216.146.36.240,192.168.1.1
FF - ProfilePath - c:\users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\37xg9g1c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Fraps - c:\program files (x86)\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
.
**************************************************************************
.
Completion time: 2012-02-05 04:02:13 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-05 12:02
.
Pre-Run: 928,448,405,504 bytes free
Post-Run: 928,198,901,760 bytes free
.
- - End Of File - - 2FFEC119D2715213A06CD282B54893DD

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:11 AM

Posted 05 February 2012 - 09:10 AM

Greetings LovesAnime411,

Thank you for posting the results. As you can see, there is a lot of information to be reviewed so I would request your patience while I work through it.

No need to be overly concerned at this point about the state of your machine or the error you received while running ComboFix. That is a common error. Our goal is to make your machine feel much better soon. It will require effort on both of our parts and you are doing great so far! I will try and keep up with you :).
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:11 AM

Posted 05 February 2012 - 11:06 PM

Greetings LovesAnime411,

Things are looking better and we are moving right along. I would like you to perform the following for me please:


===================================================


Running Combofix Script

-------------------

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text below into the Notepad document

    SecCenter::
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    

  • Save this on your desktop as CFScript.txt.


    Posted Image

  • Refering to the picture above, drag CFScript.txt into ComboFix.exe
  • When finished, it will create a log for you at C:\ComboFix.txt. Please copy/paste the information in your next reply.

===================================================


Posting Previous ComboFix Log

--------------------

It appears that Combofix was run sometime prior to my request as evidenced by this entry in your log:

ComboFix 12-02-05.02 - Nicole 02/05/2012 3:51.2.4 - x64 MINIMAL

I need to evaluate that log in order to properly assess the condition of your computer and provide appropriate instructions.

Please copy and paste the listed file in your reply

  • c:\qoobox\combofix2.txt

===================================================


Suspicious Program

--------------------

I see you have the below listed entry installed on your computer. This program relates to DNS and is suspect unless you installed it or are aware of it. If you do not recognize it I would recommend you uninstall it thru Add/Remove Programs.

Sendori


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • ComboFix.txt from running script
  • ComboFix2.txt
  • Please describe how your machine is running now


Edit: Instruction amended

Edited by Oh My, 06 February 2012 - 08:59 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users