Inactive Google search hijack and malware removal

[Shinobio]

Greetings everyone,

I seem to have some malware issues going on with my dell xps laptop. Any help would be greatly appreciated.

I've been experiencing redirection when clicking on google search results. Instead of going to the site I click on, I'll briefly see "waiting for 100ksearches.com" in the lower left hand corner of firefox before I'm redirected to an ad site or other search engine like Scour.

I've also noticed that my McAfee firewall has been turned off and can't be turned back on(for long) again. Sometimes when I restart my computer the firewall will be in place for a short time before its disabled again.

I read the preliminary removal instructions thread and here are my logs:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7066

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

7/10/2011 5:17:40 PM
mbam-log-2011-07-10 (17-17-40).txt

Scan type: Quick scan
Objects scanned: 202301
Time elapsed: 7 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
-------------------------------------------------
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-07-11 00:55:47
Windows 6.1.7601 Service Pack 1
Running: 2dfwz27h.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002268df2cb2
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002268df2cb2 (not active ControlSet)

---- Files - GMER 1.0.15 ----

File C:\Windows\assembly\NativeImages_v2.0.50727_64\index515.dat 0 bytes
File C:\Windows\assembly\NativeImages_v2.0.50727_64\index516.dat 0 bytes

---- EOF - GMER 1.0.15 ----
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22
Run by AA at 0:58:45 on 2011-07-11
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6133.4338 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Program Files\Intel\WiMAX\bin\wimaxcu.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\AA\Desktop\2dfwz27h.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110512023356.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [AdobeBridge]
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [FAStartup]
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
mRun: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mExplorerRun: [Ckvo] C:\Windows\SysWOW64\pcwumg.exe
StartupFolder: C:\Users\AA\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.4.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62
TCP: Interfaces\{1C1CED5E-C479-478B-BFCD-282354CA3119} : DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62
TCP: Interfaces\{1C1CED5E-C479-478B-BFCD-282354CA3119}\0484F6D65613443314 : DhcpNameServer = 192.168.1.1 192.168.1.1 0.0.0.0
TCP: Interfaces\{1C1CED5E-C479-478B-BFCD-282354CA3119}\54E64756270247865602D41647279687 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1C1CED5E-C479-478B-BFCD-282354CA3119}\C696E6B6379737 : DhcpNameServer = 192.168.1.1 68.237.161.12 71.243.0.12
TCP: Interfaces\{1C1CED5E-C479-478B-BFCD-282354CA3119}\E4544574541425 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1C1CED5E-C479-478B-BFCD-282354CA3119}\F6074796D657D677966696 : DhcpNameServer = 10.240.205.161 10.240.205.162
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: FastAccess - c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
LSA: Notification Packages = scecli FAPassSync
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110512023356.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: FAIESSOHelper Class: {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO-X64: FAIESSO Helper Object - No File
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [FAStartup]
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
mRun-x64: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\AA\AppData\Roaming\Mozilla\Firefox\Profiles\9fhtkqrk.default\
FF - prefs.js: browser.startup.homepage - hxxp://bloglines.com/myblogs|http://www.cnn.com/|http://www.biblegateway.com/|http://rr.com/|http://www.keyway.ca/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2010-4-29 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 DigiNet;Digidesign Ethernet Support;C:\Windows\system32\DRIVERS\diginet.sys --> C:\Windows\system32\DRIVERS\diginet.sys [?]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2009-9-15 403456]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-2-22 2409800]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-12-3 2151640]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-9-22 355440]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-9-22 355440]
R2 McShield;McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2010-6-7 200056]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2010-6-7 245352]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe [2010-6-7 149032]
R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimspe64.sys --> C:\Windows\system32\DRIVERS\rimspe64.sys [?]
R2 risdpcie;risdpcie;C:\Windows\system32\DRIVERS\risdpe64.sys --> C:\Windows\system32\DRIVERS\risdpe64.sys [?]
R2 rixdpcie;rixdpcie;C:\Windows\system32\DRIVERS\rixdpe64.sys --> C:\Windows\system32\DRIVERS\rixdpe64.sys [?]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-6-7 658656]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2009-9-15 907264]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 bpenum;bpenum;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?]
R3 bpmp;bpmp;C:\Windows\system32\DRIVERS\bpmp.sys --> C:\Windows\system32\DRIVERS\bpmp.sys [?]
R3 bpusb;bpusb;C:\Windows\system32\Drivers\bpusb.sys --> C:\Windows\system32\Drivers\bpusb.sys [?]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 connctfyMP;connctfyMP;C:\Windows\system32\DRIVERS\connctfy.sys --> C:\Windows\system32\DRIVERS\connctfy.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2010-12-3 17152]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-9-22 355440]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
S3 connctfy;Connectify Service;C:\Windows\system32\DRIVERS\connctfy.sys --> C:\Windows\system32\DRIVERS\connctfy.sys [?]
S3 dalwdmservice;dal service;C:\Windows\system32\drivers\dalwdm.sys --> C:\Windows\system32\drivers\dalwdm.sys [?]
S3 DGUSBAP;Service for Digidesign Mbox2 (WDM);C:\Windows\system32\DRIVERS\dgmbx2.sys --> C:\Windows\system32\DRIVERS\dgmbx2.sys [?]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]
S3 MBX2DFU;Digidesign Mbox 2 Firmware Updater;C:\Windows\system32\DRIVERS\dgmbx2fu.sys --> C:\Windows\system32\DRIVERS\dgmbx2fu.sys [?]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;C:\Windows\system32\drivers\mbx2midk.sys --> C:\Windows\system32\drivers\mbx2midk.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2009-9-21 315664]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2010-9-24 306416]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-9-22 355440]
.
=============== Created Last 30 ================
.
2011-07-11 03:43:19 -------- d-----w- C:\Windows\System32\SPReview
2011-07-11 03:42:12 -------- d-----w- C:\Windows\System32\EventProviders
2011-07-05 03:57:48 -------- d-----w- C:\Users\AA\AppData\Local\OpenCandy
2011-07-05 03:57:36 -------- d-----w- C:\Users\AA\AppData\Roaming\OpenCandy
2011-07-05 03:57:36 -------- d-----w- C:\Program Files (x86)\Connectify
2011-06-30 00:18:14 -------- d-----w- C:\Users\AA\AppData\Local\{8A1F03E1-515D-47CB-9664-940B47C26C92}
2011-06-29 14:31:45 -------- d-----we C:\Windows\system64
2011-06-29 12:17:35 -------- d-----w- C:\Users\AA\AppData\Local\{EF1062A4-A181-4865-9998-D9D7206D16DE}
2011-06-29 01:39:08 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-06-29 01:39:08 207872 ----a-w- C:\Windows\System32\cfgmgr32.dll
2011-06-29 01:39:08 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-06-29 01:39:07 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-06-29 01:39:07 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-06-29 01:39:07 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-06-29 01:39:00 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2011-06-29 01:39:00 2315776 ----a-w- C:\Windows\System32\tquery.dll
2011-06-29 01:39:00 2223616 ----a-w- C:\Windows\System32\mssrch.dll
2011-06-29 01:39:00 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll
2011-06-29 01:39:00 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll
2011-06-27 15:32:26 -------- d-----w- C:\Users\AA\AppData\Local\{252985B7-B57A-4748-8FE8-63C276963A4F}
2011-06-27 03:33:21 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-06-27 03:33:21 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-06-21 00:50:58 67072 ----a-w- C:\Windows\splwow64.exe
2011-06-21 00:49:59 8192 ----a-w- C:\Windows\System32\KBDTUQ.DLL
2011-06-21 00:46:37 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-06-21 00:46:37 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2011-06-21 00:46:37 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll
2011-06-21 00:46:25 933376 ----a-w- C:\Windows\System32\SmiEngine.dll
2011-06-21 00:46:16 199168 ----a-w- C:\Windows\System32\PkgMgr.exe
2011-06-21 00:45:39 422912 ----a-w- C:\Windows\System32\drvstore.dll
2011-06-21 00:45:39 399872 ----a-w- C:\Windows\System32\dpx.dll
2011-06-16 16:35:29 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-06-16 16:35:29 288640 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2011-06-16 16:35:29 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-06-16 16:35:27 3135488 ----a-w- C:\Windows\System32\win32k.sys
2011-06-16 16:35:25 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-06-16 16:35:25 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-06-16 16:35:25 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-06-16 16:34:46 321024 ----a-w- C:\Windows\System32\d3d10_1core.dll
2011-06-16 16:34:46 219136 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2011-06-16 16:34:46 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-06-16 16:34:46 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-06-16 16:34:44 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-06-16 16:34:44 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-06-16 16:34:44 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-06-16 16:34:42 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-06-16 16:34:42 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-06-16 16:34:34 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-06-16 16:34:33 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
.
==================== Find3M ====================
.
2011-07-11 03:52:26 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-07-11 03:52:25 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-06-30 04:29:00 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2011-05-29 13:11:30 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-29 13:11:20 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll
2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll
2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2011-04-23 01:29:25 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-04-23 01:19:19 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-04-22 23:35:56 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-04-22 23:25:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-04-22 22:15:29 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-04-20 17:32:49 256 ----a-w- C:\Windows\SysWow64\pool.bin
2011-04-18 10:23:39 16432 ----a-w- C:\Windows\System32\lsdelete.exe
2011-04-14 18:01:38 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2011-04-14 18:01:38 94992 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2011-04-14 18:01:38 75160 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2011-04-14 18:01:38 63056 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2011-04-14 18:01:38 530304 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2011-04-14 18:01:38 441840 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2011-04-14 18:01:38 283744 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2011-04-14 18:01:38 190520 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2011-04-14 18:01:38 121376 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2006-05-03 10:06:54 163328 --sh--r- C:\Windows\SysWOW64\flvDX.dll
2007-02-21 11:47:16 31232 --sh--r- C:\Windows\SysWOW64\msfDX.dll
2008-03-16 13:30:52 216064 --sh--r- C:\Windows\SysWOW64\nbDX.dll
.
============= FINISH: 0:59:17.09 ===============
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 6/12/2010 2:41:37 PM
System Uptime: 7/11/2011 12:00:24 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 0W61J1
Processor: Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz | U2E1 | 2534/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 128.712 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: facap, FastAccess Video Capture
Device ID: ROOT\IMAGE\0000
Manufacturer: Sensible Vision
Name: facap, FastAccess Video Capture
PNP Device ID: ROOT\IMAGE\0000
Service: FACAP
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Windows Firewall Authorization Driver
Device ID: ROOT\LEGACY_MPSDRV\0000
Manufacturer:
Name: Windows Firewall Authorization Driver
PNP Device ID: ROOT\LEGACY_MPSDRV\0000
Service: mpsdrv
.
==== System Restore Points ===================
.
RP181: 7/10/2011 11:43:10 PM - Windows 7 Service Pack 1
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Ad-Aware
Ad-Aware Email Scanner for Outlook
Add or Remove Adobe Premiere Pro CS5
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Premiere Pro CS5 Third Party Royalty Content
Adobe Reader 9.4.5
Advanced Audio FX Engine
Apple Application Support
Apple Software Update
ATI Catalyst Control Center
Audacity 1.3.12 (Unicode)
Avid Pro Tools Creative Collection 8.0.4
Avid Pro Tools LE 8.0.4
Banctec Service Agreement
BitTorrent
BlackBerry Desktop Software 5.0.1
BlackBerry Device Manager 6.0.2
BlackBerry® Media Sync
BpmChecker
calibre
CardRecovery 5.30
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CLEAR™ WiMAX Tutorial
Compatibility Pack for the 2007 Office system
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Dock
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Webcam Central
Digidesign MP3 Option 8.0
DirectXInstallService
EMC 10 Content
FL Studio 9
Foxit Reader
Free DigiRack Plug-Ins 8.0.3
Google SketchUp 8
GoToAssist 8.0.0.514
HandBrake 0.9.5
Hardcore
IL Download Manager
iZotope Ozone 3
Java Auto Updater
Java(TM) 6 Update 22
Junk Mail filter update
Live! Cam Avatar Creator
LoJack Factory Installer
Malwarebytes' Anti-Malware version 1.51.0.1200
McAfee Security Center
McAfee Security Scan Plus
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Word MUI (English) 2007
Microsoft Reader
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MKVtoolnix 2.9.0
Mozilla Firefox 5.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Netflix in Windows Media Center
NOOK for PC
PDF Settings CS5
PoiZone
PowerDVD DX
PxMergeModule
QuickTime
Roxio Activation Module
Roxio BackOnTrack
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy CD and DVD Burning
Roxio Express Labeler 3
Roxio Update Manager
Sawer
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skins
Skype Toolbars
Skype™ 5.1
Sonic CinePlayer Decoder Pack
Spybot - Search & Destroy
SUPER © Version 2010.bld.42 (Nov 7, 2010)
Toxic Biohazard
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2536413)
Vegas Movie Studio HD 9.0
Vegas Movie Studio HD Platinum 10.0
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Xvid 1.2.2 final uninstall
.
==== Event Viewer Messages From Past Week ========
.
7/8/2011 12:25:47 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} and APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user AA-Laptop\Guest SID (S-1-5-21-1120090352-1538412859-4050260282-501) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
7/8/2011 12:15:43 PM, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.
7/8/2011 12:09:42 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
7/5/2011 7:07:41 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa80062a3060, 0xfffff80000b9c518, 0xfffffa8006ab1c60). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 070511-21091-01.
7/5/2011 4:29:23 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004
7/4/2011 9:56:00 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
7/4/2011 11:32:20 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa80062c0a20, 0xfffff80000b9c518, 0xfffffa800a192e10). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 070411-20217-01.
7/11/2011 12:56:17 AM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.
7/11/2011 12:56:17 AM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.
7/11/2011 12:56:17 AM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.
7/11/2011 12:03:46 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: RxFilter
7/10/2011 7:11:05 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa800628aa20, 0xfffff800065c1518, 0xfffffa800dc332a0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071011-21294-01.
.
==== End Of File ===========================

 

[Bobbye]

Good Morning and welcome to TechSpot! I'll help with the redirect.

My Guidelines: please read and follow:

• Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
• Read my instructions carefully. If you don't understand or have a problem, ask me.
• If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
• Follow the order of the tasks I give you. Order is crucial in cleaning process.
• File sharing programs should be uninstalled or disabled during the cleaning process..
• Observe these:
  [o] Don't use any other cleaning programs or scans while I'm helping you.
  [o] Don't use a Registry cleaner or make any changes in the Registry.
  [o] Don't download and install new programs- except those I give you.
• Please let me know if there is any change in the system.

If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
It is not uncommon for malware to disable all or part of the security center. I will be able to see that in the Combofix scan. Before you do that, I strongly recommend that you remove the following:
ClickPotatoLiteSA plugin on Firefox
OpenCandy alication
These are straight avenues to malware.
Consider also removing the file sharing BitTorrent.
==============================================
Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

• Double click combofix.exe & follow the prompts.
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  
  
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• .Close any open browsers.
• .Double click combofix.exe
  
  & follow the prompts to run.
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
============================================

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESETOnlineScan
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
  [o] Double click on the
  
  on your desktop.
• Check 'Yes I accept terms of use.'
• Click Start button
• Accept any security warnings from your browser.
  
  
• Uncheck 'Remove found threats'
• Check 'Scan archives/
• Leave remaining settings as is.
• Press the Start button.
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
• When the scan completes, press List of found threats
• Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
• Push the Back button
• Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
========================================
Please lever the logs in your next reply.

 

[Shinobio]

bumpy start

Thanks so much for your help, Bobbye. I seem to be having a problem finding the Click Potato and OpenCandy plugins to remove them. They don't appear with the rest of my plugins in the "Add-ons" tab of firefox and I don't see them when i go to remove program in the control panel. I tried looking for them in the folders they should be in in my C:/ drive, but no cigar. I tried this in normal and safe modes. Is there something i'm doing incorrectly? I successfully uninstalled bittorrent, btw.

 

[Bobbye]

I can remove them after you run Combofix- don't worry for now. I'd like you to submit the following for identification:

Please go to VirSCAN.org FREE on-line scan service:

• 
  [1]. Copy and paste the following file path into the Suspicious files to scan box on the top of the page.
  
  

  C:\Windows\SysWOW64\pcwumg.exe

  [2]. At the upload site, click once inside the window next to Browse.
  [3]. Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
  [4]. Click on the Upload button.
  This will perform a scan across multiple different virus scanning engines.
  Your file will possibly be entered into a queue which normally takes less than a minute to clear.
  Important: Wait for all of the scanning engines to complete.
  [5]. Once the Scan is completed scroll down and click on the Copy to Clipboard button. This will copy the link of the report into the Clipboard.
  [6]. Paste the contents of the Clipboard in your next reply.

======================================
And if you haven't started Combofix yet, please run the Eset acan first and leave that log along with the VIRScan above.

 

[Shinobio]

when I ran combofix the first time, laptop restarted in the middle. I ran it again and kept getting popup messages throughout the scanning stages that said "Windows cannot find 'NIRCMD'. Make sure you typed the name correctly, and then try again"

I also got the same message for 'NIRKMD' throughout the scanning stages.

When the computer restarted after the scanning was complete,and combofix was finished deleting files, I got Windows Error Recovery which said that Windows failed to start and launched Startup Repair. Seems that it's trying to get system to a previous restore point...

 

[Bobbye]

Did you do the VIRScan? Did you do the Eset online virus scan?

I need results for both. You may have a file infector malware such as Sality or Virut.
=======================================
Please disable the AdWatch RealTime Protection:
Ad-Aware AE Ad-Watch Live!

• Right click on the Ad-Aware icon in the system tray.
  
• Click on Disable Ad-Watch Live!
• (Once you are clean, you can re-enable Ad-Watch Live! by clicking on Enable Ad-Watch Live!.)

====================================
Edit: Please do this also: Disable the ScriptScan feature inside McAfee.

• Right-click on the McAfee icon in the taskbar. You will see this:
  
  
• Select On-Access Scan Properties.
• Click on the ScriptScan tab
• Uncheck Enable ScriptScan
• Click the Apply or OK buttons

====================================
NirCmd is a command-line utility that allows writing to and deletion of values and keys in the registry. It is used in Combofix.
=======================================
Boot into Safe Mode

• Restart your computer and start pressing the F8 key on your keyboard.
• Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

Navigate to the C Drive or do a search for C:\ComboFix.txt Paste it in next reply if found. This is the Combofix log.
=================================================
Do not do this yet
Depending on what is found, I may have you do a System Restore. I see one Restore Pint on the system:
RP181: 7/10/2011 11:43:10 PM - Windows 7 Service Pack 1 but there may be others> hold on this please.

Please note: There is also a currently very active malware named Windows 7 Recovery which is a malicious program that pretends to be a computer defragmenter and optimization software, but in reality it is totally scam. It will hijack browsers, block all programs from running, display numerous fake critical error alerts in order to trick you into thinking your computer in danger.

There are also numerous Bug Checks and Memory dumps. There is also a denial to the 'Guest' Account