Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus/worm


  • This topic is locked This topic is locked
21 replies to this topic

#1 tjtjtj

tjtjtj

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 26 January 2012 - 01:31 AM

My original post http://www.bleepingcomputer.com/forums/topic438870.html/page__pid__2561479 I was directing to Preparation Guide ,do steps 6-9

"OK, good job. The winlogon does appear to be a malware icon...
http://www.f-secure.com/v-descs/backdoor_w32_small_h.shtml

The fix there is old so I am not going to suggest following it.
Rather we get a deeper look. Please go here....Preparation Guide ,do steps 6-9."

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run skip it and move on."

I d/l'd Defrogger and disabled CD emulation. When it finished I was not asked to reboot. So I guess my CD emulation programs do not exist or what not.

So I move on to the next step 7. The DDS Tool Download Link. Well the d/l link wont d/l. I click and nothing.

Whats my next move?

Thanks

MOD EDIT: Added OTL log.
tried to follow the Prep Guide but were unable to get DDS to run and ran OTL instead.


Here are the OTLislt.txt and Extras.txt

Extras.txt

OTL Extras logfile created on: 1/26/2012 8:27:41 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\DubStepper\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.86 Gb Total Physical Memory | 2.18 Gb Available Physical Memory | 56.52% Memory free
7.73 Gb Paging File | 5.64 Gb Available in Paging File | 73.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 343.04 Gb Free Space | 76.05% Space Free | Partition Type: NTFS

Computer Name: DUBSTEPPER-PC | User Name: DubStepper | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1406765717-2786654532-863415465-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{02AD9D20-03D2-4DE0-8793-E8253026AD86}" = EMCGadgets64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1CCF1727-A817-4FEE-A028-5466FB542934}" = Motorola Mobile Drivers Installation 5.2.0
"{404BB1FF-A84F-432F-B77B-301E88E8D1C7}" = Apple Mobile Device Support
"{41B19F41-8A6F-4422-AD69-CF3B408F382C}" = AVG 2012
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{6D830209-41C2-4D6B-BA25-4EF98807D9FB}" = AVG 2012
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96D5EB02-DE18-4DCD-A713-929B4461CA8D}" = iTunes
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AE124EE9-EF32-69C5-60F9-FFA0FFF7F9B1}" = ccc-utility64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C19D4D8F-4433-4F6D-9F0C-79589FD0B973}" = Bonjour
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"AVG" = AVG 2012
"CCleaner" = CCleaner
"CyberGhost VPN_is1" = CyberGhost VPN
"Dell Photo AIO Printer 926" = Dell Photo AIO Printer 926
"DW WLAN Card Utility" = DW WLAN Card Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Dell Touchpad

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1CCF681C-C203-49B3-83F4-A54F0F944416}" = ASPCA Reminder by We-Care.com v5.0.5.1
"{1DC7DFF9-2180-0E7E-DB49-817280EE4E93}" = Catalyst Control Center Graphics Light
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{27B94460-B1A6-BE42-D92A-4FCDCF4A719F}" = CCC Help German
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47BC5D36-B837-B2A8-FB46-F6EC602A7F9C}" = Catalyst Control Center Graphics Previews Common
"{4B8C6616-F310-60D3-71FD-057C16DB3E8A}" = CCC Help Finnish
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy CD and DVD Burning
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5FEF1894-CF67-B16C-11B6-5818358B3FC9}" = CCC Help Russian
"{60E9E76A-FB31-67CB-8071-A1D38A499A86}" = CCC Help French
"{612B5D2E-8084-4102-91DE-24281E4EFB2C}" = Roxio Easy CD and DVD Burning
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6869DEA9-8FA6-E3E0-05B6-8187FEB71D52}" = Skins
"{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}" = Catalyst Control Center - Branding
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6ED86F6F-7130-48F5-2AF7-5D693098057F}" = CCC Help Norwegian
"{6F3D2F66-F050-45E3-BEB1-6523FE6D6690}" = MergeModules
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{75CE8AF5-0A5E-4A42-BC67-F83591DA9A7D}" = Sound Blaster X-Fi MB
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = Accelerometer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{992E7A5F-2A06-459E-9E9A-E8BA0222969C}" = Phone F USB Driver
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9B9F49A2-6791-761F-6077-22977B0FD03D}" = CCC Help Dutch
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9EDA3DD1-130D-4EE1-A3D2-5A3D795CC8C9}" = MFCLOC
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A697D62C-643B-5315-204B-D43055A86649}" = CCC Help Swedish
"{A6B483B0-E8E8-0EE1-D678-FEEBDF27FE15}" = Catalyst Control Center Localization All
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A9316AC7-CAB2-C29B-F8B6-6239817B1B45}" = CCC Help Chinese Standard
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Français, Deutsch
"{AC76BA86-1033-F400-BA7E-000000000004}_941" = Adobe Acrobat 9.4.1 - CPSID_83708
"{AC76BA86-1033-F400-BA7E-000000000004}{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Français, Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AFF254B3-ABBC-15E7-200E-FABF74314C13}" = ccc-core-static
"{B27E389B-AE9B-BEB6-8FCF-BA293F884C70}" = CCC Help Japanese
"{B5AB153E-59F3-AB56-F8A7-43E531368327}" = Catalyst Control Center Graphics Full New
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{BA214394-CDD8-BB3C-3FCC-8294C9A02ACA}" = CCC Help Chinese Traditional
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BF8DC895-9CC3-E284-6ADF-67077E3FBCA2}" = CCC Help Danish
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}" = Google Talk Plugin
"{D0016802-8E49-0DED-0B9C-F8946945998F}" = Catalyst Control Center Graphics Full Existing
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DC068C99-4AF6-C4B4-178F-790CC62B93ED}" = Catalyst Control Center Graphics Previews Vista
"{DD786529-8C5E-4C64-9FA6-D47FBF17C392}" = Catalyst Control Center InstallProxy
"{DDBBE693-E9E5-A743-4C11-D693F94A80D7}" = Catalyst Control Center Core Implementation
"{DF6BCD20-50DC-4DE6-4798-948DF8CAC38A}" = CCC Help Korean
"{DF8F8A4A-C9EB-79EC-7597-166D3042EAA8}" = CCC Help Spanish
"{E19F161D-7FD0-FECB-41B1-A036862C3E47}" = CCC Help English
"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E393AA7A-33AE-1F62-0C33-D107BB03E74E}" = CCC Help Portuguese
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7BEE99-4C13-DF3E-142B-5E4BA8D10CEC}" = CCC Help Italian
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Dell Dock" = Dell Dock
"Dell Webcam Central" = Dell Webcam Central
"ESET Online Scanner" = ESET Online Scanner v3
"GoToAssist" = GoToAssist 8.0.0.514
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"McAfee Security Scan" = McAfee Security Scan Plus
"MotoHelper" = MotoHelper 2.0.53 Driver 5.2.0
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MSC" = McAfee SecurityCenter
"OpenVPN" = OpenVPN 2.1.1
"RealPlayer 12.0" = RealPlayer
"WildTangent dell Master Uninstall" = WildTangent Games
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1406765717-2786654532-863415465-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/22/2012 5:05:19 PM | Computer Name = DubStepper-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file
"c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll"
on line 2. Invalid Xml syntax.

Error - 1/23/2012 8:39:44 PM | Computer Name = DubStepper-PC | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 16.0.912.75 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 5b0 Start
Time: 01ccda258f299bcf Termination Time: 13 Application Path: C:\Users\DubStepper\AppData\Local\Google\Chrome\Application\chrome.exe

Report
Id: cff3bed3-4623-11e1-980b-b8ac6f634280

Error - 1/23/2012 10:06:06 PM | Computer Name = DubStepper-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error - 1/23/2012 10:06:42 PM | Computer Name = DubStepper-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 1/24/2012 9:33:40 PM | Computer Name = DubStepper-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error - 1/24/2012 9:34:21 PM | Computer Name = DubStepper-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 1/24/2012 9:35:10 PM | Computer Name = DubStepper-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file
"c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll"
on line 2. Invalid Xml syntax.

Error - 1/25/2012 12:17:14 AM | Computer Name = DubStepper-PC | Source = EventSystem | ID = 4621
Description =

Error - 1/25/2012 9:24:23 PM | Computer Name = DubStepper-PC | Source = EventSystem | ID = 4622
Description =

Error - 1/26/2012 3:21:22 AM | Computer Name = DubStepper-PC | Source = EventSystem | ID = 4622
Description =

[ Broadcom Wireless LAN Events ]
Error - 11/24/2011 8:37:16 AM | Computer Name = DubStepper-PC | Source = WLAN-Tray | ID = 0
Description = 07:37:15, Thu, Nov 24, 11 Error - Unable to gain access to user store


Error - 1/17/2012 10:55:01 PM | Computer Name = DubStepper-PC | Source = WLAN-Tray | ID = 0
Description = 21:55:01, Tue, Jan 17, 12 Error - Unable to gain access to user store


[ Media Center Events ]
Error - 9/7/2011 3:42:16 AM | Computer Name = DubStepper-PC | Source = MCUpdate | ID = 0
Description = 3:42:15 AM - Error connecting to the internet. 3:42:15 AM - Unable
to contact server..

Error - 9/12/2011 3:32:47 AM | Computer Name = DubStepper-PC | Source = MCUpdate | ID = 0
Description = 3:32:46 AM - Error connecting to the internet. 3:32:46 AM - Unable
to contact server..

Error - 9/17/2011 3:56:33 AM | Computer Name = DubStepper-PC | Source = MCUpdate | ID = 0
Description = 3:56:32 AM - Error connecting to the internet. 3:56:32 AM - Unable
to contact server..

Error - 10/7/2011 8:10:58 AM | Computer Name = DubStepper-PC | Source = MCUpdate | ID = 0
Description = 8:10:56 AM - Error connecting to the internet. 8:10:56 AM - Unable
to contact server..

Error - 11/6/2011 9:42:54 AM | Computer Name = DubStepper-PC | Source = MCUpdate | ID = 0
Description = 8:42:52 AM - Error connecting to the internet. 8:42:52 AM - Unable
to contact server..

Error - 11/11/2011 3:59:18 AM | Computer Name = DubStepper-PC | Source = MCUpdate | ID = 0
Description = 2:59:18 AM - Error connecting to the internet. 2:59:18 AM - Unable
to contact server..

Error - 11/11/2011 4:59:24 AM | Computer Name = DubStepper-PC | Source = MCUpdate | ID = 0
Description = 3:59:23 AM - Error connecting to the internet. 3:59:23 AM - Unable
to contact server..

Error - 11/11/2011 5:59:29 AM | Computer Name = DubStepper-PC | Source = MCUpdate | ID = 0
Description = 4:59:28 AM - Error connecting to the internet. 4:59:28 AM - Unable
to contact server..

Error - 11/11/2011 6:59:35 AM | Computer Name = DubStepper-PC | Source = MCUpdate | ID = 0
Description = 5:59:34 AM - Error connecting to the internet. 5:59:34 AM - Unable
to contact server..

Error - 11/16/2011 3:00:57 AM | Computer Name = DubStepper-PC | Source = MCUpdate | ID = 0
Description = 2:00:57 AM - Error connecting to the internet. 2:00:57 AM - Unable
to contact server..

[ System Events ]
Error - 1/23/2012 8:00:31 AM | Computer Name = DubStepper-PC | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 1/23/2012 8:00:51 AM | Computer Name = DubStepper-PC | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.1.103. The computer with the IP address 192.168.1.104 did
not allow the name to be claimed by this computer.

Error - 1/23/2012 7:05:01 PM | Computer Name = DubStepper-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
RxFilter

Error - 1/24/2012 10:44:29 AM | Computer Name = DubStepper-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
RxFilter

Error - 1/24/2012 8:51:15 PM | Computer Name = DubStepper-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
RxFilter

Error - 1/24/2012 8:54:50 PM | Computer Name = DubStepper-PC | Source = DCOM | ID = 10010
Description =

Error - 1/24/2012 8:56:50 PM | Computer Name = DubStepper-PC | Source = DCOM | ID = 10010
Description =

Error - 1/25/2012 9:36:50 AM | Computer Name = DubStepper-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
RxFilter

Error - 1/26/2012 12:12:27 AM | Computer Name = DubStepper-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
RxFilter

Error - 1/26/2012 11:41:05 AM | Computer Name = DubStepper-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
RxFilter


< End of report >

Here is the OTL.txt

OTL logfile created on: 1/26/2012 8:27:41 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\DubStepper\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.86 Gb Total Physical Memory | 2.18 Gb Available Physical Memory | 56.52% Memory free
7.73 Gb Paging File | 5.64 Gb Available in Paging File | 73.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 343.04 Gb Free Space | 76.05% Space Free | Partition Type: NTFS

Computer Name: DUBSTEPPER-PC | User Name: DubStepper | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\DubStepper\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe ()
PRC - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Prey\platform\windows\cronsvc.exe (Fork Ltd.)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks)
PRC - C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe ()
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe ()
PRC - C:\Program Files (x86)\Dell Photo AIO Printer 926\memcard.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe ()
MOD - c:\Program Files\McAfee\MSK\mskapbho.dll ()
MOD - C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe ()
MOD - C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe ()
MOD - C:\Program Files (x86)\Dell Photo AIO Printer 926\memcard.exe ()
MOD - C:\Program Files (x86)\Dell Photo AIO Printer 926\DLCXcfg.dll ()
MOD - C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxscw.dll ()
MOD - C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxdrec.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (CGVPNCliSrvc) -- C:\Program Files\CyberGhost VPN\CGVPNCliService.exe (mobile concepts GmbH)
SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE (Dell Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (btwdins) -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (dlcx_device) -- C:\Windows\SysNative\dlcxcoms.exe ( )
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (MotoHelper) -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe ()
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (CronService) -- C:\Prey\platform\windows\cronsvc.exe (Fork Ltd.)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (Sound Blaster X-Fi MB Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe (Creative Labs)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (OpenVPNService) -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe ()
SRV - (RoxMediaDB10) -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (InstallFilterService) -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (dlcx_device) -- C:\Windows\SysWow64\dlcxcoms.exe ( )


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (HID) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (HECIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Acceler.sys (ST Microelectronics)
DRV:64bit: - (stdflt) -- C:\Windows\SysNative\drivers\stdflt.sys (ST Microelectronics)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (rixdpcie) -- C:\Windows\SysNative\drivers\rixdpe64.sys (REDC)
DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimspe64.sys (REDC)
DRV:64bit: - (risdpcie) -- C:\Windows\SysNative\drivers\risdpe64.sys (REDC)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (pnetmdm) -- C:\Windows\SysNative\drivers\pnetmdm64.sys (June Fabrics Technology)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (RxFilter) -- C:\Windows\SysWOW64\drivers\RxFilter.sys (Sonic Solutions)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0



IE - HKU\S-1-5-21-1406765717-2786654532-863415465-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0070812
IE - HKU\S-1-5-21-1406765717-2786654532-863415465-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-1406765717-2786654532-863415465-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-1406765717-2786654532-863415465-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0070812
IE - HKU\S-1-5-21-1406765717-2786654532-863415465-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1406765717-2786654532-863415465-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1406765717-2786654532-863415465-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/?pc=MOZO"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.76
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: toolbar@2conv.com:1.21
FF - prefs.js..extensions.enabledItems: {a6ca9b3b-5e52-4f47-85d8-cca35bb57596}:1.4.9
FF - prefs.js..keyword.URL: "http://www.bing.com/search?form=MOZPLB&pc=MOZO&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\DubStepper\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\DubStepper\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\DubStepper\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\DubStepper\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/03 12:19:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2011/10/12 06:46:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2011/12/24 15:19:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/16 00:54:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/16 00:11:06 | 000,000,000 | ---D | M]

[2010/05/04 21:25:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DubStepper\AppData\Roaming\mozilla\Extensions
[2012/01/18 20:08:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DubStepper\AppData\Roaming\mozilla\Firefox\Profiles\9sq3q4uw.default\extensions
[2010/05/04 22:39:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\DubStepper\AppData\Roaming\mozilla\Firefox\Profiles\9sq3q4uw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/10 06:25:31 | 000,000,000 | ---D | M] (2conv.com Toolbar) -- C:\Users\DubStepper\AppData\Roaming\mozilla\Firefox\Profiles\9sq3q4uw.default\extensions\toolbar@2conv.com
[2012/01/18 20:08:24 | 000,000,000 | ---D | M] (We-Care Reminder) -- C:\Users\DubStepper\AppData\Roaming\mozilla\Firefox\Profiles\9sq3q4uw.default\extensions\wecarereminder@bryan
[2010/05/04 21:25:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DubStepper\AppData\Roaming\mozilla\Firefox\Profiles\g5wiyv4r.default\extensions
[2011/11/08 21:06:19 | 000,001,928 | ---- | M] () -- C:\Users\DubStepper\AppData\Roaming\Mozilla\Firefox\Profiles\9sq3q4uw.default\searchplugins\bing-.xml
[2010/10/12 18:05:37 | 000,002,057 | ---- | M] () -- C:\Users\DubStepper\AppData\Roaming\Mozilla\Firefox\Profiles\9sq3q4uw.default\searchplugins\youtube-video-search.xml
[2011/11/23 21:35:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/12 06:46:57 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES (X86)\COMMON FILES\MCAFEE\SYSTEMCORE
() (No name found) -- C:\USERS\DUBSTEPPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9SQ3Q4UW.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
[2012/01/16 00:54:57 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/04/14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/26 13:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/01/16 00:54:52 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/16 00:54:52 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\DubStepper\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U23 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\DubStepper\AppData\Local\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\DubStepper\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\DubStepper\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\DubStepper\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\DubStepper\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\DubStepper\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: eBay Web App = C:\Users\DubStepper\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnadbgmffcofipfljniafanjcafjlbom\1.0.2_0\
CHR - Extension: Facebook = C:\Users\DubStepper\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm\1_0\
CHR - Extension: Hulu on fire = C:\Users\DubStepper\AppData\Local\Google\Chrome\User Data\Default\Extensions\chgllnbkldfofeogfpbhciondkbendep\1.5_0\
CHR - Extension: Google Search = C:\Users\DubStepper\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Netflix = C:\Users\DubStepper\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh\1.0.0.2_0\
CHR - Extension: Vimeo Couch Mode = C:\Users\DubStepper\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjkdhkejcnlmkfdodbkdkelefnkobfif\1.0_0\
CHR - Extension: Yahoo Mail Checker = C:\Users\DubStepper\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijbgodfidfimmjgeapafonbdkkkndpmp\1.4.1_0\
CHR - Extension: SoundCloud = C:\Users\DubStepper\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp\1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\DubStepper\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_1\
CHR - Extension: AVG Safe Search = C:\Users\DubStepper\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: StumbleUpon = C:\Users\DubStepper\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg\3.12.6.1_0\
CHR - Extension: Hatsune Miku = C:\Users\DubStepper\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigfdicgjnpjkhbnngdfgjfffmdaonfg\2_0\
CHR - Extension: We-Care Reminder Lite = C:\Users\DubStepper\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.10_0\
CHR - Extension: Google Mail Checker = C:\Users\DubStepper\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\3.2_0\
CHR - Extension: Gmail = C:\Users\DubStepper\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/12/22 16:11:00 | 000,000,833 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111011203111.dll (McAfee, Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111011203111.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1406765717-2786654532-863415465-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1406765717-2786654532-863415465-1000\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [DLCXCATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\DLCXtime.DLL ()
O4:64bit: - HKLM..\Run: [dlcxmon.exe] C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe ()
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [MemoryCardManager] C:\Program Files (x86)\Dell Photo AIO Printer 926\memcard.exe ()
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1406765717-2786654532-863415465-1000..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\ContentMerger10.exe (Sonic Solutions)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\DubStepper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Mcx1-DUBSTEPPER-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1406765717-2786654532-863415465-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1406765717-2786654532-863415465-1000\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-1406765717-2786654532-863415465-1000\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1406765717-2786654532-863415465-1000\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} http://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab (Reg Error: Key error.)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D7894A1-EDAD-4C27-AEC6-CEDDEE207905}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBB8B070-DB5A-475D-8C44-EB81EDF709AF}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBB8B070-DB5A-475D-8C44-EB81EDF709AF}: NameServer = 8.26.56.26,156.154.70.22
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{acc7455b-dec9-11e0-a296-b8ac6f634280}\Shell - "" = AutoRun
O33 - MountPoints2\{acc7455b-dec9-11e0-a296-b8ac6f634280}\Shell\AutoRun\command - "" = E:\Setup.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/26 20:24:53 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\DubStepper\Desktop\OTL.exe
[2012/01/26 20:13:37 | 000,000,000 | ---D | C] -- C:\Users\DubStepper\Desktop\ProcessExplorer
[2012/01/26 16:05:38 | 000,000,000 | ---D | C] -- C:\Users\DubStepper\Desktop\garcia-off-the-beaten-path-ep
[2012/01/24 20:43:32 | 000,000,000 | ---D | C] -- C:\Users\DubStepper\Desktop\tdsskiller
[2012/01/22 00:31:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/01/22 00:31:04 | 002,322,184 | ---- | C] (ESET) -- C:\Users\DubStepper\Desktop\esetsmartinstaller_enu.exe
[2012/01/17 23:26:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock
[2012/01/17 23:26:13 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2012/01/17 23:25:58 | 000,000,000 | ---D | C] -- C:\ProgramData\WeCareReminder
[2012/01/17 19:36:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
[2012/01/17 19:36:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/17 19:35:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/01/16 11:02:41 | 000,000,000 | ---D | C] -- C:\Users\DubStepper\Documents\hosts
[2012/01/16 00:53:23 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/01/16 00:35:07 | 000,000,000 | ---D | C] -- C:\Users\DubStepper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/01/16 00:35:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/01/15 20:59:04 | 000,000,000 | ---D | C] -- C:\Users\DubStepper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prey
[2012/01/15 20:58:47 | 000,000,000 | ---D | C] -- C:\Prey
[2012/01/15 12:49:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2012/01/15 12:49:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2010/05/09 15:35:13 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxpmui.dll
[2010/05/09 15:35:13 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxinpa.dll
[2010/05/09 15:35:13 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxiesc.dll
[2010/05/09 15:35:12 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxserv.dll
[2010/05/09 15:35:12 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxusb1.dll
[2010/05/09 15:35:12 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxlmpm.dll
[2010/05/09 15:35:12 | 000,380,928 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxih.exe
[2010/05/09 15:35:12 | 000,176,128 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxppls.exe
[2010/05/09 15:35:12 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxprox.dll
[2010/05/09 15:35:12 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxpplc.dll
[2010/05/09 15:35:11 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxhbn3.dll
[2010/05/09 15:35:11 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxcomc.dll
[2010/05/09 15:35:11 | 000,532,480 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxcoms.exe
[2010/05/09 15:35:11 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxcomm.dll
[2010/05/09 15:35:11 | 000,381,832 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxcfg.exe
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[6 C:\Users\DubStepper\Documents\*.tmp files -> C:\Users\DubStepper\Documents\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/26 20:27:47 | 000,000,029 | ---- | M] () -- C:\Windows\SysWow64\TempWmicBatchFile.bat
[2012/01/26 20:24:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\DubStepper\Desktop\OTL.exe
[2012/01/26 20:13:16 | 001,853,311 | ---- | M] () -- C:\Users\DubStepper\Desktop\ProcessExplorer.zip
[2012/01/26 20:11:10 | 000,793,158 | ---- | M] () -- C:\Users\DubStepper\Desktop\majin vegeta2.png
[2012/01/26 20:05:28 | 000,066,685 | ---- | M] () -- C:\Users\DubStepper\Desktop\majin vegeta and trunks.jpg
[2012/01/26 19:51:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1406765717-2786654532-863415465-1000UA.job
[2012/01/26 17:17:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/26 16:05:11 | 038,724,891 | ---- | M] () -- C:\Users\DubStepper\Desktop\garcia-off-the-beaten-path-ep.zip
[2012/01/26 15:29:07 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/26 15:29:07 | 000,624,200 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/26 15:29:07 | 000,106,544 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/26 10:48:13 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/26 10:48:13 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/26 10:40:39 | 3111,534,592 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/26 01:17:34 | 000,050,477 | ---- | M] () -- C:\Users\DubStepper\Desktop\Defogger.exe
[2012/01/24 20:59:46 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1406765717-2786654532-863415465-1000Core.job
[2012/01/24 20:41:44 | 002,039,456 | ---- | M] () -- C:\Users\DubStepper\Desktop\tdsskiller.zip
[2012/01/23 08:14:25 | 000,461,681 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/01/23 07:03:38 | 087,259,922 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/01/22 00:31:04 | 002,322,184 | ---- | M] (ESET) -- C:\Users\DubStepper\Desktop\esetsmartinstaller_enu.exe
[2012/01/22 00:22:25 | 000,980,480 | ---- | M] () -- C:\Users\DubStepper\Desktop\MicrosoftFixit50267.msi
[2012/01/22 00:21:33 | 000,396,263 | ---- | M] () -- C:\Users\DubStepper\Desktop\MiniToolBox.exe
[2012/01/17 23:26:14 | 000,001,738 | ---- | M] () -- C:\Users\DubStepper\Desktop\PeerBlock.lnk
[2012/01/17 23:15:24 | 143,999,476 | ---- | M] () -- C:\Users\DubStepper\Desktop\Baby Anne SM 1.15.12 Rendered.mp3
[2012/01/17 19:36:02 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/16 12:34:31 | 114,394,828 | ---- | M] () -- C:\Users\DubStepper\Desktop\hydrolix headbass mix.mp3
[2012/01/16 11:06:18 | 000,000,825 | ---- | M] () -- C:\Users\DubStepper\Desktop\hosts
[2012/01/16 00:55:08 | 000,002,054 | -H-- | M] () -- C:\Users\DubStepper\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/16 00:53:23 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/01/16 00:35:07 | 000,002,959 | ---- | M] () -- C:\Users\DubStepper\Desktop\HiJackThis.lnk
[2012/01/16 00:22:31 | 000,017,624 | ---- | M] () -- C:\Users\DubStepper\Desktop\cc_20120116_002154.reg
[2012/01/15 12:49:26 | 000,001,161 | ---- | M] () -- C:\Users\DubStepper\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/01/15 02:13:11 | 000,102,353 | ---- | M] () -- C:\Users\DubStepper\Desktop\F179A389-F4E9-4A62-8A9D-190B006F8149.PDF
[2012/01/13 07:04:16 | 079,165,568 | ---- | M] () -- C:\Users\DubStepper\Desktop\J-Rez 1am DnB.mp3
[2012/01/13 00:19:18 | 062,128,128 | ---- | M] () -- C:\Users\DubStepper\Desktop\Wreck - Be Alright.wav
[2012/01/13 00:02:21 | 068,354,048 | ---- | M] () -- C:\Users\DubStepper\Desktop\Johannes Heil - Warrior of Light (Wrecks' Electro Bass Mix).wav
[2012/01/12 19:56:02 | 000,484,793 | ---- | M] () -- C:\Users\DubStepper\Desktop\contra1.gif
[2012/01/07 13:33:23 | 003,640,036 | ---- | M] () -- C:\Users\DubStepper\Desktop\mortal-kombat-9-fatality-sheet.png
[2011/12/31 16:15:11 | 000,022,224 | ---- | M] () -- C:\Users\DubStepper\Desktop\arnold.jpg
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[6 C:\Users\DubStepper\Documents\*.tmp files -> C:\Users\DubStepper\Documents\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/26 20:13:15 | 001,853,311 | ---- | C] () -- C:\Users\DubStepper\Desktop\ProcessExplorer.zip
[2012/01/26 20:11:10 | 000,793,158 | ---- | C] () -- C:\Users\DubStepper\Desktop\majin vegeta2.png
[2012/01/26 20:05:26 | 000,066,685 | ---- | C] () -- C:\Users\DubStepper\Desktop\majin vegeta and trunks.jpg
[2012/01/26 16:04:37 | 038,724,891 | ---- | C] () -- C:\Users\DubStepper\Desktop\garcia-off-the-beaten-path-ep.zip
[2012/01/26 01:17:37 | 000,050,477 | ---- | C] () -- C:\Users\DubStepper\Desktop\Defogger.exe
[2012/01/24 20:41:43 | 002,039,456 | ---- | C] () -- C:\Users\DubStepper\Desktop\tdsskiller.zip
[2012/01/22 00:22:34 | 000,980,480 | ---- | C] () -- C:\Users\DubStepper\Desktop\MicrosoftFixit50267.msi
[2012/01/22 00:21:38 | 000,396,263 | ---- | C] () -- C:\Users\DubStepper\Desktop\MiniToolBox.exe
[2012/01/17 23:26:14 | 000,001,738 | ---- | C] () -- C:\Users\DubStepper\Desktop\PeerBlock.lnk
[2012/01/17 23:01:52 | 143,999,476 | ---- | C] () -- C:\Users\DubStepper\Desktop\Baby Anne SM 1.15.12 Rendered.mp3
[2012/01/17 19:36:02 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/16 12:09:30 | 114,394,828 | ---- | C] () -- C:\Users\DubStepper\Desktop\hydrolix headbass mix.mp3
[2012/01/16 11:04:02 | 000,000,825 | ---- | C] () -- C:\Users\DubStepper\Desktop\hosts
[2012/01/16 00:35:07 | 000,002,959 | ---- | C] () -- C:\Users\DubStepper\Desktop\HiJackThis.lnk
[2012/01/16 00:22:00 | 000,017,624 | ---- | C] () -- C:\Users\DubStepper\Desktop\cc_20120116_002154.reg
[2012/01/15 12:49:26 | 000,001,161 | ---- | C] () -- C:\Users\DubStepper\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/01/15 02:13:14 | 000,102,353 | ---- | C] () -- C:\Users\DubStepper\Desktop\F179A389-F4E9-4A62-8A9D-190B006F8149.PDF
[2012/01/13 07:03:28 | 079,165,568 | ---- | C] () -- C:\Users\DubStepper\Desktop\J-Rez 1am DnB.mp3
[2012/01/13 00:18:08 | 062,128,128 | ---- | C] () -- C:\Users\DubStepper\Desktop\Wreck - Be Alright.wav
[2012/01/13 00:01:36 | 068,354,048 | ---- | C] () -- C:\Users\DubStepper\Desktop\Johannes Heil - Warrior of Light (Wrecks' Electro Bass Mix).wav
[2012/01/12 19:56:00 | 000,484,793 | ---- | C] () -- C:\Users\DubStepper\Desktop\contra1.gif
[2012/01/07 13:33:20 | 003,640,036 | ---- | C] () -- C:\Users\DubStepper\Desktop\mortal-kombat-9-fatality-sheet.png
[2011/12/31 16:15:22 | 000,022,224 | ---- | C] () -- C:\Users\DubStepper\Desktop\arnold.jpg
[2011/02/24 15:08:25 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/09/05 13:06:16 | 000,007,608 | ---- | C] () -- C:\Users\DubStepper\AppData\Local\resmon.resmoncfg
[2010/05/26 20:20:15 | 000,000,000 | ---- | C] () -- C:\Users\DubStepper\AppData\Local\rx_image32.Cache
[2010/05/26 20:20:10 | 000,002,120 | ---- | C] () -- C:\Users\DubStepper\AppData\Local\rx_audio.Cache
[2010/05/15 03:38:55 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat
[2010/05/09 15:35:13 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\dlcxutil.dll
[2010/05/09 15:35:13 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\dlcxinst.dll
[2010/05/09 15:35:13 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\dlcxinsb.dll
[2010/05/09 15:35:13 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\dlcxjswr.dll
[2010/05/09 15:35:13 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\dlcxinsr.dll
[2010/05/09 15:35:13 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dlcxcur.dll
[2010/05/09 15:35:12 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\dlcxins.dll
[2010/05/09 15:35:12 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dlcxcub.dll
[2010/05/09 15:35:12 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\dlcxcu.dll
[2010/05/09 15:35:11 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\DLCXcfg.dll
[2010/05/04 21:51:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/27 14:59:10 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/04/27 13:48:45 | 000,002,265 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini
[2010/04/27 13:48:45 | 000,001,650 | ---- | C] () -- C:\Windows\FF08_Capture.ini
[2010/04/27 13:48:45 | 000,001,540 | ---- | C] () -- C:\Windows\FF08_Render.ini
[2010/04/27 13:48:27 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/04/27 13:48:27 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/04/27 13:45:00 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:57:06 | 000,001,547 | ---- | C] () -- C:\Program Files\Windows Media Player.lnk
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

Edited by boopme, 26 January 2012 - 09:01 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:02 PM

Posted 29 January 2012 - 03:08 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:02 PM

Posted 01 February 2012 - 11:08 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:02 PM

Posted 04 February 2012 - 01:00 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:02 PM

Posted 05 February 2012 - 11:52 AM

Re-opened per PM request.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 tjtjtj

tjtjtj
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 05 February 2012 - 12:11 PM

Im sorry. I am new and forgot to click the "watch topic". I am ready to start.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:02 PM

Posted 05 February 2012 - 12:43 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 tjtjtj

tjtjtj
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 05 February 2012 - 12:45 PM

Okay. I ran ComboFix and on multiple occasions it stated "The system cannot find the file "NIRMD" My computer never really had any issues before. If I wasnt looking around my computer for whatever. You know, learn whats, what. And found some odd files. So I was directed to come here.

But anyways here is the ComboFix Log. Sorry for the late response and Thank you for your help.


ComboFix 12-02-05.02 - DubStepper 02/05/2012 12:19:27.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3957.2590 [GMT -5:00]
Running from: c:\users\DubStepper\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SPL1736.tmp
c:\programdata\SPL19EB.tmp
c:\programdata\SPL5891.tmp
c:\programdata\SPL9645.tmp
c:\programdata\SPLA90A.tmp
c:\programdata\SPLD9EE.tmp
c:\programdata\SPLF65A.tmp
c:\users\DubStepper\Documents\~WRL0171.tmp
c:\users\DubStepper\Documents\~WRL0287.tmp
c:\users\DubStepper\Documents\~WRL2914.tmp
c:\users\DubStepper\Documents\~WRL3321.tmp
c:\users\DubStepper\Documents\~WRL3643.tmp
c:\users\DubStepper\Documents\~WRL4076.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-01-05 to 2012-02-05 )))))))))))))))))))))))))))))))
.
.
2012-02-04 18:11 . 2012-02-05 14:22 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{285C06B1-077C-4E89-A150-405176A2C1F9}\offreg.dll
2012-02-01 02:54 . 2012-02-01 02:55 -------- d-----w- c:\program files (x86)\Ask.com
2012-02-01 02:54 . 2012-02-01 02:54 -------- d-----w- c:\program files (x86)\VirtualDJ
2012-02-01 02:44 . 2012-02-01 02:44 -------- d-----w- c:\users\DubStepper\AppData\Roaming\Avira
2012-02-01 02:43 . 2012-02-02 05:05 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-02-01 02:43 . 2011-09-16 04:55 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-02-01 02:43 . 2011-09-16 04:55 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-02-01 02:43 . 2012-02-01 02:43 -------- d-----w- c:\programdata\Avira
2012-02-01 02:43 . 2012-02-01 02:43 -------- d-----w- c:\program files (x86)\Avira
2012-01-22 05:31 . 2012-01-22 05:31 -------- d-----w- c:\program files (x86)\ESET
2012-01-18 04:26 . 2012-02-05 17:13 -------- d-----w- c:\program files\PeerBlock
2012-01-18 04:25 . 2012-01-18 04:25 -------- d-----w- c:\programdata\WeCareReminder
2012-01-18 00:36 . 2012-01-18 00:36 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2012-01-18 00:35 . 2012-01-18 00:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-16 05:54 . 2012-01-29 15:55 45016 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-16 05:54 . 2012-01-29 13:36 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-16 05:54 . 2012-01-29 13:36 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-16 05:54 . 2012-01-29 13:36 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-16 05:53 . 2012-01-16 05:53 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-16 05:35 . 2012-01-16 05:35 388096 ----a-r- c:\users\DubStepper\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-16 05:35 . 2012-01-16 05:35 -------- d-----w- c:\program files (x86)\Trend Micro
2012-01-16 01:58 . 2012-01-16 02:06 -------- d-----w- C:\Prey
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-05 17:30 . 2011-10-04 19:11 29 ----a-w- c:\windows\SysWow64\TempWmicBatchFile.bat
2011-12-10 20:24 . 2011-11-03 18:17 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-02-02 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-02 00:17 1487240 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-02-02 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 44544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-18 98304]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-05-04 241789]
"dellsupportcenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"TkBellExe"="c:\program files (x86)\real\realplayer\update\realsched.exe" [2011-07-10 273544]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\users\DubStepper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\CyberGhost VPN\CGVPNCliService.exe [2011-07-05 2428968]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-05-05 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-04-27 79360]
R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-04-27 79360]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R4 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-09-23 86224]
S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-02-15 19968]
S2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe [2006-10-11 561152]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-06-23 60928]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-08-19 208272]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-08-19 158832]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-08-10 227184]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-02-11 660800]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1406765717-2786654532-863415465-1000Core.job
- c:\users\DubStepper\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-29 14:32]
.
2012-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1406765717-2786654532-863415465-1000UA.job
- c:\users\DubStepper\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-29 14:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-10-01 3189016]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2009-12-16 5470208]
"RunDLLEntry"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"dlcxmon.exe"="c:\program files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"MemoryCardManager"="c:\program files (x86)\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]
"DLCXCATS"="c:\windows\system32\spool\DRIVERS\x64\3\DLCXtime.dll" [2006-10-16 31744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.ask.com/?l=dis&o=41647958&gct=hp
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{0D7894A1-EDAD-4C27-AEC6-CEDDEE207905}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{CBB8B070-DB5A-475D-8C44-EB81EDF709AF}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{CBB8B070-DB5A-475D-8C44-EB81EDF709AF}\F6C697D6079616: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\users\DubStepper\AppData\Roaming\Mozilla\Firefox\Profiles\9sq3q4uw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?form=MOZPLB&pc=MOZO&q=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1406765717-2786654532-863415465-1000\*g\g(*gH*gH*gH*gH*gH*gH*gH*gl\g٪*g\g*g8*g*gB*g*gʲ*g*g*g3)6{*O>`3)6{*O>`jو_*@2Q]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1406765717-2786654532-863415465-1000\*g\g(*gH*gH*gH*gH*gH*gH*gH*gl\g٪*g\g*g8*g*gB*g*gʲ*g*g*g3)6{*O>`3)6{*O>`jو_*@2Q\Dont Show]
"Dblclick To Manual"=dword:00000000
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-05 12:38:35
ComboFix-quarantined-files.txt 2012-02-05 17:38
.
Pre-Run: 369,649,258,496 bytes free
Post-Run: 369,154,752,512 bytes free
.
- - End Of File - - 381BA43CBEF35991BEEDF12ABA38B64D

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:02 PM

Posted 05 February 2012 - 01:13 PM

Hello



:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

AV: Avira Desktop
AV: McAfee Anti-Virus and Anti-Spyware


Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.



:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files (x86)\Ask.com

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 tjtjtj

tjtjtj
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 05 February 2012 - 01:44 PM

Okay. I got rid of the McAfee. Here is the second run of ComboFix.


ComboFix 12-02-05.02 - DubStepper 02/05/2012 13:31:50.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3957.2348 [GMT -5:00]
Running from: c:\users\DubStepper\Desktop\ComboFix.exe
Command switches used :: c:\users\DubStepper\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Ask.com
c:\program files (x86)\Ask.com\assets\oobe\b.png
c:\program files (x86)\Ask.com\assets\oobe\bl.png
c:\program files (x86)\Ask.com\assets\oobe\br.png
c:\program files (x86)\Ask.com\assets\oobe\l.png
c:\program files (x86)\Ask.com\assets\oobe\pointer.png
c:\program files (x86)\Ask.com\assets\oobe\r.png
c:\program files (x86)\Ask.com\assets\oobe\t.png
c:\program files (x86)\Ask.com\assets\oobe\tl.png
c:\program files (x86)\Ask.com\assets\oobe\tr.png
c:\program files (x86)\Ask.com\cb_3478.ico
c:\program files (x86)\Ask.com\cobrand.ico
c:\program files (x86)\Ask.com\config.xml
c:\program files (x86)\Ask.com\favicon.ico
c:\program files (x86)\Ask.com\fv_25a9.ico
c:\program files (x86)\Ask.com\GenericAskToolbar.dll
c:\program files (x86)\Ask.com\mupcfg.xml
c:\program files (x86)\Ask.com\SaUpdate.exe
c:\program files (x86)\Ask.com\UpdateTask.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-01-05 to 2012-02-05 )))))))))))))))))))))))))))))))
.
.
2012-02-05 18:37 . 2012-02-05 18:37 -------- d-----w- c:\users\Mcx1-DUBSTEPPER-PC\AppData\Local\temp
2012-02-05 18:37 . 2012-02-05 18:37 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-02-05 18:37 . 2012-02-05 18:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-04 18:11 . 2012-02-05 14:22 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{285C06B1-077C-4E89-A150-405176A2C1F9}\offreg.dll
2012-02-01 02:54 . 2012-02-01 02:54 -------- d-----w- c:\program files (x86)\VirtualDJ
2012-02-01 02:44 . 2012-02-01 02:44 -------- d-----w- c:\users\DubStepper\AppData\Roaming\Avira
2012-02-01 02:43 . 2012-02-02 05:05 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-02-01 02:43 . 2011-09-16 04:55 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-02-01 02:43 . 2011-09-16 04:55 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-02-01 02:43 . 2012-02-01 02:43 -------- d-----w- c:\programdata\Avira
2012-02-01 02:43 . 2012-02-01 02:43 -------- d-----w- c:\program files (x86)\Avira
2012-01-22 05:31 . 2012-01-22 05:31 -------- d-----w- c:\program files (x86)\ESET
2012-01-18 04:26 . 2012-02-05 17:13 -------- d-----w- c:\program files\PeerBlock
2012-01-18 04:25 . 2012-01-18 04:25 -------- d-----w- c:\programdata\WeCareReminder
2012-01-18 00:36 . 2012-01-18 00:36 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2012-01-18 00:35 . 2012-01-18 00:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-16 05:54 . 2012-01-29 15:55 45016 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-16 05:54 . 2012-01-29 13:36 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-16 05:54 . 2012-01-29 13:36 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-16 05:54 . 2012-01-29 13:36 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-16 05:53 . 2012-01-16 05:53 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-16 05:35 . 2012-01-16 05:35 388096 ----a-r- c:\users\DubStepper\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-16 05:35 . 2012-01-16 05:35 -------- d-----w- c:\program files (x86)\Trend Micro
2012-01-16 01:58 . 2012-01-16 02:06 -------- d-----w- C:\Prey
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-05 18:30 . 2011-10-04 19:11 29 ----a-w- c:\windows\SysWow64\TempWmicBatchFile.bat
2011-12-10 20:24 . 2011-11-03 18:17 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-05_17.33.53 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-02-05 17:30 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-02-05 18:30 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-02-05 17:30 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-05 18:30 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-05 17:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-05 18:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-05 02:22 . 2012-02-05 18:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-05 02:22 . 2012-02-05 17:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-05 02:22 . 2012-02-05 18:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-05-05 02:22 . 2012-02-05 17:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 44544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-18 98304]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-05-04 241789]
"dellsupportcenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"TkBellExe"="c:\program files (x86)\real\realplayer\update\realsched.exe" [2011-07-10 273544]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\users\DubStepper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 0242831328466479mcinstcleanup;McAfee Application Installer Cleanup (0242831328466479);c:\users\DUBSTE~1\AppData\Local\Temp\024283~1.EXE [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\CyberGhost VPN\CGVPNCliService.exe [2011-07-05 2428968]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-05-05 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-04-27 79360]
R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-04-27 79360]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-09-23 86224]
S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-02-15 19968]
S2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe [2006-10-11 561152]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-06-23 60928]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-08-10 227184]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-02-11 660800]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
*Deregistered* - mfenlfk
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1406765717-2786654532-863415465-1000Core.job
- c:\users\DubStepper\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-29 14:32]
.
2012-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1406765717-2786654532-863415465-1000UA.job
- c:\users\DubStepper\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-29 14:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2009-12-16 5470208]
"RunDLLEntry"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"dlcxmon.exe"="c:\program files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"MemoryCardManager"="c:\program files (x86)\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]
"DLCXCATS"="c:\windows\system32\spool\DRIVERS\x64\3\DLCXtime.dll" [2006-10-16 31744]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.ask.com/?l=dis&o=41647958&gct=hp
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{0D7894A1-EDAD-4C27-AEC6-CEDDEE207905}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{CBB8B070-DB5A-475D-8C44-EB81EDF709AF}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{CBB8B070-DB5A-475D-8C44-EB81EDF709AF}\F6C697D6079616: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\users\DubStepper\AppData\Roaming\Mozilla\Firefox\Profiles\9sq3q4uw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?form=MOZPLB&pc=MOZO&q=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Toolbar-Locked - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1406765717-2786654532-863415465-1000\*g\g(*gH*gH*gH*gH*gH*gH*gH*gl\g٪*g\g*g8*g*gB*g*gʲ*g*g*g3)6{*O>`3)6{*O>`jو_*@2Q]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1406765717-2786654532-863415465-1000\*g\g(*gH*gH*gH*gH*gH*gH*gH*gl\g٪*g\g*g8*g*gB*g*gʲ*g*g*g3)6{*O>`3)6{*O>`jو_*@2Q\Dont Show]
"Dblclick To Manual"=dword:00000000
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-05 13:39:43
ComboFix-quarantined-files.txt 2012-02-05 18:39
ComboFix2.txt 2012-02-05 17:38
.
Pre-Run: 369,285,681,152 bytes free
Post-Run: 370,895,650,816 bytes free
.
- - End Of File - - 00F9074D794A1B3C853C404ADB461678

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:02 PM

Posted 05 February 2012 - 01:52 PM

Hello

I would ike to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 tjtjtj

tjtjtj
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 05 February 2012 - 02:16 PM

those atieclxx.exe winlogon.exe csrss.exe are still there and so are the 8 Chrome and firefox browsers when I only have 4 open. Even at times when I only have one open. Here is the add-remove log

Update for Microsoft Office 2007 (KB2508958)
Accelerometer
Adobe Acrobat 9 Standard - English, Franais, Deutsch
Adobe Acrobat 9.4.1 - CPSID_83708
Adobe Shockwave Player 11.6
Advanced Audio FX Engine
Apple Application Support
Apple Software Update
Ask Toolbar
ASPCA Reminder by We-Care.com v5.0.5.1
ATI Catalyst Control Center
AVG PC Tuneup
Avira Free Antivirus
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Consumer In-Home Service Agreement
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Driver Download Manager
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Webcam Central
DirectXInstallService
EMC 10 Content
ESET Online Scanner v3
Google Chrome
Google Talk Plugin
GoToAssist 8.0.0.514
HiJackThis
Internet TV for Windows Media Center
Junk Mail filter update
Live! Cam Avatar Creator
Malwarebytes Anti-Malware version 1.60.0.1800
MergeModules
MFCLOC
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MotoHelper 2.0.53 Driver 5.2.0
MotoHelper MergeModules
Mozilla Firefox 10.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OpenVPN 2.1.1
Phone F USB Driver
PowerDVD DX
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy CD and DVD Burning
Roxio Express Labeler 3
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skins
Skype Toolbars
Skype 4.2
Sonic CinePlayer Decoder Pack
Sound Blaster X-Fi MB
Spelling Dictionaries Support For Adobe Reader 9
swMSM
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VirtualDJ Home FREE
Visual Studio 2008 x64 Redistributables
WildTangent Games
Winamp
Winamp Detector Plug-in
Winamp Toolbar
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Center Add-in for Flash
Yahoo! Messenger

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:02 PM

Posted 05 February 2012 - 02:51 PM

SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:filefind
winlogon.exe
csrss.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 tjtjtj

tjtjtj
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 05 February 2012 - 03:01 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 15:01 on 05/02/2012 by DubStepper
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "winlogon.exe"
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe --a---- 182856 bytes [00:36 18/01/2012] [22:50 24/12/2011] B382935AB01B27D0E14F267DBF288896
C:\Temp1234\Windows\System32\winlogon.exe --a---- 389120 bytes [23:52 13/07/2009] [01:39 14/07/2009] 132328DF455B0028F13BF0ABEE51A63A
C:\Temp1234\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe --a---- 389120 bytes [23:52 13/07/2009] [01:39 14/07/2009] 132328DF455B0028F13BF0ABEE51A63A
C:\Windows\ERDNT\cache64\winlogon.exe --a---- 389632 bytes [17:36 05/02/2012] [20:45 27/04/2010] DA3E2A6FA9660CC75B471530CE88453A
C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe --a---- 390656 bytes [21:31 23/05/2011] [13:25 20/11/2010] 1151B1BAA6F350B1DB6598E0FEA7C457
C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe --a---- 389120 bytes [23:52 13/07/2009] [01:39 14/07/2009] 132328DF455B0028F13BF0ABEE51A63A
C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe --a---- 389632 bytes [20:45 27/04/2010] [20:45 27/04/2010] DA3E2A6FA9660CC75B471530CE88453A
C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe --a---- 389632 bytes [20:45 27/04/2010] [20:45 27/04/2010] A93D41A4D4B0D91C072D11DD8AF266DE

Searching for "csrss.exe"
C:\Temp1234\Windows\System32\csrss.exe --a---- 7680 bytes [23:19 13/07/2009] [01:39 14/07/2009] 60C2862B4BF0FD9F582EF344C2B1EC72
C:\Temp1234\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe --a---- 7680 bytes [23:19 13/07/2009] [01:39 14/07/2009] 60C2862B4BF0FD9F582EF344C2B1EC72
C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe --a---- 7680 bytes [23:19 13/07/2009] [01:39 14/07/2009] 60C2862B4BF0FD9F582EF344C2B1EC72

-= EOF =-

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:02 PM

Posted 05 February 2012 - 03:13 PM

Hello

The files you talked about before are legit and the ones i have checked have come out clean


Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Ask Toolbar
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close


TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users