TechSpot

Google search hijack and malware removal

By Shinobio
Jul 11, 2011
  1. Greetings everyone,

    I seem to have some malware issues going on with my dell xps laptop. Any help would be greatly appreciated.

    I've been experiencing redirection when clicking on google search results. Instead of going to the site I click on, I'll briefly see "waiting for 100ksearches.com" in the lower left hand corner of firefox before I'm redirected to an ad site or other search engine like Scour.

    I've also noticed that my McAfee firewall has been turned off and can't be turned back on(for long) again. Sometimes when I restart my computer the firewall will be in place for a short time before its disabled again.

    I read the preliminary removal instructions thread and here are my logs:

    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Database version: 7066

    Windows 6.1.7600
    Internet Explorer 9.0.8112.16421

    7/10/2011 5:17:40 PM
    mbam-log-2011-07-10 (17-17-40).txt

    Scan type: Quick scan
    Objects scanned: 202301
    Time elapsed: 7 minute(s), 32 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    -------------------------------------------------
    GMER 1.0.15.15640 - http://www.gmer.net
    Rootkit scan 2011-07-11 00:55:47
    Windows 6.1.7601 Service Pack 1
    Running: 2dfwz27h.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002268df2cb2
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002268df2cb2 (not active ControlSet)

    ---- Files - GMER 1.0.15 ----

    File C:\Windows\assembly\NativeImages_v2.0.50727_64\index515.dat 0 bytes
    File C:\Windows\assembly\NativeImages_v2.0.50727_64\index516.dat 0 bytes

    ---- EOF - GMER 1.0.15 ----
    DDS (Ver_2011-06-23.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22
    Run by AA at 0:58:45 on 2011-07-11
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6133.4338 [GMT -4:00]
    .
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
    C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Program Files\Dell\DellDock\DellDock.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
    C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    C:\Program Files\mcafee.com\agent\mcagent.exe
    C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
    c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
    C:\Program Files\Intel\WiMAX\bin\wimaxcu.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Users\AA\Desktop\2dfwz27h.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\DllHost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110512023356.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    uRun: [AdobeBridge]
    uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
    mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    mRun: [FAStartup]
    mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
    mRun: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
    mExplorerRun: [Ckvo] C:\Windows\SysWOW64\pcwumg.exe
    StartupFolder: C:\Users\AA\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    uPolicies-explorer: HideSCAHealth = 1 (0x1)
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    LSP: mswsock.dll
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.4.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    TCP: DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62
    TCP: Interfaces\{1C1CED5E-C479-478B-BFCD-282354CA3119} : DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62
    TCP: Interfaces\{1C1CED5E-C479-478B-BFCD-282354CA3119}\0484F6D65613443314 : DhcpNameServer = 192.168.1.1 192.168.1.1 0.0.0.0
    TCP: Interfaces\{1C1CED5E-C479-478B-BFCD-282354CA3119}\54E64756270247865602D41647279687 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{1C1CED5E-C479-478B-BFCD-282354CA3119}\C696E6B6379737 : DhcpNameServer = 192.168.1.1 68.237.161.12 71.243.0.12
    TCP: Interfaces\{1C1CED5E-C479-478B-BFCD-282354CA3119}\E4544574541425 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{1C1CED5E-C479-478B-BFCD-282354CA3119}\F6074796D657D677966696 : DhcpNameServer = 10.240.205.161 10.240.205.162
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    Notify: FastAccess - c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
    LSA: Notification Packages = scecli FAPassSync
    SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO-X64: Search Helper - No File
    BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110512023356.dll
    BHO-X64: scriptproxy - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: FAIESSOHelper Class: {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
    BHO-X64: FAIESSO Helper Object - No File
    BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
    mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    mRun-x64: [FAStartup]
    mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun-x64: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
    mRun-x64: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
    IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\AA\AppData\Roaming\Mozilla\Firefox\Profiles\9fhtkqrk.default\
    FF - prefs.js: browser.startup.homepage - hxxp://bloglines.com/myblogs|http://www.cnn.com/|http://www.biblegateway.com/|http://rr.com/|http://www.keyway.ca/
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
    R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2010-4-29 89600]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 DigiNet;Digidesign Ethernet Support;C:\Windows\system32\DRIVERS\diginet.sys --> C:\Windows\system32\DRIVERS\diginet.sys [?]
    R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2009-9-15 403456]
    R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
    R2 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-2-22 2409800]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-12-3 2151640]
    R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-9-22 355440]
    R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-9-22 355440]
    R2 McShield;McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2010-6-7 200056]
    R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2010-6-7 245352]
    R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe [2010-6-7 149032]
    R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimspe64.sys --> C:\Windows\system32\DRIVERS\rimspe64.sys [?]
    R2 risdpcie;risdpcie;C:\Windows\system32\DRIVERS\risdpe64.sys --> C:\Windows\system32\DRIVERS\risdpe64.sys [?]
    R2 rixdpcie;rixdpcie;C:\Windows\system32\DRIVERS\rixdpe64.sys --> C:\Windows\system32\DRIVERS\rixdpe64.sys [?]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-6-7 658656]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
    R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2009-9-15 907264]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 bpenum;bpenum;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?]
    R3 bpmp;bpmp;C:\Windows\system32\DRIVERS\bpmp.sys --> C:\Windows\system32\DRIVERS\bpmp.sys [?]
    R3 bpusb;bpusb;C:\Windows\system32\Drivers\bpusb.sys --> C:\Windows\system32\Drivers\bpusb.sys [?]
    R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
    R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
    R3 connctfyMP;connctfyMP;C:\Windows\system32\DRIVERS\connctfy.sys --> C:\Windows\system32\DRIVERS\connctfy.sys [?]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
    R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
    R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2010-12-3 17152]
    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
    R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
    R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-9-22 355440]
    S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
    S3 connctfy;Connectify Service;C:\Windows\system32\DRIVERS\connctfy.sys --> C:\Windows\system32\DRIVERS\connctfy.sys [?]
    S3 dalwdmservice;dal service;C:\Windows\system32\drivers\dalwdm.sys --> C:\Windows\system32\drivers\dalwdm.sys [?]
    S3 DGUSBAP;Service for Digidesign Mbox2 (WDM);C:\Windows\system32\DRIVERS\dgmbx2.sys --> C:\Windows\system32\DRIVERS\dgmbx2.sys [?]
    S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]
    S3 MBX2DFU;Digidesign Mbox 2 Firmware Updater;C:\Windows\system32\DRIVERS\dgmbx2fu.sys --> C:\Windows\system32\DRIVERS\dgmbx2fu.sys [?]
    S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;C:\Windows\system32\drivers\mbx2midk.sys --> C:\Windows\system32\drivers\mbx2midk.sys [?]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2009-9-21 315664]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
    S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2010-9-24 306416]
    S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-9-22 355440]
    .
    =============== Created Last 30 ================
    .
    2011-07-11 03:43:19 -------- d-----w- C:\Windows\System32\SPReview
    2011-07-11 03:42:12 -------- d-----w- C:\Windows\System32\EventProviders
    2011-07-05 03:57:48 -------- d-----w- C:\Users\AA\AppData\Local\OpenCandy
    2011-07-05 03:57:36 -------- d-----w- C:\Users\AA\AppData\Roaming\OpenCandy
    2011-07-05 03:57:36 -------- d-----w- C:\Program Files (x86)\Connectify
    2011-06-30 00:18:14 -------- d-----w- C:\Users\AA\AppData\Local\{8A1F03E1-515D-47CB-9664-940B47C26C92}
    2011-06-29 14:31:45 -------- d-----we C:\Windows\system64
    2011-06-29 12:17:35 -------- d-----w- C:\Users\AA\AppData\Local\{EF1062A4-A181-4865-9998-D9D7206D16DE}
    2011-06-29 01:39:08 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
    2011-06-29 01:39:08 207872 ----a-w- C:\Windows\System32\cfgmgr32.dll
    2011-06-29 01:39:08 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
    2011-06-29 01:39:07 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
    2011-06-29 01:39:07 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
    2011-06-29 01:39:07 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
    2011-06-29 01:39:00 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
    2011-06-29 01:39:00 2315776 ----a-w- C:\Windows\System32\tquery.dll
    2011-06-29 01:39:00 2223616 ----a-w- C:\Windows\System32\mssrch.dll
    2011-06-29 01:39:00 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll
    2011-06-29 01:39:00 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll
    2011-06-27 15:32:26 -------- d-----w- C:\Users\AA\AppData\Local\{252985B7-B57A-4748-8FE8-63C276963A4F}
    2011-06-27 03:33:21 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
    2011-06-27 03:33:21 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
    2011-06-21 00:50:58 67072 ----a-w- C:\Windows\splwow64.exe
    2011-06-21 00:49:59 8192 ----a-w- C:\Windows\System32\KBDTUQ.DLL
    2011-06-21 00:46:37 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
    2011-06-21 00:46:37 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
    2011-06-21 00:46:37 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll
    2011-06-21 00:46:25 933376 ----a-w- C:\Windows\System32\SmiEngine.dll
    2011-06-21 00:46:16 199168 ----a-w- C:\Windows\System32\PkgMgr.exe
    2011-06-21 00:45:39 422912 ----a-w- C:\Windows\System32\drvstore.dll
    2011-06-21 00:45:39 399872 ----a-w- C:\Windows\System32\dpx.dll
    2011-06-16 16:35:29 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
    2011-06-16 16:35:29 288640 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2011-06-16 16:35:29 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2011-06-16 16:35:27 3135488 ----a-w- C:\Windows\System32\win32k.sys
    2011-06-16 16:35:25 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
    2011-06-16 16:35:25 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
    2011-06-16 16:35:25 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
    2011-06-16 16:34:46 321024 ----a-w- C:\Windows\System32\d3d10_1core.dll
    2011-06-16 16:34:46 219136 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
    2011-06-16 16:34:46 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
    2011-06-16 16:34:46 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
    2011-06-16 16:34:44 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
    2011-06-16 16:34:44 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2011-06-16 16:34:44 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
    2011-06-16 16:34:42 861696 ----a-w- C:\Windows\System32\oleaut32.dll
    2011-06-16 16:34:42 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
    2011-06-16 16:34:34 976896 ----a-w- C:\Windows\System32\inetcomm.dll
    2011-06-16 16:34:33 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
    .
    ==================== Find3M ====================
    .
    2011-07-11 03:52:26 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2011-07-11 03:52:25 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2011-06-30 04:29:00 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
    2011-05-29 13:11:30 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-05-29 13:11:20 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll
    2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll
    2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll
    2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll
    2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
    2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
    2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
    2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
    2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
    2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
    2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
    2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
    2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
    2011-04-23 01:29:25 2303488 ----a-w- C:\Windows\System32\jscript9.dll
    2011-04-23 01:19:19 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-04-22 23:35:56 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2011-04-22 23:25:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-04-22 22:15:29 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
    2011-04-20 17:32:49 256 ----a-w- C:\Windows\SysWow64\pool.bin
    2011-04-18 10:23:39 16432 ----a-w- C:\Windows\System32\lsdelete.exe
    2011-04-14 18:01:38 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
    2011-04-14 18:01:38 94992 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
    2011-04-14 18:01:38 75160 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
    2011-04-14 18:01:38 63056 ----a-w- C:\Windows\System32\drivers\cfwids.sys
    2011-04-14 18:01:38 530304 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
    2011-04-14 18:01:38 441840 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
    2011-04-14 18:01:38 283744 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
    2011-04-14 18:01:38 190520 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
    2011-04-14 18:01:38 121376 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
    2006-05-03 10:06:54 163328 --sh--r- C:\Windows\SysWOW64\flvDX.dll
    2007-02-21 11:47:16 31232 --sh--r- C:\Windows\SysWOW64\msfDX.dll
    2008-03-16 13:30:52 216064 --sh--r- C:\Windows\SysWOW64\nbDX.dll
    .
    ============= FINISH: 0:59:17.09 ===============
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume2
    Install Date: 6/12/2010 2:41:37 PM
    System Uptime: 7/11/2011 12:00:24 AM (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0W61J1
    Processor: Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz | U2E1 | 2534/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 451 GiB total, 128.712 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: facap, FastAccess Video Capture
    Device ID: ROOT\IMAGE\0000
    Manufacturer: Sensible Vision
    Name: facap, FastAccess Video Capture
    PNP Device ID: ROOT\IMAGE\0000
    Service: FACAP
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Windows Firewall Authorization Driver
    Device ID: ROOT\LEGACY_MPSDRV\0000
    Manufacturer:
    Name: Windows Firewall Authorization Driver
    PNP Device ID: ROOT\LEGACY_MPSDRV\0000
    Service: mpsdrv
    .
    ==== System Restore Points ===================
    .
    RP181: 7/10/2011 11:43:10 PM - Windows 7 Service Pack 1
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Ad-Aware
    Ad-Aware Email Scanner for Outlook
    Add or Remove Adobe Premiere Pro CS5
    Adobe AIR
    Adobe Community Help
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Media Player
    Adobe Photoshop CS5
    Adobe Premiere Pro CS5 Third Party Royalty Content
    Adobe Reader 9.4.5
    Advanced Audio FX Engine
    Apple Application Support
    Apple Software Update
    ATI Catalyst Control Center
    Audacity 1.3.12 (Unicode)
    Avid Pro Tools Creative Collection 8.0.4
    Avid Pro Tools LE 8.0.4
    Banctec Service Agreement
    BitTorrent
    BlackBerry Desktop Software 5.0.1
    BlackBerry Device Manager 6.0.2
    BlackBerry® Media Sync
    BpmChecker
    calibre
    CardRecovery 5.30
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CLEAR™ WiMAX Tutorial
    Compatibility Pack for the 2007 Office system
    D3DX10
    Dell DataSafe Local Backup
    Dell DataSafe Local Backup - Support Software
    Dell Dock
    Dell Getting Started Guide
    Dell Support Center (Support Software)
    Dell Webcam Central
    Digidesign MP3 Option 8.0
    DirectXInstallService
    EMC 10 Content
    FL Studio 9
    Foxit Reader
    Free DigiRack Plug-Ins 8.0.3
    Google SketchUp 8
    GoToAssist 8.0.0.514
    HandBrake 0.9.5
    Hardcore
    IL Download Manager
    iZotope Ozone 3
    Java Auto Updater
    Java(TM) 6 Update 22
    Junk Mail filter update
    Live! Cam Avatar Creator
    LoJack Factory Installer
    Malwarebytes' Anti-Malware version 1.51.0.1200
    McAfee Security Center
    McAfee Security Scan Plus
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Small Business 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Reader
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    MKVtoolnix 2.9.0
    Mozilla Firefox 5.0 (x86 en-US)
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Netflix in Windows Media Center
    NOOK for PC
    PDF Settings CS5
    PoiZone
    PowerDVD DX
    PxMergeModule
    QuickTime
    Roxio Activation Module
    Roxio BackOnTrack
    Roxio Central Audio
    Roxio Central Copy
    Roxio Central Core
    Roxio Central Data
    Roxio Central Tools
    Roxio Easy CD and DVD Burning
    Roxio Express Labeler 3
    Roxio Update Manager
    Sawer
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft Office 2007 System (KB2541012)
    Security Update for Microsoft Office Excel 2007 (KB2541007)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Skins
    Skype Toolbars
    Skype™ 5.1
    Sonic CinePlayer Decoder Pack
    Spybot - Search & Destroy
    SUPER © Version 2010.bld.42 (Nov 7, 2010)
    Toxic Biohazard
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 (KB2509470)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2536413)
    Vegas Movie Studio HD 9.0
    Vegas Movie Studio HD Platinum 10.0
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    Xvid 1.2.2 final uninstall
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/8/2011 12:25:47 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} and APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user AA-Laptop\Guest SID (S-1-5-21-1120090352-1538412859-4050260282-501) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    7/8/2011 12:15:43 PM, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.
    7/8/2011 12:09:42 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
    7/5/2011 7:07:41 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa80062a3060, 0xfffff80000b9c518, 0xfffffa8006ab1c60). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 070511-21091-01.
    7/5/2011 4:29:23 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004
    7/4/2011 9:56:00 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
    7/4/2011 11:32:20 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa80062c0a20, 0xfffff80000b9c518, 0xfffffa800a192e10). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 070411-20217-01.
    7/11/2011 12:56:17 AM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.
    7/11/2011 12:56:17 AM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.
    7/11/2011 12:56:17 AM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.
    7/11/2011 12:03:46 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: RxFilter
    7/10/2011 7:11:05 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa800628aa20, 0xfffff800065c1518, 0xfffffa800dc332a0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071011-21294-01.
    .
    ==== End Of File ===========================
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Good Morning and welcome to TechSpot! I'll help with the redirect.

    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.
    If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
    It is not uncommon for malware to disable all or part of the security center. I will be able to see that in the Combofix scan. Before you do that, I strongly recommend that you remove the following:
    ClickPotatoLiteSA plugin on Firefox
    OpenCandy alication

    These are straight avenues to malware.
    Consider also removing the file sharing BitTorrent.
    ==============================================
    Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    ============================================
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ========================================
    Please lever the logs in your next reply.
     
  3. Shinobio

    Shinobio TS Rookie Topic Starter

    bumpy start

    Thanks so much for your help, Bobbye. I seem to be having a problem finding the Click Potato and OpenCandy plugins to remove them. They don't appear with the rest of my plugins in the "Add-ons" tab of firefox and I don't see them when i go to remove program in the control panel. I tried looking for them in the folders they should be in in my C:/ drive, but no cigar. I tried this in normal and safe modes. Is there something i'm doing incorrectly? I successfully uninstalled bittorrent, btw.
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I can remove them after you run Combofix- don't worry for now. I'd like you to submit the following for identification:

    Please go to VirSCAN.org FREE on-line scan service:

    • [1]. Copy and paste the following file path into the Suspicious files to scan box on the top of the page.

      Code:
      C:\Windows\SysWOW64\pcwumg.exe
      
      [2]. At the upload site, click once inside the window next to Browse.
      [3]. Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
      [4]. Click on the Upload button.
      This will perform a scan across multiple different virus scanning engines.
      Your file will possibly be entered into a queue which normally takes less than a minute to clear.
      Important: Wait for all of the scanning engines to complete.
      [5]. Once the Scan is completed scroll down and click on the Copy to Clipboard button. This will copy the link of the report into the Clipboard.
      [6]. Paste the contents of the Clipboard in your next reply.
    ======================================
    And if you haven't started Combofix yet, please run the Eset acan first and leave that log along with the VIRScan above.
     
  5. Shinobio

    Shinobio TS Rookie Topic Starter

    when I ran combofix the first time, laptop restarted in the middle. I ran it again and kept getting popup messages throughout the scanning stages that said "Windows cannot find 'NIRCMD'. Make sure you typed the name correctly, and then try again"

    I also got the same message for 'NIRKMD' throughout the scanning stages.

    When the computer restarted after the scanning was complete,and combofix was finished deleting files, I got Windows Error Recovery which said that Windows failed to start and launched Startup Repair. Seems that it's trying to get system to a previous restore point...
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Did you do the VIRScan? Did you do the Eset online virus scan?

    I need results for both. You may have a file infector malware such as Sality or Virut.
    =======================================
    Please disable the AdWatch RealTime Protection:
    Ad-Aware AE Ad-Watch Live!
    • Right click on the Ad-Aware icon in the system tray. [​IMG]
    • Click on Disable Ad-Watch Live!
    • (Once you are clean, you can re-enable Ad-Watch Live! by clicking on Enable Ad-Watch Live!.)
    ====================================
    Edit: Please do this also: Disable the ScriptScan feature inside McAfee.
    • Right-click on the McAfee icon in the taskbar. You will see this:
      [​IMG]
    • Select On-Access Scan Properties.
    • Click on the ScriptScan tab
    • Uncheck Enable ScriptScan
    • Click the Apply or OK buttons
    ====================================
    NirCmd is a command-line utility that allows writing to and deletion of values and keys in the registry. It is used in Combofix.
    =======================================
    Boot into Safe Mode
    • Restart your computer and start pressing the F8 key on your keyboard.
    • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

    Navigate to the C Drive or do a search for C:\ComboFix.txt Paste it in next reply if found. This is the Combofix log.
    =================================================
    Do not do this yet
    Depending on what is found, I may have you do a System Restore. I see one Restore Pint on the system:
    RP181: 7/10/2011 11:43:10 PM - Windows 7 Service Pack 1 but there may be others> hold on this please.

    Please note: There is also a currently very active malware named Windows 7 Recovery which is a malicious program that pretends to be a computer defragmenter and optimization software, but in reality it is totally scam. It will hijack browsers, block all programs from running, display numerous fake critical error alerts in order to trick you into thinking your computer in danger.

    There are also numerous Bug Checks and Memory dumps. There is also a denial to the 'Guest' Account
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...